tr/atraps.gen exe data gefunden von Avira was tun??

Kimbel · 22.05.2013, 16:31

Guten Tag,

Ich hab gestern (so dumm wie ich bin...) in skype auf einen link geklickt mit: nettes bild von dir Link: blalalal klar ausleicht sinn habe ich darauf geklickt und im nach hinein meldete mir avira gleich das es eine exe namens tr/atraps.gen gefunden hat und gleich zwei stück. Nun hab ich es mit sämtlichen lösungen youtube mehre virenscanner wie zb. Malewarebytes anitvire usw proobiert aber ich glaube nicht das ich ihn los geworden bin ich bin nicht so der experte und ihr seit meine einzigste hilfe...
achja und mein malewarebytes antivier sagt manachmal das ein: Zugang zu einer potionzellen seite erfolgreich verhindert wurde. ausgeführt von der exe :svchost.exe
Dazu möchte ich noch erwähnen das einige programm seit dem nicht mehr richtig starten...

Ich hab außerdem noch gelsen das man bei diesem virus sein pc ganz neu machen sollte aber ich habe keine CD für W7 ...

Bitte helft mir...

MfG Kimbel

aharonov · 22.05.2013, 17:19

Hallo Kimbel und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eins vorneweg: Ich kann dir keine Garantien geben, dass ich alles finden werde. Bei schwerwiegenden Infektionen ist ein Formatieren und Neuinstallieren meist der schnellere und immer der sicherere Weg.
Wenn du dich für eine Bereinigung entscheidest, dann sollten wir gründlich vorgehen. Bleib also dran, bis ich dir eindeutig mitteile, dass wir fertig sind.
Auch wenn die auffälligen Symptome schon früh verschwinden, bedeutet das nicht, dass dein Rechner dann schon sauber und sicher ist.

Hinweise zum Ablauf

Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
- Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
- Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles erst zum Schluss gesammelt in einer Antwort.
- Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
- Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.

Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert:
- Lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
- Installiere oder deinstalliere während der Bereinigung keine Software.

Los geht's:

Wir müssen da zuerst mal reinschauen.
Poste bitte auch alle bereits vorhandenen Logfiles mit Funden.

Schritt 1

Downloade dir bitte defogger (von jpshortstuff) auf deinen Desktop.

Starte das Tool mit Doppelklick.
Klicke nun auf den Disable Button.
Bestätige diese Sicherheitsabfrage mit Ja.
Wenn der Scan beendet wurde (Finished), klicke auf OK.
Falls Defogger zu einem Neustart auffordert, bestätige dies mit OK.
Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.txt.
Nur falls Probleme aufgetreten sind, poste deren Inhalt mit deiner nächsten Antwort.

Klicke den Re-enable Button nicht ohne Anweisung!

Schritt 2

Bitte lade dir

GMER herunter: (Dateiname zufällig)

Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
WARNING !!!
GMER has found system modification, which might have been caused by ROOTKIT activity.
Do you want to fully scan your system ?

Unbedingt auf "No" klicken.
Entferne rechts den Haken bei: IAT/EAT und Show All
Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
Starte den Scan mit "Scan".
Mache nichts am Computer während der Scan läuft.
Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.

Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!

Tauchen Probleme auf?

Probiere alternativ den abgesicherten Modus.
Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.

Schritt 3

Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.

Doppelklick auf die OTL.exe.
Unter Extra Registry, wähle bitte Use SafeList.
Setze den Haken bei Scan all Users.
Klicke nun auf Run Scan.
Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
Poste den Inhalt dieser Logfiles hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von Gmer
Logs von OTL

Kimbel · 22.05.2013, 18:15

Gmer datei:

GMER Logfile:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-22 18:42:48
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Kim\AppData\Local\Temp\kfldqpow.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                              fffff80003205000 45 bytes [00, 00, 00, 00, 00, 00, 00, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                              fffff8000320502f 16 bytes [00, 00, 00, 00, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\svchost.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                   0000000077671465 2 bytes [67, 77]
.text     C:\Windows\SysWOW64\svchost.exe[1240] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  00000000776714bb 2 bytes [67, 77]
.text     ...                                                                                                                             * 2
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3180] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter  0000000076aa87b1 5 bytes [33, C0, C2, 04, 00]
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69       0000000077671465 2 bytes [67, 77]
.text     C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3180] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155      00000000776714bb 2 bytes [67, 77]
.text     ...                                                                                                                             * 2
.text     C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000077671465 2 bytes [67, 77]
.text     C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe[3280] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000776714bb 2 bytes [67, 77]
.text     ...                                                                                                                             * 2
.text     C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69              0000000077671465 2 bytes [67, 77]
.text     C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe[3456] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155             00000000776714bb 2 bytes [67, 77]
.text     ...                                                                                                                             * 2
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69      0000000077671465 2 bytes [67, 77]
.text     C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe[3656] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155     00000000776714bb 2 bytes [67, 77]
.text     ...                                                                                                                             * 2

---- Threads - GMER 2.1 ----

Thread    C:\Windows\System32\svchost.exe [6120:2348]                                                                                     000007feec3c9688

---- EOF - GMER 2.1 ----

--- --- ---

OTL datei:
OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.05.2013 18:53:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 55,60% Memory free
7,86 Gb Paging File | 5,74 Gb Available in Paging File | 73,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,45 Gb Total Space | 368,43 Gb Free Space | 81,07% Space Free | Partition Type: NTFS
Drive D: | 454,96 Gb Total Space | 11,42 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.22 18:52:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Downloads\OTL.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.01.26 08:08:30 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.12.21 22:53:13 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.08.08 19:09:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:18:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:18:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009.12.22 19:28:16 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.09.11 07:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2012.12.21 22:53:13 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 04:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.09.11 07:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.22 16:46:26 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.05.15 19:38:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.25 17:47:24 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.05.08 22:18:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:18:14 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 22:18:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 22:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0)
SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.12.17 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.22 18:51:46 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.08 22:18:15 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:18:15 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.05 16:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.11 09:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/414
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=sm
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE383
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{99EC3639-0749-494D-B194-6BD61042901C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=0&systemid=414&sr=0&q={searchTerms}
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredimail.com/mb68/?search={searchTerms}&loc=search_box&u=92260441787199290
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2685&query={searchTerms}&invocationType=tb50winampie7
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2012.12.16 12:58:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 22:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 08:28:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.04.01 17:37:41 | 000,000,000 | ---D | M]
 
[2012.10.18 17:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Extensions
[2012.10.13 17:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions
[2012.10.13 17:17:26 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.09.26 08:05:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\f00cxnu7.default\extensions
[2012.09.26 08:05:16 | 000,000,000 | ---D | M] (@@toolbarname@@) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\f00cxnu7.default\extensions\toolbar@ask.com
[2012.12.21 23:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\qy2ig92m.default\Extensions
[2012.10.29 22:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.06 22:08:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/414
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Conduit Chrome Plugin (Enabled) = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.15.10_0\plugins/ConduitChromeApiPlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.10 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\
CHR - Extension: Grooveshark Germany unlocker = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\docdgimmdejoiemdafcgeodchlbllgac\2.3.4_0\.orig
CHR - Extension: Google Mail = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll (Nijad Software)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\ConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IncrediMail MediaBar 2 Toolbar) - {d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\Toolbar\WebBrowser: (IncrediMail MediaBar 2 Toolbar) - {D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - C:\Program Files (x86)\IncrediMail_MediaBar_2\tbIncr.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\OEM\Preload\utility\_NowIntoDT.vbs ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DATAMNGR] C:\PROGRA~2\SEARCH~1\Datamngr\DATAMN~1.EXE File not found
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Akamai NetSession Interface] C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [EPSON SX100 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_S7060.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [EPSON SX100 Series (Kopie 1)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_SD1FE.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [EPSON SX100 Series (Kopie 2)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_SC15B.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [EPSON SX100 Series (Kopie 3)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIEDE.EXE /FU "C:\Windows\TEMP\E_S9DF.tmp" /EF "HKCU" File not found
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{587DE63E-EDD9-4ECB-9468-70337DACEE4D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll) -  File not found
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll) -  File not found
O20 - AppInit_DLLs: (c:\progra~3\browse~1\251005~1.80\{c16c1~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\untilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\untilman.exe: Debugger - C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 16:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.05.22 16:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.05.22 16:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.22 16:33:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.22 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Malwarebytes
[2013.05.22 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.22 16:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 16:26:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.19 12:51:16 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\My Cheat Tables
[2013.05.18 17:00:53 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\FLiNGTrainer
[2013.05.18 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\NBGI
[2013.05.18 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\Games for Windows - LIVE Demos
[2013.05.18 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\NBGI
[2013.05.18 14:19:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.05.18 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013.05.18 14:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.05.16 23:48:10 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 23:48:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 23:48:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 23:48:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 23:48:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 23:48:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 23:48:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 23:48:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 23:48:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 23:48:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 23:48:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 23:48:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 23:48:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 23:48:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 23:48:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 16:10:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 16:10:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 16:10:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 16:10:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 16:10:16 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 16:10:16 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 16:10:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.04.26 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\DofusTesting-8
[2013.04.23 16:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.03.25 21:15:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 18:57:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 18:57:37 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 18:51:22 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job
[2013.05.22 18:48:36 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.22 18:48:33 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 18:48:27 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 18:48:24 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 18:45:47 | 000,438,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 18:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 18:23:19 | 000,000,000 | ---- | M] () -- C:\Users\Kim\defogger_reenable
[2013.05.22 18:11:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 17:11:17 | 000,153,444 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.22 16:46:26 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.22 16:26:39 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 22:01:25 | 000,009,771 | ---- | M] () -- C:\END
[2013.05.21 19:22:05 | 000,562,519 | ---- | M] () -- C:\Users\Kim\Desktop\Kimundcallmemaybe.jpg
[2013.05.21 19:21:08 | 000,234,656 | ---- | M] () -- C:\Users\Kim\Desktop\t6.png
[2013.05.21 19:20:19 | 000,024,843 | ---- | M] () -- C:\Users\Kim\Desktop\t5.png
[2013.05.21 19:16:23 | 000,008,886 | ---- | M] () -- C:\Users\Kim\Desktop\oldTELEPHONE.gif
[2013.05.21 19:14:42 | 000,024,848 | ---- | M] () -- C:\Users\Kim\Desktop\carly_rae_jepsen_call_me_maybe.jpg
[2013.05.21 19:12:05 | 000,028,329 | ---- | M] () -- C:\Users\Kim\Desktop\t4.png
[2013.05.21 19:11:37 | 000,008,739 | ---- | M] () -- C:\Users\Kim\Desktop\Cry_meme.jpg
[2013.05.21 19:08:59 | 000,115,453 | ---- | M] () -- C:\Users\Kim\Desktop\Explosion-018.jpg
[2013.05.21 19:06:12 | 000,020,725 | ---- | M] () -- C:\Users\Kim\Desktop\t3.png
[2013.05.21 19:02:17 | 000,022,254 | ---- | M] () -- C:\Users\Kim\Desktop\t2.png
[2013.05.21 19:01:45 | 000,025,086 | ---- | M] () -- C:\Users\Kim\Desktop\t1.png
[2013.05.21 18:52:16 | 000,108,549 | ---- | M] () -- C:\Users\Kim\Desktop\carr.png
[2013.05.21 18:51:23 | 000,057,228 | ---- | M] () -- C:\Users\Kim\Desktop\car-crash-9847419.jpg
[2013.05.21 18:49:33 | 000,504,129 | ---- | M] () -- C:\Users\Kim\Desktop\trol2.png
[2013.05.21 18:48:59 | 000,508,129 | ---- | M] () -- C:\Users\Kim\Desktop\trol1.png
[2013.05.21 18:47:39 | 000,003,825 | ---- | M] () -- C:\Users\Kim\Desktop\photo-512-c03b1349.jpg
[2013.05.21 18:47:17 | 000,028,005 | ---- | M] () -- C:\Users\Kim\Desktop\21676806,17799904,highRes,BMW_3er_GT_01.jpg.jpg
[2013.05.21 18:43:10 | 000,004,423 | ---- | M] () -- C:\Users\Kim\Desktop\poker_face_kindledx (1).png
[2013.05.21 18:38:52 | 000,025,174 | ---- | M] () -- C:\Users\Kim\Desktop\Mercedes-SL-63-AMG-2012-05.jpg
[2013.05.21 18:37:42 | 000,180,507 | ---- | M] () -- C:\Users\Kim\Desktop\02_02_The-Mercedes-Benz-A-45-AMG.jpg
[2013.05.21 17:41:11 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_2
[2013.05.21 17:41:06 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_3
[2013.05.21 17:41:00 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_4
[2013.05.21 17:40:57 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_1
[2013.05.21 16:20:12 | 000,000,121 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\D2Info0
[2013.05.20 02:23:07 | 000,409,324 | ---- | M] () -- C:\Users\Kim\Desktop\dark-souls.jpg
[2013.05.18 14:19:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.18 10:27:24 | 000,000,195 | ---- | M] () -- C:\Users\Kim\Desktop\Dark Souls Prepare to Die Edition.url
[2013.05.15 19:38:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:38:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 17:00:58 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_5
[2013.05.12 16:53:57 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_6
[2013.05.11 09:52:35 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_7
[2013.05.10 19:09:35 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_8
[4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 18:45:35 | 000,438,368 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 18:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Kim\defogger_reenable
[2013.05.22 17:11:17 | 000,153,444 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.22 16:46:26 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.22 16:26:39 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 19:22:05 | 000,562,519 | ---- | C] () -- C:\Users\Kim\Desktop\Kimundcallmemaybe.jpg
[2013.05.21 19:21:08 | 000,234,656 | ---- | C] () -- C:\Users\Kim\Desktop\t6.png
[2013.05.21 19:20:19 | 000,024,843 | ---- | C] () -- C:\Users\Kim\Desktop\t5.png
[2013.05.21 19:16:23 | 000,008,886 | ---- | C] () -- C:\Users\Kim\Desktop\oldTELEPHONE.gif
[2013.05.21 19:14:41 | 000,024,848 | ---- | C] () -- C:\Users\Kim\Desktop\carly_rae_jepsen_call_me_maybe.jpg
[2013.05.21 19:12:05 | 000,028,329 | ---- | C] () -- C:\Users\Kim\Desktop\t4.png
[2013.05.21 19:11:36 | 000,008,739 | ---- | C] () -- C:\Users\Kim\Desktop\Cry_meme.jpg
[2013.05.21 19:08:59 | 000,115,453 | ---- | C] () -- C:\Users\Kim\Desktop\Explosion-018.jpg
[2013.05.21 19:06:12 | 000,020,725 | ---- | C] () -- C:\Users\Kim\Desktop\t3.png
[2013.05.21 19:02:17 | 000,022,254 | ---- | C] () -- C:\Users\Kim\Desktop\t2.png
[2013.05.21 19:01:45 | 000,025,086 | ---- | C] () -- C:\Users\Kim\Desktop\t1.png
[2013.05.21 18:52:16 | 000,108,549 | ---- | C] () -- C:\Users\Kim\Desktop\carr.png
[2013.05.21 18:51:22 | 000,057,228 | ---- | C] () -- C:\Users\Kim\Desktop\car-crash-9847419.jpg
[2013.05.21 18:49:33 | 000,504,129 | ---- | C] () -- C:\Users\Kim\Desktop\trol2.png
[2013.05.21 18:48:59 | 000,508,129 | ---- | C] () -- C:\Users\Kim\Desktop\trol1.png
[2013.05.21 18:47:39 | 000,003,825 | ---- | C] () -- C:\Users\Kim\Desktop\photo-512-c03b1349.jpg
[2013.05.21 18:47:17 | 000,028,005 | ---- | C] () -- C:\Users\Kim\Desktop\21676806,17799904,highRes,BMW_3er_GT_01.jpg.jpg
[2013.05.21 18:43:10 | 000,004,423 | ---- | C] () -- C:\Users\Kim\Desktop\poker_face_kindledx (1).png
[2013.05.21 18:38:52 | 000,025,174 | ---- | C] () -- C:\Users\Kim\Desktop\Mercedes-SL-63-AMG-2012-05.jpg
[2013.05.21 18:37:37 | 000,180,507 | ---- | C] () -- C:\Users\Kim\Desktop\02_02_The-Mercedes-Benz-A-45-AMG.jpg
[2013.05.20 02:23:03 | 000,409,324 | ---- | C] () -- C:\Users\Kim\Desktop\dark-souls.jpg
[2013.05.18 14:19:15 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.05.18 14:19:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.18 10:27:24 | 000,000,195 | ---- | C] () -- C:\Users\Kim\Desktop\Dark Souls Prepare to Die Edition.url
[2013.01.22 20:13:17 | 000,006,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.26 19:50:06 | 000,946,604 | ---- | C] () -- C:\Users\Kim\ts3_recording_12_04_26_19_50_4.wav
[2011.11.25 21:06:26 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\camera.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.04 19:25:45 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_7
[2011.05.27 15:22:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.27 15:22:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.10 17:03:05 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\lol.launcher.exe
[2011.05.10 17:03:05 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\lol.launcher.admin.exe
[2011.03.27 19:18:59 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_16
[2011.03.27 18:38:00 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_15
[2011.03.27 18:37:56 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_14
[2011.03.27 18:37:50 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_13
[2011.03.27 18:37:44 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_12
[2011.03.27 18:37:35 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_11
[2011.03.27 18:37:30 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_10
[2011.02.05 11:57:24 | 000,002,088 | ---- | C] () -- C:\Users\Kim\.recently-used.xbel
[2010.12.21 13:10:15 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_6
[2010.12.21 13:01:28 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_5
[2010.12.21 13:00:38 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_4
[2010.12.08 20:16:54 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_3
[2010.12.08 16:21:55 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_1
[2010.12.08 16:20:16 | 000,000,177 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\D2Info1
[2010.12.08 16:20:16 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_2
[2010.12.02 07:49:35 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_9
[2010.10.09 13:01:33 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_8
[2010.10.03 12:26:56 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_7
[2010.08.24 15:38:51 | 000,005,632 | ---- | C] () -- C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 13:47:59 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_6
[2010.07.31 13:23:43 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_5
[2010.07.31 12:35:21 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_4
[2010.06.18 13:05:10 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_3
[2010.06.10 15:10:12 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_1
[2010.06.10 15:07:54 | 000,000,121 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\D2Info0
[2010.06.10 15:07:54 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_2
[2010.06.10 13:28:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.09 14:55:05 | 000,007,599 | ---- | C] () -- C:\Users\Kim\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

--- --- ---

Kimbel · 22.05.2013, 18:18

Extra Datei:OTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 22.05.2013 18:53:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 55,60% Memory free
7,86 Gb Paging File | 5,74 Gb Available in Paging File | 73,04% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,45 Gb Total Space | 368,43 Gb Free Space | 81,07% Space Free | Partition Type: NTFS
Drive D: | 454,96 Gb Total Space | 11,42 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{038B1FE6-9920-4BF3-A134-ED8BD26D649F}" = lport=6996 | protocol=17 | dir=in | name=league of legends launcher | 
"{0A4D8F89-4CE7-401C-8A0F-AF62E978E577}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{11857516-6B8B-470B-B5E0-5F28B559553D}" = lport=6882 | protocol=6 | dir=in | name=league of legends launcher | 
"{11D9FC68-4CED-471B-BDB8-75FDC3EAA34A}" = lport=6884 | protocol=6 | dir=in | name=league of legends launcher | 
"{127BE31F-95E4-4669-AAE0-E8985BBAA446}" = rport=137 | protocol=17 | dir=out | app=system | 
"{13197648-4A69-4AC1-940B-0D158BCA41A2}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{13BAC028-F949-4413-850D-9EB941C0591B}" = lport=6933 | protocol=6 | dir=in | name=league of legends launcher | 
"{13F34F77-0951-472B-BC2E-E4D291D22E53}" = lport=6882 | protocol=17 | dir=in | name=league of legends launcher | 
"{17CE99D5-179E-4ED4-8714-324C54F8E236}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1963052A-7304-4885-8BF1-9C641FEC8C14}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{1A6B3E73-0E6C-44A3-B525-ECA3C7AAE4A7}" = lport=6944 | protocol=6 | dir=in | name=league of legends launcher | 
"{1E036761-3C1E-49B2-BDEA-E83126B3D0BB}" = lport=8394 | protocol=6 | dir=in | name=league of legends launcher | 
"{273A1BC9-5844-42D3-AFAC-8BEE17F37ACF}" = lport=8398 | protocol=17 | dir=in | name=league of legends launcher | 
"{29C74C92-0885-44AB-95F5-1CBC370B06C5}" = lport=6884 | protocol=17 | dir=in | name=league of legends launcher | 
"{2E9E8757-3984-4AD6-910B-241CEBCC18AA}" = lport=8390 | protocol=17 | dir=in | name=league of legends game client | 
"{3452DB75-4B15-42B3-AD5E-0E60E7598782}" = lport=8395 | protocol=6 | dir=in | name=league of legends launcher | 
"{3EB05895-0BB3-4DD7-BAF7-E274033802A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{42636624-059E-4355-940E-496A494B6579}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{488101F8-DA55-4E32-BC17-56D43C929053}" = lport=8393 | protocol=17 | dir=in | name=league of legends lobby | 
"{4A7729BF-2A59-479D-BE53-8BE7F228B000}" = lport=6991 | protocol=6 | dir=in | name=league of legends launcher | 
"{540F60EE-2060-4692-967F-6D84B8A78450}" = lport=6992 | protocol=6 | dir=in | name=league of legends launcher | 
"{547B23C2-786A-4E15-9A8A-29AFF2447737}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{577CD7D7-3926-4448-8A32-537056D4FA41}" = lport=6889 | protocol=6 | dir=in | name=league of legends launcher | 
"{5B040C73-725B-44D4-8FDC-4A4475A96CE6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5BA52A0F-05A9-4298-B313-5FA0F4532C72}" = rport=445 | protocol=6 | dir=out | app=system | 
"{5BF38208-AF3D-4E58-BB56-B1707131F5E2}" = lport=8394 | protocol=17 | dir=in | name=league of legends launcher | 
"{605D0384-2E65-4790-AE26-349F22154948}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{66FEE05E-A16B-46C2-9406-5EF840B44BDC}" = lport=6990 | protocol=6 | dir=in | name=league of legends launcher | 
"{6A61D42A-5C50-4A3D-B801-78F616B4A02B}" = lport=6991 | protocol=17 | dir=in | name=league of legends launcher | 
"{6CA07CA2-A7B2-49E8-91CA-0676FB8AD1C3}" = lport=8395 | protocol=17 | dir=in | name=league of legends launcher | 
"{6D6BF3AC-5F82-49BA-BD3B-3D7670789A8A}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6E7015AF-3690-4AAE-B625-7EBD20E55085}" = lport=6933 | protocol=17 | dir=in | name=league of legends launcher | 
"{765C6A6A-7A1B-4E32-8ECC-BA4507571483}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{8FB2030B-A797-436D-A4CF-0A248761D5A2}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9209D9CB-E99B-4F32-88A8-8941C0FE76A7}" = rport=139 | protocol=6 | dir=out | app=system | 
"{937EC928-3265-432D-8992-78E152BF5C80}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{974286CE-D1AC-406B-B258-C00786385BE0}" = lport=138 | protocol=17 | dir=in | app=system | 
"{9D5C2F45-4BCC-4568-A8DD-97269DDD1422}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9DD2F12E-BC1C-4466-B442-6F850B886822}" = lport=6996 | protocol=6 | dir=in | name=league of legends launcher | 
"{A8F11467-28D2-4F31-889B-969676E4A6AA}" = lport=8398 | protocol=6 | dir=in | name=league of legends launcher | 
"{A97E500A-D417-49CA-9981-D72DFC36146A}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{AC6A7A16-05F0-4C3C-833C-54CFD05DB607}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{B103FA2B-D4ED-4399-B667-5C1F066516BB}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B353F519-A4CA-4446-9EBC-4AC7340D0BD6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{CAFC8F18-DC74-4379-8B94-66E8BD205E71}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CC950AD7-776D-4B8D-8C1D-6445EA10DBA3}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D29752CA-6875-4A0A-A4A4-300474E8E037}" = lport=6992 | protocol=17 | dir=in | name=league of legends launcher | 
"{D4501C37-98BA-4B23-8CE2-403E338E87A3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D509B988-4737-4085-8AF7-7D7A425CE5E0}" = lport=6990 | protocol=17 | dir=in | name=league of legends launcher | 
"{D6841229-2ADF-4DDC-A2C0-51945449161E}" = lport=8393 | protocol=6 | dir=in | name=league of legends lobby | 
"{E90ABBCF-B04C-4041-A170-24802B84EB9C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E9BA75CB-50D1-4028-8A35-1B18EC8192EE}" = lport=6944 | protocol=17 | dir=in | name=league of legends launcher | 
"{ED4155F8-66D8-4010-86CE-42B6541FC58F}" = lport=6889 | protocol=17 | dir=in | name=league of legends launcher | 
"{F3691F2B-2EBC-4657-A82B-EC3F55E01A3F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{F3EFA214-7569-49D3-9A34-32ACD946C72D}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F473BFEF-3A49-4B49-A088-EB9CA887119E}" = lport=8390 | protocol=6 | dir=in | name=league of legends game client | 
"{F56CAEF4-B6DB-438F-93F7-54EA1E6AF110}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FA5E329C-5EA4-4755-A2D9-F95930A2E64B}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026FB3C4-4A93-4FAC-BC9D-0528C8A46742}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{03A0A840-AD2B-4E94-96A5-C47CA3544F6D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{04B66E93-1F6D-466D-8F3C-B4921DAE7187}" = protocol=17 | dir=in | app=d:\steam\steam.exe | 
"{09D2AB7A-D08B-4CB9-B7D7-4E69B2892884}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0A58F793-8385-4B8E-A883-A1AC92FC00C0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{0ED0780C-FF79-43B4-A579-43BA05FAB4C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alien swarm\srcds.exe | 
"{14730261-A51D-4C5F-9202-6DAB9546EC75}" = protocol=6 | dir=in | app=c:\program files (x86)\lol.launcher.exe | 
"{15408ABE-26A2-4C4C-B09D-4112E6A37A10}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{156E890C-26B1-4ED8-AF20-2D151DB68F42}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{197B5582-C4DB-45FF-813A-F688DAAFE565}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{1A97B6AD-8C23-456A-9DC6-9CFEAFCA2779}" = protocol=17 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{1CC4067A-DB50-45AC-8980-0AC10FF1A363}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{23A695DC-1C0B-46BA-90BD-DDA395987008}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{28210629-F018-418C-A231-6836A6F1FB2C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2D0748A3-9BE9-4221-ABFF-D06354EFE26E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{2D144AB3-E83F-4AF9-BB73-72A4073B16B7}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{2DE28D0B-B48F-4CBC-8FCE-BCDBB2EB3B1C}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{31E6B1A5-C0ED-4FB0-AA55-833F5B0DBBCB}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{32BDD779-0132-47D4-A4E8-CD2E43688004}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{37E928DD-D918-4FD6-A73C-36AC70B91E70}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{3821E2D5-798E-4C91-824F-12E65211459D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{3935CF38-46D6-483D-A9A0-831A9CA96F76}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{3AA30F7C-EA9D-4A76-ADD8-F4AB520B10FD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{42B53551-7C1D-4318-998D-259F1DB5BE68}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{44BE5FF2-0084-46D7-817A-2F884B6ABF43}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{45FC3302-6BAB-4A5E-91E1-4FAB2594F439}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{463572B7-09B0-40B7-A9D5-0F2AD71A3256}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{468B1F3C-36A6-47CF-877F-43A9C3990DE3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{46B1645C-B840-4224-BA72-5ED31A83E7C2}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4A3E597F-77E6-45CD-88C0-A8896608970F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{4D18962A-543B-4820-8173-C2D99384FAC3}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5071F554-BC95-4312-A542-5557B916C221}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5150A119-2DDC-44A0-9B53-79A10EAD681D}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5B042F7C-854A-4876-8894-FF88C8C8CCAD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{5D8B0B23-92A7-4A3B-B4F3-84EE69C4C211}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{63EFC75D-2FFF-4783-9B7E-2329C11FA5B1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65C06C40-6132-4127-A0EC-D11E97835C25}" = protocol=6 | dir=in | app=c:\users\kim\appdata\local\akamai\netsession_win.exe | 
"{67794E30-FB28-42F9-884C-2D014A64AE04}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\alien swarm\swarm.exe | 
"{6831C9F9-C6C6-40FD-A8E0-29506501DB5D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{68BE3DD4-8F2E-49FD-8993-A6FBE9B74CA8}" = protocol=58 | dir=in | app=system | 
"{68E7ACFD-8F37-4A97-B812-3ED504AA7BCC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{71BD6FAC-F978-4358-80D3-1F6F69D5602A}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{71E8E8D0-EA58-428B-91A9-02C310244DE0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders 2\darksiders2.exe | 
"{71FF07BD-1CB6-4A49-A206-4BE19E3BC038}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{72889905-C8C1-4170-B48F-42ACC2D3C915}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd8\powerdvd8.exe | 
"{80D515DB-A720-4831-81D1-25DAC8149216}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{81DED5B3-9C94-4FA3-82D6-C160CF4F3663}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{8301D436-677B-4625-9A13-467D02060D74}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{83720972-4989-48BB-8B04-75CC64664A61}" = protocol=6 | dir=in | app=c:\program files (x86)\searchqu toolbar\datamngr\toolbar\dtuser.exe | 
"{858507C1-1E5B-459A-A1FC-50121743D54A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{85C54423-F245-409E-84A4-DDA1B248DB0A}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{8CA39DB4-98C9-4631-8CBD-A9E3319AF090}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{90ACB8CC-2399-4008-86B1-05A8612AB9F7}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{91FBAFE0-68EF-4B45-85F7-D4F4EBEC2E25}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight ii\modlauncher.exe | 
"{958DB879-F386-4500-BD49-BEE9F11EF494}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{95A27555-EA6E-450A-8908-9B67F7E4C3F0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{95ACF58E-C9BE-4FB8-9C57-28F197BB53F3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{979B2FBB-D0DE-4C8E-B2A6-1340D20EEEF1}" = protocol=6 | dir=in | app=d:\steam\steam.exe | 
"{983EBECC-1D87-4684-B865-2863F326CFC2}" = protocol=17 | dir=in | app=c:\users\kim\appdata\local\akamai\netsession_win.exe | 
"{9BA496CD-6D78-4E79-B3ED-CAE54A59C7B8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A3159F63-777D-4409-85B4-B22F972E3FF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A33C7C5F-8BA2-4D89-9600-348353BFD72A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\darksouls.exe | 
"{A434BF01-7E88-42BC-8774-64C8FFD6969C}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A69C315E-D148-46AD-A70B-70CDF387C4CB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A7F4CD75-4E1A-470B-9644-4EAE54CE4B5C}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{A9F86F71-B5EB-442C-A87E-FD82DF016EBE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dota 2 beta\dota.exe | 
"{AA118702-50B9-453F-B6B1-DE1574CD87C6}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AFE8F2E7-31E5-4CA0-981B-2AB6ECD3FF03}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{B1EA344B-213F-4858-BCF7-0574BE8467A5}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{B456A8DA-C949-4D48-BD43-1B18E1DA0321}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B560E41A-8F84-407D-8835-840C40F1790D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"{B56829A6-AFF4-48D2-8361-F3FD1DEAF294}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{BAB8905A-42CB-42D1-9EA3-73FEC3717884}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{BD95D560-0707-4B22-8896-6ADD212DC893}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{BE4DB905-32EA-4DE4-BA02-19DEE8282D6A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{C0353399-942B-4652-AABF-7D11D8886A9E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C07D01E1-96A3-40EC-9B15-B5610F558BE0}" = protocol=6 | dir=out | app=system | 
"{CC46C7BE-5E93-44E2-BD6E-1890F978AAE9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{CF892E6A-78FE-4DEC-8324-565372C92305}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{D0CF8E3F-E19A-4784-BE85-FE9EE8617237}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{DA1F5AC9-58C3-4052-9C2B-CA6FE8058B38}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DDBA67A1-284C-4D98-902F-299EC85C3653}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders\darksiderspc.exe | 
"{E2BAA115-68E0-42A8-8BBA-F7FAB2CC0DE1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alien swarm\swarm.exe | 
"{E3252433-DCE7-490A-A352-A79C7A07D875}" = protocol=17 | dir=in | app=c:\program files (x86)\lol.launcher.exe | 
"{EA2250CE-F1D7-4D03-AED0-B32525CC08F5}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{EA71A186-E57D-4C37-86E1-1E4BAF4106D0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{EBA09BD9-1AC6-41A9-9275-1E278AF0BE8A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\alien swarm\srcds.exe | 
"{ECD58DFE-22D0-41D0-967E-23B0680E65F7}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EDC78A33-9CA6-4FEC-9872-67F30B49FE6C}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{EDEAD439-CA62-4E32-A435-A53E05885E45}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{F2D68A39-138E-4DB3-A6E3-9492BC7C03B5}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{F59F6405-35F9-4E3D-993A-FF503511F828}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"TCP Query User{14FCE6D9-64AF-4B1E-94EF-549F284AC547}D:\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=d:\guild wars 2\gw2.exe | 
"TCP Query User{3FC9E988-AFDE-4FA1-A719-F3EB617451C8}C:\users\kim\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kim\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{4C514186-8E94-4F30-9493-7A8D56701443}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{97AB2BFB-05EA-40A9-8AFA-A0123ECBA135}C:\users\kim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=6 | dir=in | app=c:\users\kim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"TCP Query User{B813D301-B2F7-437D-983A-1ACC73197FB9}D:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{BA37DA9A-D008-49AC-996E-3E37FD8AC727}D:\steam\steamapps\common\torchlight ii\torchlight2.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"TCP Query User{F9739560-0995-416C-A724-BF4F5E444A87}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{00D29C8F-40EB-49C4-9CE4-F7EA71F502CD}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{0971960A-201D-430A-8657-F00064BAF48D}D:\steam\steamapps\common\torchlight ii\torchlight2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\torchlight ii\torchlight2.exe | 
"UDP Query User{29093DE0-A752-4947-82FA-1139A77DD286}C:\users\kim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe" = protocol=17 | dir=in | app=c:\users\kim\appdata\roaming\macromedia\flash player\www.macromedia.com\bin\octoshape\octoshape.exe | 
"UDP Query User{5DB3CEA6-52DD-4E52-BDB7-7F4EB57EAD65}D:\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=d:\guild wars 2\gw2.exe | 
"UDP Query User{812847B1-D08D-47D3-94D5-BA0F23FEEE68}C:\users\kim\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kim\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{930E61CF-22F4-4ED1-A60D-7DCB8EBCA50F}D:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dark souls prepare to die edition\data\data.exe | 
"UDP Query User{B3602BFD-40DB-4FA1-B302-F72BC203B579}D:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1493B2AE-0261-47D2-B1AA-F4DAD0F6C48B}" = iTunes
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{5F3E04B1-390D-35F3-4C08-D82C7FB95AE5}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7446FE8D-C1F9-4D42-AAAE-5DBCE58605A6}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{90120000-002A-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (English) 2007
"{90120000-0116-0409-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit Setup Metadata MUI (English) 2007
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{98BA2F7A-DCC7-C939-9A77-ABAFA55E0AF6}" = ATI AVIVO64 Codecs
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C42B7876-FA88-4F4A-9A5F-E175AD143F2A}" = ATI Catalyst Install Manager
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FA300000-0001-6400-0000-074957833700}" = ABBYY PDF Transformer 3.0
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"CCleaner" = CCleaner
"EPSON SX100 Series" = EPSON SX100 Series Printer Uninstall
"HitmanPro37" = HitmanPro 3.7
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{033063B9-94AF-DC7C-95D3-35F641D8AEBE}" = CCC Help English
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{171D318E-31FD-954F-0C3E-21EB06C0E899}" = CCC Help Russian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{20460018-6444-825B-4EBA-40D8DD30F12C}" = CCC Help Danish
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2893F5FD-0C0E-0B0F-3C70-C141539174B8}" = CCC Help Czech
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{362E1FE9-1FF7-EE96-E7FF-D5E661173FFB}" = Catalyst Control Center Graphics Full Existing
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{440D3BE4-EC27-5F34-DB56-A76E7EDF8BB1}" = CCC Help Finnish
"{46BE6D86-7BEF-4DAB-B3E6-7B932D3872F3}_is1" = Dragonica Version TEST
"{4CAFDDA4-65ED-F56B-CFC2-849E958AE6B1}" = CCC Help Korean
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4DA5BB7E-9CB8-5E01-7F96-46F1EE2F2D4F}" = CCC Help Chinese Standard
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4FFBF030-A72F-B9FD-B944-B7850BEBE80C}" = CCC Help Swedish
"{50D69C54-6963-49A6-B762-A9FF8F56AF0F}" = Brockhaus multimedial 2010
"{542A08AB-AFD4-B5A4-9780-A8507A738F7F}" = CCC Help Chinese Traditional
"{5433D947-A97A-25D5-A84E-A5171D2B8D6A}" = CCC Help Hungarian
"{545E8571-FAB5-5BFC-1B70-A6A8E4ACA298}" = CCC Help Thai
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57020886-809C-746B-2303-8030A84A0EB8}" = CCC Help Turkish
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5F7E6484-A2FB-778D-431D-D181C55C3F1C}" = CCC Help German
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62F7DA7E-CCCB-439C-A760-00C3926E761F}" = Microsoft Works
"{63EC2120-1742-4625-AA47-C6A8AEC9C64C}" = Apple Application Support
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{69ec32be-d994-44de-9eae-6d86ced6f352}" = Microsoft Visual Studio Express 2012 für Windows Desktop - DEU
"{6D441C98-EB46-D873-66A0-3FA448B8AD08}" = CCC Help Japanese
"{6DC5AFA1-10F0-D421-2147-C426D554F286}" = Catalyst Control Center Graphics Full New
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{722EB9DF-A9EF-129D-816F-C6F17769EDAA}" = CCC Help Italian
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79437AE7-3196-2C0C-0AF6-90B2AF22D8DA}" = CCC Help Greek
"{7DF0573D-A96F-9133-2454-D80A62F9FA77}" = CCC Help Polish
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{8295C50D-F52A-E4E1-4230-C4110980C3A0}" = CCC Help Norwegian
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{86CE1746-9EFF-3C9C-8755-81EA8903AC34}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{87BB78C4-F36D-4D93-A7C7-F80F18219848}" = AMD DnD V1.0.19
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{8A227815-272D-A304-015F-DA71AABADE0A}" = Catalyst Control Center Localization All
"{8AAE1CA8-68A1-15F7-DCCD-311F3435EFC4}" = Catalyst Control Center Core Implementation
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0015-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0017-0407-0000-0000000FF1CE}" = Microsoft Office SharePoint Designer MUI (German) 2007
"{90120000-0017-0407-0000-0000000FF1CE}_OMUI.de-de_{2733AA87-26FC-41B0-9D2F-3092345BC370}" = Microsoft Office SharePoint Designer 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}_OMUI.de-de_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}_OMUI.de-de_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}_OMUI.de-de_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}_OMUI.de-de_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{2314F9A1-126F-45CC-8A5E-DFAF866F3FBC}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}_OMUI.de-de_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{AAA19365-932B-49BD-8138-BE28CEE9C4B4}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0100-0407-0000-0000000FF1CE}" = Microsoft Office O MUI (German) 2007
"{90120000-0100-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0101-0407-0000-0000000FF1CE}" = Microsoft Office X MUI (German) 2007
"{90120000-0101-0407-0000-0000000FF1CE}_OMUI.de-de_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0116-0409-1000-0000000FF1CE}_HOMESTUDENTR_{98333358-268C-4164-B6D4-C96DF5153727}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{93BC4791-8EC4-363C-1274-4F1F8FB03F2B}" = Catalyst Control Center Graphics Previews Vista
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C984E3E-9B9B-CBCC-326D-A63CCE560C0C}" = Catalyst Control Center Graphics Light
"{A0087DDE-69D0-11E2-AD57-43CA6188709B}" = Adobe AIR
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.5.4 MUI
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{AFE5FFBC-CE6D-F6BE-7EAA-AA2760E75E03}" = CCC Help Spanish
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{C0C6AD06-71E3-934A-8232-4487B751177F}" = CCC Help Dutch
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5634562-6215-543B-3E86-0CF513706972}" = CCC Help French
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D17D8B97-F937-432F-88BD-382727D34441}" = EuropeMapleStory
"{d1a4e3a6-023d-4c92-84b4-f5e076d26810}" = Nero 9 Essentials
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DEDB47A3-C988-4A43-A645-E2CEA571E680}" = Epson Easy Photo Print 2
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE10D76C-39B7-40A8-A24C-1BEEACBED160}" = Catalyst Control Center - Branding
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4719A65-7FF1-6146-BCC3-419662516FCF}" = ccc-core-static
"{F5FE4F51-9998-BC38-E32C-6C056ACA0BC1}" = Catalyst Control Center InstallProxy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"{FC541630-B9CF-7783-3D1C-7CE1094BDD97}" = CCC Help Portuguese
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"ABBYY PDF Transformer 3.0" = ABBYY PDF Transformer 3.0
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"conduitEngine" = Conduit Engine
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON Scanner" = EPSON Scan
"EPSON Stylus SX100_TX100 Benutzerhandbuch" = EPSON Stylus SX100_TX100 Handbuch
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"GinyasBrowserCompanion" = GinyasBrowserCompanion
"Google Chrome" = Google Chrome
"Guild Wars 2" = Guild Wars 2
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"IncrediMail_MediaBar_2 Toolbar" = IncrediMail MediaBar 2 Toolbar
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"Lavalon Dragonica1.0" = Lavalon Dragonica
"lfind@nijadsoft.net" = Lyrics Finder
"LOLReplay" = LOLReplay
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Neffy" = Neffy 1,3,29,0
"OMUI.de-de" = Microsoft Office Language Pack 2007 - German/Deutsch
"Steam App 200710" = Torchlight II
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 205790" = Dota 2 Test
"Steam App 211420" = Dark Souls: Prepare to Die Edition
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 440" = Team Fortress 2
"Steam App 49520" = Borderlands 2
"Steam App 50620" = Darksiders
"Steam App 50650" = Darksiders II
"Steam App 570" = Dota 2
"Steam App 630" = Alien Swarm
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.01.2012 12:40:21 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2012 12:40:21 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2012 12:40:21 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 16.01.2012 12:40:21 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.01.2012 12:30:47 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 17.01.2012 12:31:22 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksdb.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.01.2012 12:31:22 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksCal.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.01.2012 12:31:22 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\wksss.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 17.01.2012 12:31:22 | Computer Name = Kim-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Windows\Installer\{62F7DA7E-CCCB-439C-A760-00C3926E761F}\WksWP.exe".
Die
 abhängige Assemblierung "msadctls,processorArchitecture="x86",type="win32",version="1.0.1801.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.01.2012 12:56:46 | Computer Name = Kim-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: plugin-container.exe, Version: 1.9.2.4363,
 Zeitstempel: 0x4ee68bf9  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000222b2  ID des fehlerhaften
 Prozesses: 0xc04  Startzeit der fehlerhaften Anwendung: 0x01ccd5f9eae405ed  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 67317096-41f5-11e1-83c8-4487fc765931
 
[ System Events ]
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerkspeicher-Schnittstellendienst" ist vom Dienst 
"NSI proxy service driver." abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Arbeitsstationsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "IP-Hilfsdienst" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB-Miniredirector-Wrapper und -Modul" ist vom Dienst 
"Umgeleitetes Puffersubsystem" abhängig, der aufgrund folgenden Fehlers nicht gestartet
 wurde:   %%31
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 1.x-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "SMB 2.0-Miniredirector" ist vom Dienst "SMB-Miniredirector-Wrapper
 und -Modul" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "NLA (Network Location Awareness)" ist vom Dienst "Netzwerkspeicher-Schnittstellendienst"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 22.05.2013 12:45:48 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   AFD  avipbb  avkmgr  DfsC  discache  mwlPSDFilter  mwlPSDNServ  mwlPSDVDisk  NetBIOS  NetBT  nsiproxy
Psched
rdbss
spldr
tdx
Wanarpv6
WfpLwf
 
Error - 22.05.2013 12:49:56 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 22.05.2013 12:49:56 | Computer Name = Kim-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
 
< End of report >

--- --- ---

aharonov · 22.05.2013, 18:27

Ok, machen wir weiter:

Schritt 1

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Schritt 2

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Schritt 3

Downloade dir bitte

Farbar Service Scanner

Starte das Tool mit Doppelklick auf die FSS.exe
Gehe sicher, dass folgende Optionen angehakt sind.
- Internet Services
- Windows Firewall
- System Restore
- Security Center/Action Center
- Windows Update
- Windows Defender
- Other Services
Klicke auf Scan.
Wenn das Tool fertig ist, wird es eine FSS.txt in dem Verzeichnis erstellen, wo das Tool gelaufen ist.

Poste bitte den Inhalt hier.

Bitte poste in deiner nächsten Antwort:

Log von Adwcleaner
Log von Combofix
Log von FSS

Kimbel · 22.05.2013, 18:51

ADW Datei:AdwCleaner Logfile:

Code:

ATTFilter

# AdwCleaner v2.301 - Datei am 22/05/2013 um 19:45:23 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Kim - KIM-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kim\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\END
Datei Gelöscht : C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_apps.conduit.com_0.localstorage-journal
Datei Gelöscht : C:\Windows\SysWOW64\conduitEngine.tmp
Ordner Gelöscht : C:\Program Files (x86)\Common Files\DVDVideoSoft\TB
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Program Files (x86)\GinyasBrowserCompanion
Ordner Gelöscht : C:\Program Files (x86)\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Program Files (x86)\Winamp Toolbar
Ordner Gelöscht : C:\ProgramData\boost_interprocess
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\Users\Kim\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Kim\AppData\Local\ConduitEngine
Ordner Gelöscht : C:\Users\Kim\AppData\Local\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Kim\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Kim\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Kim\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Kim\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Kim\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Kim\AppData\Roaming\dvdvideosoftiehelpers
Ordner Gelöscht : C:\Users\Kim\AppData\Roaming\GinyasBrowserCompanion
Ordner Gelöscht : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\f00cxnu7.default\extensions\toolbar@ask.com
Ordner Gelöscht : C:\Users\Kim\AppData\Roaming\PerformerSoft
Ordner Gelöscht : C:\Users\Kim\AppData\Roaming\PriceGong

***** [Registrierungsdatenbank] *****

Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\datamngr.dll
Daten Gelöscht : [x64] HKLM\..\Windows [AppInit_DLLs] = C:\PROGRA~2\SEARCH~1\Datamngr\x64\IEBHO.dll
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\searchqutoolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com.tmp
Schlüssel Gelöscht : HKCU\Software\BrowserCompanion
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\Iminent
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{24996CB3-5D23-4DCA-8D74-4FF9C7236BD7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{99079A25-328F-4BD4-BE04-00955ACAA0A7}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E01E360B-4184-4EB2-97A0-42F8BD592D7A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F70072C4-D750-4694-BAE8-4933C807131C}
Schlüssel Gelöscht : HKCU\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\5de8c88b139ef41
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\Software\BrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\Software\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\Software\Iminent
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\DVDVideoSoftTBToolbarHelper_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F70072C4-D750-4694-BAE8-4933C807131C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\5de8c88b139ef41
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{24996CB3-5D23-4DCA-8D74-4FF9C7236BD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E01E360B-4184-4EB2-97A0-42F8BD592D7A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F70072C4-D750-4694-BAE8-4933C807131C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\bodddioamolcibagionmmobehnbhiakf
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\plmlpkfpkijnlijgalnjaacllnjmoamo
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{2D3171D2-9BE1-48A5-8FEC-DCB955C1D0C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{302ECE1A-9672-41DB-B34F-8070926B9FC0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{3336AFCA-AE3D-445E-A742-04AFA01AC8D8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A0040C79-6326-4195-A4C1-903FD849B862}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{EEE7E0A3-AE64-4DC8-84D1-F5D7BAF2DB0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\GinyasBrowserCompanion
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\SearchTheWebARP
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2414}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{855F3B16-6D32-4FE6-8A56-BBB695989046}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [DataMngr]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{acaa314b-eeba-48e4-ad47-84e31c44796c}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [10]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [10]

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchnu.com/414 --> hxxp://www.google.com

-\\ Mozilla Firefox v16.0.1 (de)

Datei : C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\qy2ig92m.default\prefs.js

C:\Users\Kim\AppData\Roaming\Mozilla\Firefox\Profiles\qy2ig92m.default\user.js ... Gelöscht !

[OK] Die Datei ist sauber.

-\\ Google Chrome v26.0.1410.64

Datei : C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.50] : search_url = "hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTer[...]
Gelöscht [l.1346] : homepage = "hxxp://www.searchnu.com/414",
Gelöscht [l.1747] : urls_to_restore_on_startup = [ "hxxp://www.searchnu.com/414" ]

*************************

AdwCleaner[S1].txt - [23527 octets] - [22/05/2013 19:45:23]

########## EOF - C:\AdwCleaner[S1].txt - [23588 octets] ##########

--- --- ---

aharonov · 22.05.2013, 19:03

Ok, noch Combofix und FSS.

Kimbel · 22.05.2013, 19:11

Farbar Service Scanner Version: 14-04-2013
Ran by Kim (administrator) on 22-05-2013 at 20:13:26
Running from "C:\Users\Kim\Downloads"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Attempt to access Yahoo IP returned error. Yahoo IP is offline
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Action Center:
============

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

Windows Defender:
==============

Other Services:
==============

File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys => MD5 is legit
C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit

**** End of log ****

Combofix Logfile:

Code:

ATTFilter

ComboFix 13-05-22.01 - Kim 22.05.2013  19:55:38.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.4023.2255 [GMT 2:00]
ausgeführt von:: c:\users\Kim\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\program files (x86)\Common Files\Acer GameZone online.ico
c:\program files (x86)\LyricsFinder\lfINd.dll
c:\users\Kim\AppData\Roaming\.#
c:\users\Kim\AppData\Roaming\app
c:\users\Kim\AppData\Roaming\app\Jerakine_lang.dat
c:\users\Kim\AppData\Roaming\app\Jerakine_lang_vesrion.dat
c:\windows\security\Database\tmp.edb
c:\windows\SysWow64\frapsvid.dll
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-04-22 bis 2013-05-22  ))))))))))))))))))))))))))))))
.
.
2013-05-22 18:05 . 2013-05-22 18:05	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-05-22 18:03 . 2013-05-22 18:03	76232	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFEB8580-FEE7-4592-9CE5-6A309D72311C}\offreg.dll
2013-05-22 17:51 . 2013-05-22 17:51	32000	----a-w-	c:\windows\system32\drivers\hitmanpro37.sys
2013-05-22 14:46 . 2013-05-22 14:46	--------	d-----w-	c:\program files\HitmanPro
2013-05-22 14:38 . 2013-05-22 15:11	--------	d-----w-	c:\programdata\HitmanPro
2013-05-22 14:27 . 2013-05-22 14:27	--------	d-----w-	c:\users\Kim\AppData\Roaming\Malwarebytes
2013-05-22 14:26 . 2013-05-22 14:26	--------	d-----w-	c:\programdata\Malwarebytes
2013-05-22 14:26 . 2013-04-04 12:50	25928	----a-w-	c:\windows\system32\drivers\mbam.sys
2013-05-21 21:59 . 2013-05-13 06:37	9460464	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{DFEB8580-FEE7-4592-9CE5-6A309D72311C}\mpengine.dll
2013-05-18 12:20 . 2013-05-18 12:20	--------	d-----w-	c:\users\Kim\AppData\Local\NBGI
2013-05-18 12:19 . 2013-05-18 12:19	--------	d-----w-	c:\windows\SysWow64\xlive
2013-05-18 12:19 . 2013-05-18 12:19	--------	d-----w-	c:\program files (x86)\Microsoft Games for Windows - LIVE
2013-05-16 14:10 . 2013-04-10 06:01	983400	----a-w-	c:\windows\system32\drivers\dxgkrnl.sys
2013-04-26 16:41 . 2013-04-26 16:41	--------	d-----w-	c:\users\Kim\AppData\Roaming\DofusTesting-8
2013-04-24 14:00 . 2013-04-12 14:45	1656680	----a-w-	c:\windows\system32\drivers\ntfs.sys
2013-04-23 14:17 . 2013-05-21 21:49	--------	d-----w-	c:\program files (x86)\Common Files\Skype
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-05-18 12:26 . 2009-08-18 10:49	564632	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\wlidui.dll
2013-05-18 12:26 . 2009-08-18 09:24	22240	----a-w-	c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2013-05-16 21:52 . 2010-06-12 13:06	75016696	----a-w-	c:\windows\system32\MRT.exe
2013-05-15 17:38 . 2012-06-16 06:55	692104	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-05-15 17:38 . 2011-05-17 08:07	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-02 00:06 . 2010-08-08 08:49	278800	------w-	c:\windows\system32\MpSigStub.exe
2013-04-13 05:49 . 2013-05-16 14:10	135168	----a-w-	c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49 . 2013-05-16 14:10	350208	----a-w-	c:\windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49 . 2013-05-16 14:10	308736	----a-w-	c:\windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49 . 2013-05-16 14:10	111104	----a-w-	c:\windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45 . 2013-05-16 14:10	474624	----a-w-	c:\windows\apppatch\AcSpecfc.dll
2013-04-13 04:45 . 2013-05-16 14:10	2176512	----a-w-	c:\windows\apppatch\AcGenral.dll
2013-04-05 00:59 . 2013-04-05 00:59	81408	----a-w-	c:\windows\system32\icardie.dll
2013-04-05 00:59 . 2013-04-05 00:59	762368	----a-w-	c:\windows\system32\ieapfltr.dll
2013-04-05 00:59 . 2013-04-05 00:59	73728	----a-w-	c:\windows\SysWow64\SetIEInstalledDate.exe
2013-04-05 00:59 . 2013-04-05 00:59	719360	----a-w-	c:\windows\SysWow64\mshtmlmedia.dll
2013-04-05 00:59 . 2013-04-05 00:59	61952	----a-w-	c:\windows\SysWow64\tdc.ocx
2013-04-05 00:59 . 2013-04-05 00:59	523264	----a-w-	c:\windows\SysWow64\vbscript.dll
2013-04-05 00:59 . 2013-04-05 00:59	48640	----a-w-	c:\windows\SysWow64\mshtmler.dll
2013-04-05 00:59 . 2013-04-05 00:59	452096	----a-w-	c:\windows\system32\dxtmsft.dll
2013-04-05 00:59 . 2013-04-05 00:59	441856	----a-w-	c:\windows\system32\html.iec
2013-04-05 00:59 . 2013-04-05 00:59	38400	----a-w-	c:\windows\SysWow64\imgutil.dll
2013-04-05 00:59 . 2013-04-05 00:59	361984	----a-w-	c:\windows\SysWow64\html.iec
2013-04-05 00:59 . 2013-04-05 00:59	281600	----a-w-	c:\windows\system32\dxtrans.dll
2013-04-05 00:59 . 2013-04-05 00:59	235008	----a-w-	c:\windows\system32\url.dll
2013-04-05 00:59 . 2013-04-05 00:59	23040	----a-w-	c:\windows\SysWow64\licmgr10.dll
2013-04-05 00:59 . 2013-04-05 00:59	226304	----a-w-	c:\windows\system32\elshyph.dll
2013-04-05 00:59 . 2013-04-05 00:59	216064	----a-w-	c:\windows\system32\msls31.dll
2013-04-05 00:59 . 2013-04-05 00:59	197120	----a-w-	c:\windows\system32\msrating.dll
2013-04-05 00:59 . 2013-04-05 00:59	185344	----a-w-	c:\windows\SysWow64\elshyph.dll
2013-04-05 00:59 . 2013-04-05 00:59	158720	----a-w-	c:\windows\SysWow64\msls31.dll
2013-04-05 00:59 . 2013-04-05 00:59	150528	----a-w-	c:\windows\SysWow64\iexpress.exe
2013-04-05 00:59 . 2013-04-05 00:59	1441280	----a-w-	c:\windows\SysWow64\inetcpl.cpl
2013-04-05 00:59 . 2013-04-05 00:59	1400416	----a-w-	c:\windows\system32\ieapfltr.dat
2013-04-05 00:59 . 2013-04-05 00:59	138752	----a-w-	c:\windows\SysWow64\wextract.exe
2013-04-05 00:59 . 2013-04-05 00:59	137216	----a-w-	c:\windows\SysWow64\ieUnatt.exe
2013-04-05 00:59 . 2013-04-05 00:59	12800	----a-w-	c:\windows\SysWow64\mshta.exe
2013-04-05 00:59 . 2013-04-05 00:59	110592	----a-w-	c:\windows\SysWow64\IEAdvpack.dll
2013-04-05 00:59 . 2013-04-05 00:59	1054720	----a-w-	c:\windows\system32\MsSpellCheckingFacility.exe
2013-04-05 00:59 . 2013-04-05 00:59	97280	----a-w-	c:\windows\system32\mshtmled.dll
2013-04-05 00:59 . 2013-04-05 00:59	92160	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2013-04-05 00:59 . 2013-04-05 00:59	905728	----a-w-	c:\windows\system32\mshtmlmedia.dll
2013-04-05 00:59 . 2013-04-05 00:59	77312	----a-w-	c:\windows\system32\tdc.ocx
2013-04-05 00:59 . 2013-04-05 00:59	62976	----a-w-	c:\windows\system32\pngfilt.dll
2013-04-05 00:59 . 2013-04-05 00:59	599552	----a-w-	c:\windows\system32\vbscript.dll
2013-04-05 00:59 . 2013-04-05 00:59	52224	----a-w-	c:\windows\system32\msfeedsbs.dll
2013-04-05 00:59 . 2013-04-05 00:59	51200	----a-w-	c:\windows\system32\imgutil.dll
2013-04-05 00:59 . 2013-04-05 00:59	48640	----a-w-	c:\windows\system32\mshtmler.dll
2013-04-05 00:59 . 2013-04-05 00:59	27648	----a-w-	c:\windows\system32\licmgr10.dll
2013-04-05 00:59 . 2013-04-05 00:59	270848	----a-w-	c:\windows\system32\iedkcs32.dll
2013-04-05 00:59 . 2013-04-05 00:59	247296	----a-w-	c:\windows\system32\webcheck.dll
2013-04-05 00:59 . 2013-04-05 00:59	173568	----a-w-	c:\windows\system32\ieUnatt.exe
2013-04-05 00:59 . 2013-04-05 00:59	167424	----a-w-	c:\windows\system32\iexpress.exe
2013-04-05 00:59 . 2013-04-05 00:59	1509376	----a-w-	c:\windows\system32\inetcpl.cpl
2013-04-05 00:59 . 2013-04-05 00:59	149504	----a-w-	c:\windows\system32\occache.dll
2013-04-05 00:59 . 2013-04-05 00:59	144896	----a-w-	c:\windows\system32\wextract.exe
2013-04-05 00:59 . 2013-04-05 00:59	13824	----a-w-	c:\windows\system32\mshta.exe
2013-04-05 00:59 . 2013-04-05 00:59	136192	----a-w-	c:\windows\system32\iepeers.dll
2013-04-05 00:59 . 2013-04-05 00:59	135680	----a-w-	c:\windows\system32\IEAdvpack.dll
2013-04-05 00:59 . 2013-04-05 00:59	12800	----a-w-	c:\windows\system32\msfeedssync.exe
2013-04-05 00:59 . 2013-04-05 00:59	102912	----a-w-	c:\windows\system32\inseng.dll
2013-04-05 00:58 . 2013-04-05 00:58	9728	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	9728	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	648192	----a-w-	c:\windows\system32\d3d10level9.dll
2013-04-05 00:58 . 2013-04-05 00:58	604160	----a-w-	c:\windows\SysWow64\d3d10level9.dll
2013-04-05 00:58 . 2013-04-05 00:58	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	5632	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	5632	---ha-w-	c:\windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	522752	----a-w-	c:\windows\system32\XpsGdiConverter.dll
2013-04-05 00:58 . 2013-04-05 00:58	465920	----a-w-	c:\windows\system32\WMPhoto.dll
2013-04-05 00:58 . 2013-04-05 00:58	417792	----a-w-	c:\windows\SysWow64\WMPhoto.dll
2013-04-05 00:58 . 2013-04-05 00:58	4096	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	4096	---ha-w-	c:\windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	3928064	----a-w-	c:\windows\system32\d2d1.dll
2013-04-05 00:58 . 2013-04-05 00:58	364544	----a-w-	c:\windows\SysWow64\XpsGdiConverter.dll
2013-04-05 00:58 . 2013-04-05 00:58	363008	----a-w-	c:\windows\system32\dxgi.dll
2013-04-05 00:58 . 2013-04-05 00:58	3584	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	3584	---ha-w-	c:\windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	3419136	----a-w-	c:\windows\SysWow64\d2d1.dll
2013-04-05 00:58 . 2013-04-05 00:58	333312	----a-w-	c:\windows\system32\d3d10_1core.dll
2013-04-05 00:58 . 2013-04-05 00:58	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	3072	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	3072	---ha-w-	c:\windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	296960	----a-w-	c:\windows\system32\d3d10core.dll
2013-04-05 00:58 . 2013-04-05 00:58	293376	----a-w-	c:\windows\SysWow64\dxgi.dll
2013-04-05 00:58 . 2013-04-05 00:58	2776576	----a-w-	c:\windows\system32\msmpeg2vdec.dll
2013-04-05 00:58 . 2013-04-05 00:58	2565120	----a-w-	c:\windows\system32\d3d10warp.dll
2013-04-05 00:58 . 2013-04-05 00:58	2560	---ha-w-	c:\windows\SysWow64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	2560	---ha-w-	c:\windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-05 00:58 . 2013-04-05 00:58	249856	----a-w-	c:\windows\SysWow64\d3d10_1core.dll
2013-04-05 00:58 . 2013-04-05 00:58	245248	----a-w-	c:\windows\system32\WindowsCodecsExt.dll
2013-04-05 00:58 . 2013-04-05 00:58	2284544	----a-w-	c:\windows\SysWow64\msmpeg2vdec.dll
2013-04-05 00:58 . 2013-04-05 00:58	221184	----a-w-	c:\windows\system32\UIAnimation.dll
2013-04-05 00:58 . 2013-04-05 00:58	220160	----a-w-	c:\windows\SysWow64\d3d10core.dll
2013-04-05 00:58 . 2013-04-05 00:58	207872	----a-w-	c:\windows\SysWow64\WindowsCodecsExt.dll
2013-04-05 00:58 . 2013-04-05 00:58	1988096	----a-w-	c:\windows\SysWow64\d3d10warp.dll
2013-04-05 00:58 . 2013-04-05 00:58	194560	----a-w-	c:\windows\system32\d3d10_1.dll
2013-04-05 00:58 . 2013-04-05 00:58	1887232	----a-w-	c:\windows\system32\d3d11.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:41	120104	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x86\PSDProtect.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2012-12-21 3093624]
"Akamai NetSession Interface"="c:\users\Kim\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]
"Steam"="d:\steam\steam.exe" [2013-05-03 1635752]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-04-19 18678376]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Hotkey Utility"="c:\program files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe" [2010-03-26 563744]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-01-13 98304]
"ArcadeDeluxeAgent"="c:\program files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe" [2009-12-22 128296]
"RemoteControl8"="c:\program files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe" [2009-04-15 91432]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-12-19 41208]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
LOLRecorder.lnk - c:\program files (x86)\LOLReplay\LOLRecorder.exe [2012-10-31 522752]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0bootdelete
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\hitmanpro37.sys]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37Crusader]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\HitmanPro37CrusaderBoot]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EgisTecLiveUpdate"="c:\program files (x86)\EgisTec Egis Software Update\EgisUpdate.exe"
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe"
"PlayMovie"="c:\program files (x86)\Acer Arcade Deluxe\PlayMovie\PMVService.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMScheduler;MBAMScheduler;d:\malwarebytes' anti-malware\mbamscheduler.exe [2013-04-04 418376]
R2 MBAMService;MBAMService;d:\malwarebytes' anti-malware\mbamservice.exe [2013-04-04 701512]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]
R3 dump_wmimmc;dump_wmimmc;d:\rappelz\GameGuard\dump_wmimmc.sys [x]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2013-04-04 25928]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe [2013-02-05 235216]
R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe [2009-09-10 305448]
R3 npggsvc;nProtect GameGuard Service;c:\windows\system32\GameMon.des [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-02-26 1255736]
R4 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-05-08 465360]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-02 22576]
S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-02 20016]
S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-02 60464]
S2 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [2008-10-24 128296]
S2 ABBYY.Licensing.PDFTransformer.Site License.3.0;ABBYY PDF Transformer 3.0 Licensing Service;c:\program files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe [2009-05-14 759048]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-01-13 202752]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 Greg_Service;GRegService;c:\program files (x86)\Acer\Registration\GregHSRW.exe [2009-08-28 1150496]
S2 HitmanProScheduler;HitmanPro Scheduler;c:\program files\HitmanPro\hmpsched.exe [2013-05-22 109352]
S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2009-07-04 240160]
S3 HCW85BDA;Hauppauge WinTV 885 Video Capture;c:\windows\system32\drivers\HCW85BDA.sys [2009-09-11 1705600]
S3 hitmanpro37;HitmanPro 3.7 Support Driver;c:\windows\system32\drivers\hitmanpro37.sys [2013-05-22 32000]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-11-05 291328]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - HITMANPRO37
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai	REG_MULTI_SZ   	Akamai
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-04-10 21:06	1642448	----a-w-	c:\program files (x86)\Google\Chrome\Application\26.0.1410.64\Installer\chrmstp.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-05-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-16 17:38]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 15:56]
.
2013-05-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-10-18 15:56]
.
2013-05-22 c:\windows\Tasks\Lyrics Finder Update.job
- c:\program files (x86)\LyricsFinder\LyricsFinderUpdater.exe [2013-02-27 19:59]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP]
@="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}"
[HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}]
2009-09-10 13:44	137512	----a-w-	c:\program files (x86)\EgisTec\MyWinLocker 3\x64\PSDProtect.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"mwlDaemon"="c:\program files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe" [2009-09-10 349480]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-11-17 9608224]
"PLD_FrameworkRun"="c:\oem\preload\utility\_NowIntoDT.vbs" [2009-12-30 486]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: Free YouTube to MP3 Converter - c:\users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
BHO-{398C01F1-E584-46AD-A649-4F78B435DCFE} - c:\program files (x86)\LyricsFinder\lfind.dll
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
WebBrowser-{C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\Akamai]
"ServiceDll"="c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\npggsvc]
"ImagePath"="c:\windows\system32\GameMon.des -service"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_202_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_202.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
   00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-05-22  20:07:56
ComboFix-quarantined-files.txt  2013-05-22 18:07
.
Vor Suchlauf: 13 Verzeichnis(se), 395.169.001.472 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 394.801.201.152 Bytes frei
.
- - End Of File - - 0666B5FD095E3760833D0C3C19E75CD7

--- --- ---

aharonov · 22.05.2013, 19:18

Gut, dann weiter:

Schritt 1

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Schritt 2

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Log von MBAR
Log von OTL

Kimbel · 22.05.2013, 20:02

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 4218535936, free: 2269990912

------------ Kernel report ------------
05/22/2013 20:39:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008383060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa8008374060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800837c2f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa800836fb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800837b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa800836e650
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800837a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa8008390320
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008379060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8008275060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d04060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049eb050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.22.08
Downloaded database version: v2013.05.14.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049eb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a010d47150, 0xfffffa8004d04060, 0xfffffa8008ee3790
Lower DeviceData: 0xfffff8a017d65610, 0xfffffa80049eb050, 0xfffffa8008fc6090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3507A950

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 46137344

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 46139392 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 46344192 Numsec = 953053184

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 999397376 Numsec = 954124288

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008379060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008379b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008379060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008275060, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800837a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800837a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008390320, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800837b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800837b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800836e650, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800837c2f0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800837c2f0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800836fb60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8008383060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837e680, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008383060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008374060, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.05.0.1001

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16576

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.926000 GHz
Memory total: 4218535936, free: 2269990912

------------ Kernel report ------------
05/22/2013 20:39:00
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\DRIVERS\cdrom.sys
\SystemRoot\system32\DRIVERS\mwlPSDFilter.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\DRIVERS\mwlPSDVDisk.sys
\SystemRoot\system32\DRIVERS\mwlPSDNServ.sys
\SystemRoot\system32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\SystemRoot\system32\DRIVERS\avkmgr.sys
\SystemRoot\system32\DRIVERS\avipbb.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atipmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\drivers\HCW85BDA.sys
\SystemRoot\system32\drivers\BdaSup.SYS
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\DRIVERS\Rt64win7.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\drivers\wmiacpi.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtiHdmi.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\system32\DRIVERS\xusb21.sys
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\USBSTOR.SYS
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\avgntflt.sys
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\system32\DRIVERS\WUDFRd.sys
\??\C:\Windows\system32\drivers\hitmanpro37.sys
\??\C:\Windows\system32\Drivers\PROCEXP113.SYS
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk5\DR5
Upper Device Object: 0xfffffa8008383060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007b\
Lower Device Object: 0xfffffa8008374060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
Initialization returned 0x0
Load Function returned 0x0
<<<1>>>
Upper Device Name: \Device\Harddisk4\DR4
Upper Device Object: 0xfffffa800837c2f0
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\0000007a\
Lower Device Object: 0xfffffa800836fb60
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk3\DR3
Upper Device Object: 0xfffffa800837b060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000079\
Lower Device Object: 0xfffffa800836e650
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk2\DR2
Upper Device Object: 0xfffffa800837a060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000078\
Lower Device Object: 0xfffffa8008390320
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk1\DR1
Upper Device Object: 0xfffffa8008379060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\00000077\
Lower Device Object: 0xfffffa8008275060
Lower Device Driver Name: \Driver\USBSTOR\
Driver name found: USBSTOR
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004d04060
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa80049eb050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.05.22.08
Downloaded database version: v2013.05.14.03
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 3
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004d04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004d04b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004d04060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa80049eb050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a010d47150, 0xfffffa8004d04060, 0xfffffa8008ee3790
Lower DeviceData: 0xfffff8a017d65610, 0xfffffa80049eb050, 0xfffffa8008fc6090
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 3
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 3507A950

Partition information:

Partition 0 type is Other (0x27)
Partition is NOT ACTIVE.
Partition starts at LBA: 2048 Numsec = 46137344

Partition 1 type is Primary (0x7)
Partition is ACTIVE.
Partition starts at LBA: 46139392 Numsec = 204800
Partition file system is NTFS
Partition is bootable

Partition 2 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 46344192 Numsec = 953053184

Partition 3 type is Primary (0x7)
Partition is NOT ACTIVE.
Partition starts at LBA: 999397376 Numsec = 954124288

Disk Size: 1000204886016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-2047-1953505168-1953525168)...
Physical Sector Size: 0
Drive: 1, DevicePointer: 0xfffffa8008379060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8008379b90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008379060, DeviceName: \Device\Harddisk1\DR1\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008275060, DeviceName: \Device\00000077\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 2, DevicePointer: 0xfffffa800837a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837ab90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800837a060, DeviceName: \Device\Harddisk2\DR2\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008390320, DeviceName: \Device\00000078\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 3, DevicePointer: 0xfffffa800837b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837bb90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800837b060, DeviceName: \Device\Harddisk3\DR3\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800836e650, DeviceName: \Device\00000079\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 4, DevicePointer: 0xfffffa800837c2f0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837db90, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa800837c2f0, DeviceName: \Device\Harddisk4\DR4\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa800836fb60, DeviceName: \Device\0000007a\, DriverName: \Driver\USBSTOR\
------------ End ----------
Physical Sector Size: 0
Drive: 5, DevicePointer: 0xfffffa8008383060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa800837e680, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8008383060, DeviceName: \Device\Harddisk5\DR5\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8008374060, DeviceName: \Device\0000007b\, DriverName: \Driver\USBSTOR\
------------ End ----------
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================

aharonov · 22.05.2013, 20:09

Ok, noch das frische OTL-Log.

Kimbel · 22.05.2013, 20:13

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.05.2013 21:06:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 53,94% Memory free
7,86 Gb Paging File | 5,69 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,45 Gb Total Space | 367,24 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
Drive D: | 454,96 Gb Total Space | 11,42 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.22 21:05:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Downloads\OTL.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.21 22:53:13 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.31 08:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012.08.08 19:09:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:18:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:18:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009.12.22 19:28:16 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.09.11 07:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 19:25:48 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.17 16:30:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f607093ae9a8369785f26498f6c831f6\PresentationFramework.ni.dll
MOD - [2013.05.17 16:30:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 16:30:08 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.17 16:29:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 16:29:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.01.24 23:38:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.24 17:43:18 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.24 17:43:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.24 17:43:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.24 17:42:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.21 22:53:13 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.10.31 08:35:36 | 000,311,808 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 04:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.09.11 07:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.22 16:46:26 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.05.15 19:38:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.25 17:47:24 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.05.08 22:18:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:18:14 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 22:18:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 22:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0)
SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.12.17 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.22 19:51:18 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.08 22:18:15 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:18:15 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.05 16:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.11 09:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{99EC3639-0749-494D-B194-6BD61042901C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 22:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 08:28:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.04.01 17:37:41 | 000,000,000 | ---D | M]
 
[2012.10.18 17:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Extensions
[2012.10.13 17:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions
[2012.10.13 17:17:26 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.05.22 19:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\f00cxnu7.default\extensions
[2012.12.21 23:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\qy2ig92m.default\Extensions
[2012.10.29 22:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.06 22:08:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Lyrics Finder = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\
CHR - Extension: uTorrentBar_DE = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.19.11_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
 
O1 HOSTS File: ([2013.05.22 20:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\OEM\Preload\utility\_NowIntoDT.vbs ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\@3..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Akamai NetSession Interface] C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\@3..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\@3..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@3\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{587DE63E-EDD9-4ECB-9468-70337DACEE4D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 20:38:27 | 000,000,000 | ---D | C] -- C:\Users\Kim\Desktop\mbar
[2013.05.22 20:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 19:53:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 19:53:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 19:53:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 19:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 19:53:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 16:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.05.22 16:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.05.22 16:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.22 16:33:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.22 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Malwarebytes
[2013.05.22 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.22 16:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 16:26:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.19 12:51:16 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\My Cheat Tables
[2013.05.18 17:00:53 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\FLiNGTrainer
[2013.05.18 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\NBGI
[2013.05.18 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\Games for Windows - LIVE Demos
[2013.05.18 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\NBGI
[2013.05.18 14:19:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.05.18 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013.05.18 14:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.05.16 23:48:10 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 23:48:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 23:48:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 23:48:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 23:48:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 23:48:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 23:48:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 23:48:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 23:48:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 23:48:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 23:48:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 23:48:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 23:48:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 23:48:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 23:48:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 16:10:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 16:10:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 16:10:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 16:10:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 16:10:16 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 16:10:16 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 16:10:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.04.26 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\DofusTesting-8
[2013.04.23 16:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.03.25 21:15:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 20:11:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 20:05:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 19:57:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 19:57:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 19:51:18 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.22 19:48:13 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job
[2013.05.22 19:48:08 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.22 19:48:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 19:48:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 19:48:01 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 18:45:47 | 000,438,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 18:23:19 | 000,000,000 | ---- | M] () -- C:\Users\Kim\defogger_reenable
[2013.05.22 17:11:17 | 000,153,444 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.22 16:46:26 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.22 16:26:39 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 19:22:05 | 000,562,519 | ---- | M] () -- C:\Users\Kim\Desktop\Kimundcallmemaybe.jpg
[2013.05.21 19:21:08 | 000,234,656 | ---- | M] () -- C:\Users\Kim\Desktop\t6.png
[2013.05.21 19:20:19 | 000,024,843 | ---- | M] () -- C:\Users\Kim\Desktop\t5.png
[2013.05.21 19:16:23 | 000,008,886 | ---- | M] () -- C:\Users\Kim\Desktop\oldTELEPHONE.gif
[2013.05.21 19:14:42 | 000,024,848 | ---- | M] () -- C:\Users\Kim\Desktop\carly_rae_jepsen_call_me_maybe.jpg
[2013.05.21 19:12:05 | 000,028,329 | ---- | M] () -- C:\Users\Kim\Desktop\t4.png
[2013.05.21 19:11:37 | 000,008,739 | ---- | M] () -- C:\Users\Kim\Desktop\Cry_meme.jpg
[2013.05.21 19:08:59 | 000,115,453 | ---- | M] () -- C:\Users\Kim\Desktop\Explosion-018.jpg
[2013.05.21 19:06:12 | 000,020,725 | ---- | M] () -- C:\Users\Kim\Desktop\t3.png
[2013.05.21 19:02:17 | 000,022,254 | ---- | M] () -- C:\Users\Kim\Desktop\t2.png
[2013.05.21 19:01:45 | 000,025,086 | ---- | M] () -- C:\Users\Kim\Desktop\t1.png
[2013.05.21 18:52:16 | 000,108,549 | ---- | M] () -- C:\Users\Kim\Desktop\carr.png
[2013.05.21 18:51:23 | 000,057,228 | ---- | M] () -- C:\Users\Kim\Desktop\car-crash-9847419.jpg
[2013.05.21 18:49:33 | 000,504,129 | ---- | M] () -- C:\Users\Kim\Desktop\trol2.png
[2013.05.21 18:48:59 | 000,508,129 | ---- | M] () -- C:\Users\Kim\Desktop\trol1.png
[2013.05.21 18:47:39 | 000,003,825 | ---- | M] () -- C:\Users\Kim\Desktop\photo-512-c03b1349.jpg
[2013.05.21 18:47:17 | 000,028,005 | ---- | M] () -- C:\Users\Kim\Desktop\21676806,17799904,highRes,BMW_3er_GT_01.jpg.jpg
[2013.05.21 18:43:10 | 000,004,423 | ---- | M] () -- C:\Users\Kim\Desktop\poker_face_kindledx (1).png
[2013.05.21 18:38:52 | 000,025,174 | ---- | M] () -- C:\Users\Kim\Desktop\Mercedes-SL-63-AMG-2012-05.jpg
[2013.05.21 18:37:42 | 000,180,507 | ---- | M] () -- C:\Users\Kim\Desktop\02_02_The-Mercedes-Benz-A-45-AMG.jpg
[2013.05.21 17:41:11 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_2
[2013.05.21 17:41:06 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_3
[2013.05.21 17:41:00 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_4
[2013.05.21 17:40:57 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_1
[2013.05.21 16:20:12 | 000,000,121 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\D2Info0
[2013.05.20 02:23:07 | 000,409,324 | ---- | M] () -- C:\Users\Kim\Desktop\dark-souls.jpg
[2013.05.18 14:19:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.18 10:27:24 | 000,000,195 | ---- | M] () -- C:\Users\Kim\Desktop\Dark Souls Prepare to Die Edition.url
[2013.05.15 19:38:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:38:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 17:00:58 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_5
[2013.05.12 16:53:57 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_6
[2013.05.11 09:52:35 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_7
[2013.05.10 19:09:35 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_8
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 19:53:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 19:53:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 19:53:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 19:53:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 19:53:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.22 19:51:18 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.22 18:45:35 | 000,438,368 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 18:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Kim\defogger_reenable
[2013.05.22 17:11:17 | 000,153,444 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.22 16:46:26 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.22 16:26:39 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 19:22:05 | 000,562,519 | ---- | C] () -- C:\Users\Kim\Desktop\Kimundcallmemaybe.jpg
[2013.05.21 19:21:08 | 000,234,656 | ---- | C] () -- C:\Users\Kim\Desktop\t6.png
[2013.05.21 19:20:19 | 000,024,843 | ---- | C] () -- C:\Users\Kim\Desktop\t5.png
[2013.05.21 19:16:23 | 000,008,886 | ---- | C] () -- C:\Users\Kim\Desktop\oldTELEPHONE.gif
[2013.05.21 19:14:41 | 000,024,848 | ---- | C] () -- C:\Users\Kim\Desktop\carly_rae_jepsen_call_me_maybe.jpg
[2013.05.21 19:12:05 | 000,028,329 | ---- | C] () -- C:\Users\Kim\Desktop\t4.png
[2013.05.21 19:11:36 | 000,008,739 | ---- | C] () -- C:\Users\Kim\Desktop\Cry_meme.jpg
[2013.05.21 19:08:59 | 000,115,453 | ---- | C] () -- C:\Users\Kim\Desktop\Explosion-018.jpg
[2013.05.21 19:06:12 | 000,020,725 | ---- | C] () -- C:\Users\Kim\Desktop\t3.png
[2013.05.21 19:02:17 | 000,022,254 | ---- | C] () -- C:\Users\Kim\Desktop\t2.png
[2013.05.21 19:01:45 | 000,025,086 | ---- | C] () -- C:\Users\Kim\Desktop\t1.png
[2013.05.21 18:52:16 | 000,108,549 | ---- | C] () -- C:\Users\Kim\Desktop\carr.png
[2013.05.21 18:51:22 | 000,057,228 | ---- | C] () -- C:\Users\Kim\Desktop\car-crash-9847419.jpg
[2013.05.21 18:49:33 | 000,504,129 | ---- | C] () -- C:\Users\Kim\Desktop\trol2.png
[2013.05.21 18:48:59 | 000,508,129 | ---- | C] () -- C:\Users\Kim\Desktop\trol1.png
[2013.05.21 18:47:39 | 000,003,825 | ---- | C] () -- C:\Users\Kim\Desktop\photo-512-c03b1349.jpg
[2013.05.21 18:47:17 | 000,028,005 | ---- | C] () -- C:\Users\Kim\Desktop\21676806,17799904,highRes,BMW_3er_GT_01.jpg.jpg
[2013.05.21 18:43:10 | 000,004,423 | ---- | C] () -- C:\Users\Kim\Desktop\poker_face_kindledx (1).png
[2013.05.21 18:38:52 | 000,025,174 | ---- | C] () -- C:\Users\Kim\Desktop\Mercedes-SL-63-AMG-2012-05.jpg
[2013.05.21 18:37:37 | 000,180,507 | ---- | C] () -- C:\Users\Kim\Desktop\02_02_The-Mercedes-Benz-A-45-AMG.jpg
[2013.05.20 02:23:03 | 000,409,324 | ---- | C] () -- C:\Users\Kim\Desktop\dark-souls.jpg
[2013.05.18 14:19:15 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.05.18 14:19:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.18 10:27:24 | 000,000,195 | ---- | C] () -- C:\Users\Kim\Desktop\Dark Souls Prepare to Die Edition.url
[2013.01.22 20:13:17 | 000,006,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.26 19:50:06 | 000,946,604 | ---- | C] () -- C:\Users\Kim\ts3_recording_12_04_26_19_50_4.wav
[2011.11.25 21:06:26 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\camera.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.04 19:25:45 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_7
[2011.05.27 15:22:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.27 15:22:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.10 17:03:05 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\lol.launcher.exe
[2011.05.10 17:03:05 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\lol.launcher.admin.exe
[2011.03.27 19:18:59 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_16
[2011.03.27 18:38:00 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_15
[2011.03.27 18:37:56 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_14
[2011.03.27 18:37:50 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_13
[2011.03.27 18:37:44 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_12
[2011.03.27 18:37:35 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_11
[2011.03.27 18:37:30 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_10
[2011.02.05 11:57:24 | 000,002,088 | ---- | C] () -- C:\Users\Kim\.recently-used.xbel
[2010.12.21 13:10:15 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_6
[2010.12.21 13:01:28 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_5
[2010.12.21 13:00:38 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_4
[2010.12.08 20:16:54 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_3
[2010.12.08 16:21:55 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_1
[2010.12.08 16:20:16 | 000,000,177 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\D2Info1
[2010.12.08 16:20:16 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_2
[2010.12.02 07:49:35 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_9
[2010.10.09 13:01:33 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_8
[2010.10.03 12:26:56 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_7
[2010.08.24 15:38:51 | 000,005,632 | ---- | C] () -- C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 13:47:59 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_6
[2010.07.31 13:23:43 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_5
[2010.07.31 12:35:21 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_4
[2010.06.18 13:05:10 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_3
[2010.06.10 15:10:12 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_1
[2010.06.10 15:07:54 | 000,000,121 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\D2Info0
[2010.06.10 15:07:54 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_2
[2010.06.10 13:28:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.09 14:55:05 | 000,007,599 | ---- | C] () -- C:\Users\Kim\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

--- --- ---

OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 22.05.2013 21:06:47 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kim\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,12 Gb Available Physical Memory | 53,94% Memory free
7,86 Gb Paging File | 5,69 Gb Available in Paging File | 72,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,45 Gb Total Space | 367,24 Gb Free Space | 80,81% Space Free | Partition Type: NTFS
Drive D: | 454,96 Gb Total Space | 11,42 Gb Free Space | 2,51% Space Free | Partition Type: NTFS
 
Computer Name: KIM-PC | User Name: Kim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.22 21:05:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kim\Downloads\OTL.exe
PRC - [2013.04.09 10:57:09 | 001,312,720 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2012.12.21 22:53:13 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.10.31 08:36:08 | 000,522,752 | ---- | M] (LOL Replay) -- C:\Program Files (x86)\LOLReplay\LOLRecorder.exe
PRC - [2012.08.08 19:09:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 22:18:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 22:18:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
PRC - [2009.12.22 19:28:16 | 000,128,296 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe
PRC - [2009.09.11 07:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
PRC - [2009.09.10 15:42:30 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe
PRC - [2009.04.15 23:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Cyberlink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.17 19:25:48 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\3c2ed368e1f3889997dfb42a5ca77284\System.Core.ni.dll
MOD - [2013.05.17 16:30:30 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\f607093ae9a8369785f26498f6c831f6\PresentationFramework.ni.dll
MOD - [2013.05.17 16:30:14 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.17 16:30:08 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\7eac0dbe9aa20b55e37235f8ee030e6b\PresentationCore.ni.dll
MOD - [2013.05.17 16:29:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.17 16:29:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.04.09 10:57:07 | 000,390,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll
MOD - [2013.04.09 10:57:05 | 004,050,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
MOD - [2013.04.09 10:56:15 | 000,598,480 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll
MOD - [2013.04.09 10:56:14 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll
MOD - [2013.04.09 10:56:13 | 001,606,096 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll
MOD - [2013.01.24 23:38:10 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.24 17:43:18 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.24 17:43:08 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.24 17:43:04 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.24 17:42:59 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.12.21 22:53:13 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.10.31 08:35:36 | 000,311,808 | ---- | M] () -- C:\Program Files (x86)\LOLReplay\LOLUtils.dll
MOD - [2011.09.27 07:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 07:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.26 04:29:36 | 000,563,744 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe
MOD - [2010.03.26 04:29:36 | 000,154,144 | ---- | M] () -- C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyHook.dll
MOD - [2009.09.11 07:48:22 | 000,231,968 | ---- | M] () -- c:\OEM\Preload\utility\setEvent.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.01.13 16:04:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.22 16:46:26 | 000,109,352 | ---- | M] (SurfRight B.V.) [Auto | Running] -- C:\Programme\HitmanPro\hmpsched.exe -- (HitmanProScheduler)
SRV - [2013.05.15 19:38:40 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- D:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.03.25 17:47:24 | 004,561,152 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_ca0e279.dll -- (Akamai)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.02.05 17:48:00 | 000,235,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe -- (McComponentHostService)
SRV - [2012.05.08 22:18:15 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 22:18:14 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2012.05.08 22:18:14 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.24 22:01:00 | 003,432,444 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2009.09.10 15:42:46 | 000,305,448 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe -- (MWLService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.14 17:07:12 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Program Files (x86)\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Site License.3.0)
SRV - [2008.10.25 01:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService)
SRV - [2007.12.17 15:00:00 | 000,163,840 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40STB.EXE -- (EPSON_EB_RPCV4_01)
SRV - [2007.01.11 15:02:00 | 000,126,464 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RPB.EXE -- (EPSON_PM_RPCV4_01)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.22 19:51:18 | 000,032,000 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hitmanpro37.sys -- (hitmanpro37)
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.09 13:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.05.08 22:18:15 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 22:18:15 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.01.13 16:26:00 | 006,327,296 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atipmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.01.13 15:10:56 | 000,185,344 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.11.05 16:15:40 | 000,291,328 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.10.02 06:58:58 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.09.30 03:34:30 | 000,121,872 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.11 09:19:08 | 001,705,600 | ---- | M] (Hauppauge Computer Works) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HCW85BDA.sys -- (HCW85BDA)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.02 13:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 13:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 13:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.03 17:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{99EC3639-0749-494D-B194-6BD61042901C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.29 22:16:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.18\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.09 08:28:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.04.01 17:37:41 | 000,000,000 | ---D | M]
 
[2012.10.18 17:48:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Extensions
[2012.10.13 17:17:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions
[2012.10.13 17:17:26 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2013.05.22 19:45:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\f00cxnu7.default\extensions
[2012.12.21 23:43:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\Profiles\qy2ig92m.default\Extensions
[2012.10.29 22:16:50 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.03.06 22:08:55 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
 
========== Chrome  ==========
 
CHR - default_search_provider: Search Results (Enabled)
CHR - default_search_provider: search_url = hxxp://dts.search-results.com/sr?src=crb&appid=0&systemid=414&sr=0&q={searchTerms}
CHR - default_search_provider: suggest_url = 
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\PepperFlash\11.7.700.202\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll
CHR - plugin: McAfee Security Scanner + (Enabled) = C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Lyrics Finder = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\
CHR - Extension: uTorrentBar_DE = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.19.11_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\
 
O1 HOSTS File: ([2013.05.22 20:05:16 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll File not found
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLD_FrameworkRun] c:\OEM\Preload\utility\_NowIntoDT.vbs ()
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files (x86)\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Hotkey Utility] C:\Program Files (x86)\Acer\Hotkey Utility\HotkeyUtility.exe ()
O4 - HKLM..\Run: [RemoteControl8] C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\@3..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Akamai NetSession Interface] C:\Users\Kim\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\@3..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\@3..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\@3\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kim\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - c:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{587DE63E-EDD9-4ECB-9468-70337DACEE4D}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (bootdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.22 20:38:27 | 000,000,000 | ---D | C] -- C:\Users\Kim\Desktop\mbar
[2013.05.22 20:07:58 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.22 19:53:40 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.22 19:53:40 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.22 19:53:40 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.22 19:53:32 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.22 19:53:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.22 16:46:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.05.22 16:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.05.22 16:38:16 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.05.22 16:33:13 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.05.22 16:27:03 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\Malwarebytes
[2013.05.22 16:26:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.05.22 16:26:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.05.22 16:26:37 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.05.19 12:51:16 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\My Cheat Tables
[2013.05.18 17:00:53 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\FLiNGTrainer
[2013.05.18 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\NBGI
[2013.05.18 14:39:14 | 000,000,000 | ---D | C] -- C:\Users\Kim\Documents\Games for Windows - LIVE Demos
[2013.05.18 14:20:02 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Local\NBGI
[2013.05.18 14:19:34 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.05.18 14:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013.05.18 14:19:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.05.16 23:48:10 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.16 23:48:10 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.16 23:48:10 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.16 23:48:09 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.16 23:48:09 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.16 23:48:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.16 23:48:09 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.16 23:48:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.16 23:48:09 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.16 23:48:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.16 23:48:09 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.16 23:48:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.16 23:48:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.16 23:48:08 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.16 23:48:07 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.16 16:10:26 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.16 16:10:26 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.16 16:10:17 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.16 16:10:17 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.16 16:10:16 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.16 16:10:16 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.16 16:10:06 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.04.26 18:41:37 | 000,000,000 | ---D | C] -- C:\Users\Kim\AppData\Roaming\DofusTesting-8
[2013.04.23 16:17:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2010.03.25 21:15:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.22 20:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 20:11:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.22 20:05:16 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.22 19:57:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 19:57:03 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.22 19:51:18 | 000,032,000 | ---- | M] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.22 19:48:13 | 000,000,408 | ---- | M] () -- C:\Windows\tasks\Lyrics Finder Update.job
[2013.05.22 19:48:08 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2013.05.22 19:48:08 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.22 19:48:03 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.22 19:48:01 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 18:45:47 | 000,438,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 18:23:19 | 000,000,000 | ---- | M] () -- C:\Users\Kim\defogger_reenable
[2013.05.22 17:11:17 | 000,153,444 | ---- | M] () -- C:\Windows\SysNative\.crusader
[2013.05.22 16:46:26 | 000,001,913 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.22 16:26:39 | 000,000,622 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 19:22:05 | 000,562,519 | ---- | M] () -- C:\Users\Kim\Desktop\Kimundcallmemaybe.jpg
[2013.05.21 19:21:08 | 000,234,656 | ---- | M] () -- C:\Users\Kim\Desktop\t6.png
[2013.05.21 19:20:19 | 000,024,843 | ---- | M] () -- C:\Users\Kim\Desktop\t5.png
[2013.05.21 19:16:23 | 000,008,886 | ---- | M] () -- C:\Users\Kim\Desktop\oldTELEPHONE.gif
[2013.05.21 19:14:42 | 000,024,848 | ---- | M] () -- C:\Users\Kim\Desktop\carly_rae_jepsen_call_me_maybe.jpg
[2013.05.21 19:12:05 | 000,028,329 | ---- | M] () -- C:\Users\Kim\Desktop\t4.png
[2013.05.21 19:11:37 | 000,008,739 | ---- | M] () -- C:\Users\Kim\Desktop\Cry_meme.jpg
[2013.05.21 19:08:59 | 000,115,453 | ---- | M] () -- C:\Users\Kim\Desktop\Explosion-018.jpg
[2013.05.21 19:06:12 | 000,020,725 | ---- | M] () -- C:\Users\Kim\Desktop\t3.png
[2013.05.21 19:02:17 | 000,022,254 | ---- | M] () -- C:\Users\Kim\Desktop\t2.png
[2013.05.21 19:01:45 | 000,025,086 | ---- | M] () -- C:\Users\Kim\Desktop\t1.png
[2013.05.21 18:52:16 | 000,108,549 | ---- | M] () -- C:\Users\Kim\Desktop\carr.png
[2013.05.21 18:51:23 | 000,057,228 | ---- | M] () -- C:\Users\Kim\Desktop\car-crash-9847419.jpg
[2013.05.21 18:49:33 | 000,504,129 | ---- | M] () -- C:\Users\Kim\Desktop\trol2.png
[2013.05.21 18:48:59 | 000,508,129 | ---- | M] () -- C:\Users\Kim\Desktop\trol1.png
[2013.05.21 18:47:39 | 000,003,825 | ---- | M] () -- C:\Users\Kim\Desktop\photo-512-c03b1349.jpg
[2013.05.21 18:47:17 | 000,028,005 | ---- | M] () -- C:\Users\Kim\Desktop\21676806,17799904,highRes,BMW_3er_GT_01.jpg.jpg
[2013.05.21 18:43:10 | 000,004,423 | ---- | M] () -- C:\Users\Kim\Desktop\poker_face_kindledx (1).png
[2013.05.21 18:38:52 | 000,025,174 | ---- | M] () -- C:\Users\Kim\Desktop\Mercedes-SL-63-AMG-2012-05.jpg
[2013.05.21 18:37:42 | 000,180,507 | ---- | M] () -- C:\Users\Kim\Desktop\02_02_The-Mercedes-Benz-A-45-AMG.jpg
[2013.05.21 17:41:11 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_2
[2013.05.21 17:41:06 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_3
[2013.05.21 17:41:00 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_4
[2013.05.21 17:40:57 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_1
[2013.05.21 16:20:12 | 000,000,121 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\D2Info0
[2013.05.20 02:23:07 | 000,409,324 | ---- | M] () -- C:\Users\Kim\Desktop\dark-souls.jpg
[2013.05.18 14:19:00 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.18 10:27:24 | 000,000,195 | ---- | M] () -- C:\Users\Kim\Desktop\Dark Souls Prepare to Die Edition.url
[2013.05.15 19:38:40 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 19:38:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.14 17:00:58 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_5
[2013.05.12 16:53:57 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_6
[2013.05.11 09:52:35 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_7
[2013.05.10 19:09:35 | 000,000,008 | ---- | M] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_8
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.22 19:53:40 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.22 19:53:40 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.22 19:53:40 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.22 19:53:40 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.22 19:53:40 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.22 19:51:18 | 000,032,000 | ---- | C] () -- C:\Windows\SysNative\drivers\hitmanpro37.sys
[2013.05.22 18:45:35 | 000,438,368 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.22 18:23:19 | 000,000,000 | ---- | C] () -- C:\Users\Kim\defogger_reenable
[2013.05.22 17:11:17 | 000,153,444 | ---- | C] () -- C:\Windows\SysNative\.crusader
[2013.05.22 16:46:26 | 000,001,913 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.05.22 16:26:39 | 000,000,622 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.05.21 19:22:05 | 000,562,519 | ---- | C] () -- C:\Users\Kim\Desktop\Kimundcallmemaybe.jpg
[2013.05.21 19:21:08 | 000,234,656 | ---- | C] () -- C:\Users\Kim\Desktop\t6.png
[2013.05.21 19:20:19 | 000,024,843 | ---- | C] () -- C:\Users\Kim\Desktop\t5.png
[2013.05.21 19:16:23 | 000,008,886 | ---- | C] () -- C:\Users\Kim\Desktop\oldTELEPHONE.gif
[2013.05.21 19:14:41 | 000,024,848 | ---- | C] () -- C:\Users\Kim\Desktop\carly_rae_jepsen_call_me_maybe.jpg
[2013.05.21 19:12:05 | 000,028,329 | ---- | C] () -- C:\Users\Kim\Desktop\t4.png
[2013.05.21 19:11:36 | 000,008,739 | ---- | C] () -- C:\Users\Kim\Desktop\Cry_meme.jpg
[2013.05.21 19:08:59 | 000,115,453 | ---- | C] () -- C:\Users\Kim\Desktop\Explosion-018.jpg
[2013.05.21 19:06:12 | 000,020,725 | ---- | C] () -- C:\Users\Kim\Desktop\t3.png
[2013.05.21 19:02:17 | 000,022,254 | ---- | C] () -- C:\Users\Kim\Desktop\t2.png
[2013.05.21 19:01:45 | 000,025,086 | ---- | C] () -- C:\Users\Kim\Desktop\t1.png
[2013.05.21 18:52:16 | 000,108,549 | ---- | C] () -- C:\Users\Kim\Desktop\carr.png
[2013.05.21 18:51:22 | 000,057,228 | ---- | C] () -- C:\Users\Kim\Desktop\car-crash-9847419.jpg
[2013.05.21 18:49:33 | 000,504,129 | ---- | C] () -- C:\Users\Kim\Desktop\trol2.png
[2013.05.21 18:48:59 | 000,508,129 | ---- | C] () -- C:\Users\Kim\Desktop\trol1.png
[2013.05.21 18:47:39 | 000,003,825 | ---- | C] () -- C:\Users\Kim\Desktop\photo-512-c03b1349.jpg
[2013.05.21 18:47:17 | 000,028,005 | ---- | C] () -- C:\Users\Kim\Desktop\21676806,17799904,highRes,BMW_3er_GT_01.jpg.jpg
[2013.05.21 18:43:10 | 000,004,423 | ---- | C] () -- C:\Users\Kim\Desktop\poker_face_kindledx (1).png
[2013.05.21 18:38:52 | 000,025,174 | ---- | C] () -- C:\Users\Kim\Desktop\Mercedes-SL-63-AMG-2012-05.jpg
[2013.05.21 18:37:37 | 000,180,507 | ---- | C] () -- C:\Users\Kim\Desktop\02_02_The-Mercedes-Benz-A-45-AMG.jpg
[2013.05.20 02:23:03 | 000,409,324 | ---- | C] () -- C:\Users\Kim\Desktop\dark-souls.jpg
[2013.05.18 14:19:15 | 000,001,342 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live ID.lnk
[2013.05.18 14:19:00 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_xusb21_01009.Wdf
[2013.05.18 10:27:24 | 000,000,195 | ---- | C] () -- C:\Users\Kim\Desktop\Dark Souls Prepare to Die Edition.url
[2013.01.22 20:13:17 | 000,006,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.26 19:50:06 | 000,946,604 | ---- | C] () -- C:\Users\Kim\ts3_recording_12_04_26_19_50_4.wav
[2011.11.25 21:06:26 | 000,000,008 | ---- | C] () -- C:\Windows\SysWow64\camera.ini
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.06.04 19:25:45 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_7
[2011.05.27 15:22:56 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.05.27 15:22:56 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.05.10 17:03:05 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\lol.launcher.exe
[2011.05.10 17:03:05 | 000,090,112 | ---- | C] () -- C:\Program Files (x86)\lol.launcher.admin.exe
[2011.03.27 19:18:59 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_16
[2011.03.27 18:38:00 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_15
[2011.03.27 18:37:56 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_14
[2011.03.27 18:37:50 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_13
[2011.03.27 18:37:44 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_12
[2011.03.27 18:37:35 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_11
[2011.03.27 18:37:30 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_10
[2011.02.05 11:57:24 | 000,002,088 | ---- | C] () -- C:\Users\Kim\.recently-used.xbel
[2010.12.21 13:10:15 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_6
[2010.12.21 13:01:28 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_5
[2010.12.21 13:00:38 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_4
[2010.12.08 20:16:54 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_3
[2010.12.08 16:21:55 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_1
[2010.12.08 16:20:16 | 000,000,177 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\D2Info1
[2010.12.08 16:20:16 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId1_2
[2010.12.02 07:49:35 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_9
[2010.10.09 13:01:33 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_8
[2010.10.03 12:26:56 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_7
[2010.08.24 15:38:51 | 000,005,632 | ---- | C] () -- C:\Users\Kim\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.08.21 13:47:59 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_6
[2010.07.31 13:23:43 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_5
[2010.07.31 12:35:21 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_4
[2010.06.18 13:05:10 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_3
[2010.06.10 15:10:12 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_1
[2010.06.10 15:07:54 | 000,000,121 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\D2Info0
[2010.06.10 15:07:54 | 000,000,008 | ---- | C] () -- C:\Users\Kim\AppData\Roaming\DofusAppId0_2
[2010.06.10 13:28:50 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.06.09 14:55:05 | 000,007,599 | ---- | C] () -- C:\Users\Kim\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:A8ADE5D8
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:DFC5A2B2

< End of report >

--- --- ---

aharonov · 22.05.2013, 20:28

Gut, wie läuft der Rechner jetzt?

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O2 - BHO: (Lyrics Finder) - {398C01F1-E584-46AD-A649-4F78B435DCFE} - C:\Program Files (x86)\LyricsFinder\lfind.dll File not found
CHR - Extension: Lyrics Finder = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\gnbcopcndefcccgdofjadnafjljgofam\1.110_0\
CHR - Extension: uTorrentBar_DE = C:\Users\Kim\AppData\Local\Google\Chrome\User Data\Default\Extensions\leocdeigfnkaojcapikdjcdbedcjmffc\2.3.19.11_0\
[2012.10.13 17:17:26 | 000,000,000 | ---D | M] (uTorrentBar_DE) -- C:\Users\Kim\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\lfind@nijadsoft.net: C:\Program Files (x86)\LyricsFinder\FF\ [2013.04.01 17:37:41 | 000,000,000 | ---D | M]
IE - HKU\S-1-5-21-1913696476-1504619614-2683083139-1001\..\SearchScopes\{99EC3639-0749-494D-B194-6BD61042901C}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647

:files
C:\Program Files (x86)\LyricsFinder

:commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2

Öffne das Programm Malwarebytes Anti-Malware.
Vista und Win7 User mit Rechtsklick "als Administrator starten".
Klicke auf Aktualisierung --> Suche nach Aktualisierung.
Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Schritt 5

Starte bitte die OTL.exe.

Setze den Haken bei Scan all Users.
Drücke auf den Quick Scan Button.
Poste den Inhalt von OTL.txt hier in den Thread.

Bitte poste in deiner nächsten Antwort:

Fixlog von OTL
Log von MBAM
Log von ESET
Log von SecurityCheck
Log von OTL

Kimbel · 22.05.2013, 20:39

Ok ich danke dir bis dahin schon einmal also mein rechner läuft eigentlich wie immer sehr gut ich glaube sogar besser wie ich es auf die schnelle erkennen kann nur ich habe immer noch angst bezüglich des trojaners.

PS: Ich brauch kurz für das alles wenn du nicht mehr lange kannst kein problem wir können auch gerne morgen weiter machen

wenn ich fix drücke kommt eine nachricht die lautet: Es wurde kein fix vorgesehn klicke auf ok um einen fix von einer datei zu laden

aharonov · 22.05.2013, 20:45

Zitat:

wenn ich fix drücke kommt eine nachricht die lautet: Es wurde kein fix vorgesehn klicke auf ok um einen fix von einer datei zu laden

Dann hast du den Text aus obiger Code-Box nicht in die Textbox von OTL kopiert..

22.05.2013, 19:03	#7
aharonov /// TB-Ausbilder	tr/atraps.gen exe data gefunden von Avira was tun?? Ok, noch Combofix und FSS. __________________ cheers, Leo

22.05.2013, 20:09	#11
aharonov /// TB-Ausbilder	tr/atraps.gen exe data gefunden von Avira was tun?? Ok, noch das frische OTL-Log. __________________ cheers, Leo

tr/atraps.gen exe data gefunden von Avira was tun??

Log-Analyse und Auswertung: tr/atraps.gen exe data gefunden von Avira was tun??