Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: GVU Trojaner Windows 7 64 Bit

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 08.10.2013, 17:10   #1
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Ausrufezeichen

GVU Trojaner Windows 7 64 Bit



Hallo liebe Community,

habe mir bereits einige der artverwandten Fälle angesehen und mich nun dazu entschlossen euch um eure fachkundige Hilfe zu bitten. Es handelt sich um den Computer eines guten Freundes von mir.

Kleinere Probleme kriege ich in der Regel auch selbst beseitigt. Allerdings musste ich feststellen, dass bei ihm noch einiges mehr im Argen lag bzw. liegt.

(In erster Linie bin ich aber schon hier wegen dem GVU-Trojaner. Der abgesicherte Modus mit Netzwerktreibern geht nicht, hatte ich gestern Abend schon kurz ausprobiert. Aber ich glaube er kann sich noch mit einem anderen Benutzer anmelden.)

Java war nicht auf dem aktuellen Stand, er besucht offenbar teils recht "ominöse" Websites, verwendet bislang sonst auch gerne nicht aktuelle Software, ... .

Konnte ihn nun tatsächlich von dem Sinn und Zweck des Leitfadens "Das sichere Windows System" von Paule (weiß nicht ob ich den Link hier posten darf) überzeugen. Der Gute hat mir versprochen in Zukunft mit Bedacht zu surfen und den Anschnallgurt anzulegen.

Fahre später direkt zu ihm und werde versuchen die Log-Files zu posten, Frage vorab:

Farbar's Recovery Scan Tool
oder
OTLPENet.exe von OldTimer ?

Bereits im Voraus vielen Dank für eure Hilfe,
Lou Schalter

Edit: Bitte entschuldigt, hatte die Punkte überlesen:

Ich habe Windows Vista, 7 oder 8
Erzeuge ein FRST-Logfile nach dieser Anleitung: Scan mit Farbar Recovery Scan Tool

Ich habe Windows XP
Erzeuge ein Logfile, das du mit OTLpe erstellt hast: Scan mit Otlpe

=> Werde mit FRST ein Logfile erstellen und gleich hier posten.

Geändert von Lou Schalter (08.10.2013 um 17:39 Uhr)

Alt 08.10.2013, 18:25   #2
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hi,

Zitat:
=> Werde mit FRST ein Logfile erstellen und gleich hier posten.
Genau.
Sobald das Log da ist, kann ich den Rechner entsperren.
__________________

__________________

Alt 08.10.2013, 21:42   #3
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Wenn ich im Abgesicherten Modus (sowohl Netzwerktreiber als auch Eingabeaufforderung) starten will bleibt es bei WINDOWS\system32\drivers\CLASSPNP.sys hängen und danach fährt sich der Rechner automatisch wieder selbst herunter.

Bei der Auswahl von "Computer reparieren" in den erweiterten Startoptionen kommt der Fehler:

Status 0xc000000e
Info: Fehler bei der Startauswahl. Zugriff auf ein erforderliches Gerät nicht möglich.

Hm. Da ist guter Rat teuer.

Habe jetzt alles Moegliche versucht, mit OTLPE hatte ich schliesslich Erfolg.
Hoffe das ist o.k. Mit FRST ging garnichts, da bin ich einfach nicht weiter gekommen.

Hier die Logs.

Extras.txt

OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 10/8/2013 11:17:52 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive F: | 273.20 Gb Total Space | 17.62 Gb Free Space | 6.45% Space Free | Partition Type: NTFS
Drive G: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64)
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64)
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JNLP" = JNLP
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
< End of report >
         
--- --- ---

OLT.txt

OTL Logfile:

Code:
ATTFilter
OTL logfile created on: 10/8/2013 11:17:52 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 87.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive F: | 273.20 Gb Total Space | 17.62 Gb Free Space | 6.45% Space Free | Partition Type: NTFS
Drive G: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/06 01:14:15 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010/06/23 19:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto] -- E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 16:55:54 | 000,075,064 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- F:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/27 19:00:00 | 000,356,352 | ---- | M] (AVM Berlin) [Auto] -- E:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006/10/18 10:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto] -- E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/07 14:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009/07/14 10:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/04/21 13:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- E:\Windows\System32\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/02/16 10:36:21 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2007/02/16 10:36:20 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Administrator_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 77 37 8F B3 C3 CE 01  [binary data]
IE - HKU\Administrator_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\*****_ON_F\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 AC 4D D3 F3 F7 CC 01  [binary data]
IE - HKU\*****_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_F\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_F\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/18 11:49:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/20 17:02:25 | 000,000,000 | ---D | M] (Adobe Flash) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82e4700b-58f2-4aa0-8949-964b59155c87}
[2011/12/20 21:09:49 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/11 12:08:03 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/02/12 16:56:10 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/02/15 16:52:08 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/06/28 12:11:23 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/27 14:00:28 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/20 21:09:48 | 000,025,560 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2011/12/20 21:09:48 | 000,140,760 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 12:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 21:09:48 | 000,067,032 | ---- | M] (mozilla.org) -- E:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2011/06/06 06:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/12 16:14:17 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/12 16:14:17 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/12 16:14:17 | 000,002,371 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/03/12 16:14:17 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/12 16:14:17 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/12 16:14:17 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2011/05/15 21:20:36 | 000,000,849 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -  File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - E:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (no name) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} -  File not found
O3 - HKU\Administrator_ON_F\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} -  File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif]  File not found
O4:64bit: - HKLM..\Run: [Launch LCore]  File not found
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] E:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC]  File not found
O4:64bit: - HKLM..\Run: [SoundMAX]  File not found
O4 - HKLM..\Run: [DeathAdder] E:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive]  File not found
O4 - HKLM..\Run: [vmware-tray]  File not found
O4 - HKU\*****_ON_F..\Run: [Google Update]  File not found
O4 - HKU\*****_ON_F..\Run: [SpybotSD TeaTimer]  File not found
O4 - HKU\LocalService_ON_F..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_F..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_F..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_F..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Administrator_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\*****_ON_F\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - *****_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - *****_ON_F\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - *****_ON_F\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - *****_ON_F\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - *****_ON_F\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15:64bit: - *****_ON_F\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15:64bit: - LocalService_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_F\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_F\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_F\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_F\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) -  File not found
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/08 23:11:50 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/10/08 14:35:33 | 001,954,124 | ---- | C] (Farbar) -- F:\Users\Administrator\Desktop\FRST64.exe
[2013/10/07 19:47:21 | 004,095,448 | ---- | C] (BrightFort LLC                                              ) -- F:\Users\Administrator\Desktop\spywareblastersetup50.exe
[2013/10/07 19:43:00 | 001,032,220 | ---- | C] (Thisisu) -- F:\Users\Administrator\Desktop\JRT.exe
[2013/09/26 16:21:33 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Steam
[3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/10/08 13:57:58 | 001,954,124 | ---- | M] (Farbar) -- F:\Users\Administrator\Desktop\FRST64.exe
[2013/10/07 19:47:21 | 004,095,448 | ---- | M] (BrightFort LLC                                              ) -- F:\Users\Administrator\Desktop\spywareblastersetup50.exe
[2013/10/07 19:43:07 | 001,032,220 | ---- | M] (Thisisu) -- F:\Users\Administrator\Desktop\JRT.exe
[2013/10/07 19:24:22 | 001,045,226 | ---- | M] () -- F:\Users\Administrator\Desktop\adwcleaner.exe
[3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/10/07 19:24:02 | 001,045,226 | ---- | C] () -- F:\Users\Administrator\Desktop\adwcleaner.exe
[2012/01/09 17:01:06 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2012/01/04 18:06:52 | 000,217,088 | ---- | C] () -- E:\Windows\SysWow64\qtmlClient.dll
[2011/11/09 17:39:44 | 000,059,904 | ---- | C] () -- E:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 17:39:32 | 000,054,784 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll
[2011/10/14 19:54:52 | 000,321,856 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/10/08 23:37:34 | 000,000,732 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps64.dat
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2010/12/22 18:05:26 | 000,001,356 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps.dat
[2010/11/27 13:56:32 | 000,000,120 | ---- | C] () -- E:\Users\*****\AppData\default.pls
[2010/06/06 14:15:17 | 000,122,992 | -H-- | C] () -- E:\Windows\SysWow64\mlfcache.dat
[2010/03/08 16:55:54 | 002,434,856 | ---- | C] () -- E:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/05 10:34:43 | 000,000,093 | ---- | C] () -- E:\Users\*****\AppData\Local\fusioncache.dat
[2009/12/09 20:29:02 | 000,052,736 | ---- | C] () -- E:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/22 21:00:42 | 000,000,000 | ---- | C] () -- E:\Windows\SysWow64\Access.dat
[2009/11/08 12:37:00 | 000,044,544 | ---- | C] () -- E:\Windows\SysWow64\Gif89.dll
[2009/09/27 09:13:48 | 000,000,033 | ---- | C] () -- E:\Windows\Multimedia manager.INI
[2009/01/23 18:40:27 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat
[2009/01/01 12:00:39 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll
[2008/11/27 19:29:00 | 000,096,801 | ---- | C] () -- E:\Windows\War3Unin.dat
[2008/08/25 15:34:16 | 000,000,466 | RHS- | C] () -- E:\ProgramData\ntuser.pol
[2008/08/12 16:17:52 | 000,003,308 | ---- | C] () -- E:\Windows\bthservsdp.dat
[2008/08/08 15:57:05 | 000,106,605 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/08 15:57:05 | 000,018,904 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/29 12:02:05 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt
[2008/07/29 12:00:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys
[2008/04/22 17:46:56 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2008/04/22 17:46:42 | 000,060,124 | ---- | C] () -- E:\Windows\SysWow64\tcpmon.ini
[2008/02/18 16:26:18 | 000,001,167 | ---- | C] () -- E:\Windows\mozver.dat
[2008/02/14 13:32:04 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2008/02/12 15:46:22 | 000,214,864 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2008/02/12 15:46:21 | 000,669,184 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe
[2008/02/12 15:46:21 | 000,075,064 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2008/02/11 15:22:15 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini
[2007/05/19 09:22:17 | 001,499,938 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2006/11/02 11:00:58 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
 
========== LOP Check ==========
 
[2008/02/12 08:04:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/02/03 14:59:54 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/11/18 11:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Easybits GO
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/05/23 07:23:38 | 000,000,000 | ---D | M] -- E:\ProgramData\HighAndes
[2012/01/04 19:05:27 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy
[2011/09/23 11:31:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic
[2012/02/02 19:24:32 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2010/03/15 16:13:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2010/02/15 11:14:21 | 000,000,000 | ---D | M] -- E:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/06/28 11:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/02 20:09:36 | 000,032,606 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/02 20:05:00 | 000,000,420 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{67EDA5FC-0019-45FD-BD8F-60FFCB19790F}.job
[2012/02/02 20:07:06 | 000,000,454 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{FF4DA3C5-B76D-406A-8828-716AE39A637B}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> E:\Windows:nlsPreferences
@Alternate Data Stream - 1264 bytes -> E:\ProgramData\Microsoft:SQasxH89fAhVdXZTo4rQsa1lB8
@Alternate Data Stream - 1257 bytes -> E:\ProgramData\Microsoft:mF4IF8xPxZPwwlfGMSTyMdmOB
@Alternate Data Stream - 1241 bytes -> E:\ProgramData\Microsoft:DsK0QpZjrH4Bu7uFCcUC3mv2JNM
@Alternate Data Stream - 1237 bytes -> E:\ProgramData\Microsoft:BzN69YMHrh8PpgVkajVTf
@Alternate Data Stream - 1126 bytes -> E:\Program Files (x86)\Common Files\System:8pBA6f4chx8LvxmXGoa
@Alternate Data Stream - 1075 bytes -> E:\Users\*****\AppData\Local:Gy1L44sVjSHClQdReyzsUh8
< End of report >
         
--- --- ---
__________________

Alt 08.10.2013, 22:12   #4
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hallo,

und du bist dir sicher, dass hier Malware das Problem ist? (Hat man den GVU-Sperrschirm gesehen?)
In diesem Log kann ich keine Spur davon erkennen..
__________________
cheers,
Leo

Alt 08.10.2013, 22:19   #5
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hallo Leo,

der Form halber zunaechst einmal vielen Dank! Finde das toll, dass du mir bei der Sache weiter hilfst.

Ja, ich bin mir sehr sicher. Sobald ich mich unter dem Benutzer anmelde kommt der Sperrschirm. Soll ich mal so starten und dir eine Hardcopy davon einstellen?

Mit FRST habe ich es nicht hin bekommen, siehe obig beschriebene Fehlermeldung.
Dann habe ich es mit OTLPE versucht. Ging zunaechst auch nicht, dann habe ich mir eine Start-CD damit erstellt und es hin bekommen.

Sitze gerade am betroffenen Computer und nutze den InternetExplorer der Benutzeroberflaeche von der gebooteten CD.

Soll ich mal bei den Scans ueberall auf ALL einstellen?

Die Windows-Installation ist hier ein wenig merkwuerdig gestaltet ... es ist ein Raid, aber das System ist auf der Platte F so wie es aussieht.

Edit

Er hat gestern Abend offenbar noch diverse AntiMalware-Software installiert und mit einem dieser Programme drueber gebuegelt meint er gerade. Also vom Administrator-Benutzerkonto aus. Da kann man sich nach wie vor anmelden. Zudem hat er gestern Abend noch 30 Windows-Updates gestartet, welche es noch heruntergeladen hatte bevor der Rechner aus gegangen ist. Vorhin hat es mir beim Booten die ganze Zeit angezeigt, dass etwas beim Windows-Update schief gelaufen sei, es wuerde rueckgaengig gemacht werden, hernach konnte ich mich ganz normal als Admin anmelden. Habe dann mal unter dem Admin-Kondo prophylaktisch die Windows-Updates fuer den Moment wieder komplett rausgenommen, diese duerften uns jetzt gerade kaum weiterhelfen.

Edit 2

Auf der Festplatte E sitzt auch noch ein Betriebtssystem, vielleicht hat es sich ja dort versteckt ... ?

Hier die OLT.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 10/9/2013 12:26:53 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows Vista (TM) Ultimate Service Pack 1 (Version = 6.0.6001) - Type = System
Internet Explorer (Version = 8.0.6001.19048)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 93.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive F: | 273.20 Gb Total Space | 17.62 Gb Free Space | 6.45% Space Free | Partition Type: NTFS
Drive G: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/05/01 20:49:54 | 000,160,272 | ---- | M] (Logitech, Inc.) [Auto] -- E:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/10/15 04:53:00 | 002,253,120 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011/10/14 19:54:40 | 000,381,248 | ---- | M] (NVIDIA Corporation) [Auto] -- E:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011/08/06 01:14:15 | 000,411,432 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/06/23 19:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto] -- E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/06/17 17:50:00 | 003,890,920 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- E:\Windows\SysWow64\GameMon.des -- (npggsvc)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 16:55:54 | 000,075,064 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/21 09:34:28 | 000,185,089 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/06/07 07:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto] -- E:\Windows\SysWOW64\NlsSrv32.exe -- (nlsX86cc)
SRV - [2009/05/13 11:48:18 | 000,108,289 | ---- | M] (Avira GmbH) [Auto] -- E:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/27 19:00:00 | 000,356,352 | ---- | M] (AVM Berlin) [Auto] -- E:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006/10/18 10:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto] -- E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011/10/17 13:40:40 | 000,090,128 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdLH6.sys -- (AtiHDAudioService)
DRV:64bit: - [2011/08/02 12:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/02/03 15:00:31 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System] -- E:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2010/12/07 14:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2010/06/13 20:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\System32\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010/04/26 22:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010/04/26 22:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_bus.sys -- (ss_bus) SAMSUNG Mobile USB Device 1.0 driver (WDM)
DRV:64bit: - [2010/04/26 22:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2010/03/18 21:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot] -- E:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2009/12/07 16:32:51 | 000,074,880 | ---- | M] (Avira GmbH) [File_System | Auto] -- E:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2009/09/30 10:32:44 | 000,120,336 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009/09/09 14:25:14 | 000,871,408 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009/09/09 13:17:41 | 000,033,344 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2009/07/14 10:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/04/21 13:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- E:\Windows\System32\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2008/02/28 21:17:08 | 000,041,488 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)
DRV:64bit: - [2008/02/28 21:17:00 | 000,112,144 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouKE.Sys -- (LMouKE)
DRV:64bit: - [2008/02/28 21:16:52 | 000,057,360 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2008/02/28 21:16:44 | 000,054,800 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2008/02/28 21:16:28 | 000,113,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\L8042mou.Sys -- (L8042mou)
DRV:64bit: - [2008/01/19 02:47:12 | 000,046,080 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\WpdUsb.sys -- (WpdUsb)
DRV:64bit: - [2008/01/19 02:34:08 | 000,048,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\avc.sys -- (Avc)
DRV:64bit: - [2008/01/19 02:34:06 | 000,058,496 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\61883.sys -- (61883)
DRV:64bit: - [2008/01/19 02:34:04 | 000,061,568 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\msdv.sys -- (MSDV)
DRV:64bit: - [2007/02/16 10:36:21 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2007/02/16 10:36:21 | 000,065,312 | ---- | M] (Acronis) [File_System | Auto] -- E:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2007/02/16 10:36:20 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2007/01/12 12:43:40 | 000,037,552 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\frmupgr.sys -- (DFUBTUSB)
DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010/06/13 20:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand] -- E:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2006/07/24 10:05:00 | 000,005,632 | ---- | M] () [File_System | System] -- E:\Windows\SysWow64\drivers\StarOpen.sys -- (StarOpen)
DRV - [2005/01/04 05:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand] -- E:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\*****_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\*****_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\Lisa_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=867034&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=867034"
 
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:  
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\*****\Music\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: E:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: E:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WPF,version=3.5: E:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: E:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.25\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/01/11 21:28:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 3.6.25\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/12/20 21:09:49 | 000,000,000 | ---D | M]
 
[2010/06/01 15:33:19 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Extensions
[2010/06/05 22:12:15 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions
[2009/11/19 07:39:36 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/05 22:12:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2009/11/19 07:39:36 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\7bq2ynvd.default\extensions\staged-xpis
[2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions
[2011/04/18 07:52:28 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/05 22:12:15 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2011/04/18 07:52:28 | 000,000,000 | ---D | M] (Fast Video Download (with SearchMenu)) -- E:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\9mi91wdq.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}
[2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/18 11:49:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/20 17:02:25 | 000,000,000 | ---D | M] (Adobe Flash) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82e4700b-58f2-4aa0-8949-964b59155c87}
[2010/06/28 12:11:23 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/27 14:00:28 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
File not found (No name found) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
File not found (No name found) -- E:\PROGRAM FILES (X86)\MOZILLA FIREFOX\EXTENSIONS\{B13721C7-F507-4982-B2E5-502A71474FED}
[2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/03/12 16:14:17 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/12 16:14:17 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/12 16:14:17 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/12 16:14:17 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/12 16:14:17 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Adobe Flash) - {82E4700B-58F2-4AA0-8949-964B59155C87} - E:\Users\*****\AppData\Roaming\AdobeFlash\IE\AdobeFlash.dll (Adobe Systems, Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [Bluetooth Connection Assistant]  File not found
O4:64bit: - HKLM..\Run: [Kernel and Hardware Abstraction Layer] E:\Windows\KHALMNPR.Exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Launch LCDMon] E:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] E:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] E:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] E:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] E:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AcronisTimounterMonitor] E:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] E:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] E:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [DeathAdder] E:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [DivXUpdate] E:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrueImageMonitor.exe] E:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\*****_ON_E..\Run: [AutoStartNPSAgent] D:\Anwendungen\NewPCStudio\NPSAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKU\*****_ON_E..\Run: [avupdate]  File not found
O4 - HKU\*****_ON_E..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] E:\Program Files (x86)\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\*****_ON_E..\Run: [DAEMON Tools Lite] D:\Anwendungen\Daemon\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\Lisa_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_E..\Run: [WindowsWelcomeCenter] E:\Windows\SysWow64\oobefldr.dll (Microsoft Corporation)
O4 - HKU\Lisa_ON_E..\RunOnce: [FlashPlayerUpdate] E:\Windows\SysWOW64\Macromed\Flash\FlashUtil10l_Plugin.exe (Adobe Systems, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\*****_ON_E\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00  [binary data]
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - E:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - E:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} hxxp://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.254
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - E:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O24 - Desktop WallPaper: D:\#Sicherung\200SATA\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: D:\#Sicherung\200SATA\Internet Explorer Wallpaper.bmp
O30:64bit: - LSA: Authentication Packages - (relog_ap) - E:\Windows\System32\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) - E:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{325ed12e-aac4-11de-9084-00040ec6ee83}\Shell\AutoRun\command - "" = K:\installer.exe
O33 - MountPoints2\{325ed12e-aac4-11de-9084-00040ec6ee83}\Shell\verb\command - "" = K:\installer.exe
O33 - MountPoints2\{399d00a2-2fc5-11e0-a0cd-001a922d4236}\Shell - "" = AutoRun
O33 - MountPoints2\{399d00a2-2fc5-11e0-a0cd-001a922d4236}\Shell\AutoRun\command - "" = I:\Autorun.exe
O33 - MountPoints2\{399d00a9-2fc5-11e0-a0cd-001a922d4236}\Shell - "" = AutoRun
O33 - MountPoints2\{399d00a9-2fc5-11e0-a0cd-001a922d4236}\Shell\AutoRun\command - "" = J:\Autorun.exe
O33 - MountPoints2\{c86c8c10-d80a-11dc-9404-00040ec6ee83}\Shell\AutoRun\command - "" = E:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{fbb62ea3-9d70-11de-a731-00040ec6ee83}\Shell - "" = AutoRun
O33 - MountPoints2\{fbb62ea3-9d70-11de-a731-00040ec6ee83}\Shell\AutoRun\command - "" = I:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/08 23:11:50 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/09/26 16:21:33 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Steam
[3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/09 17:01:06 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2012/01/04 18:06:52 | 000,217,088 | ---- | C] () -- E:\Windows\SysWow64\qtmlClient.dll
[2011/11/09 17:39:44 | 000,059,904 | ---- | C] () -- E:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 17:39:32 | 000,054,784 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll
[2011/10/14 19:54:52 | 000,321,856 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/10/08 23:37:34 | 000,000,732 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps64.dat
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2010/12/22 18:05:26 | 000,001,356 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps.dat
[2010/11/27 13:56:32 | 000,000,120 | ---- | C] () -- E:\Users\*****\AppData\default.pls
[2010/06/06 14:15:17 | 000,122,992 | -H-- | C] () -- E:\Windows\SysWow64\mlfcache.dat
[2010/03/08 16:55:54 | 002,434,856 | ---- | C] () -- E:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/05 10:34:43 | 000,000,093 | ---- | C] () -- E:\Users\*****\AppData\Local\fusioncache.dat
[2009/12/09 20:29:02 | 000,052,736 | ---- | C] () -- E:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/22 21:00:42 | 000,000,000 | ---- | C] () -- E:\Windows\SysWow64\Access.dat
[2009/11/08 12:37:00 | 000,044,544 | ---- | C] () -- E:\Windows\SysWow64\Gif89.dll
[2009/09/27 09:13:48 | 000,000,033 | ---- | C] () -- E:\Windows\Multimedia manager.INI
[2009/01/23 18:40:27 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat
[2009/01/01 12:00:39 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll
[2008/11/27 19:29:00 | 000,096,801 | ---- | C] () -- E:\Windows\War3Unin.dat
[2008/08/25 15:34:16 | 000,000,466 | RHS- | C] () -- E:\ProgramData\ntuser.pol
[2008/08/12 16:17:52 | 000,003,308 | ---- | C] () -- E:\Windows\bthservsdp.dat
[2008/08/08 15:57:05 | 000,106,605 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/08 15:57:05 | 000,018,904 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/29 12:02:05 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt
[2008/07/29 12:00:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys
[2008/04/22 17:46:56 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2008/04/22 17:46:42 | 000,060,124 | ---- | C] () -- E:\Windows\SysWow64\tcpmon.ini
[2008/02/18 16:26:18 | 000,001,167 | ---- | C] () -- E:\Windows\mozver.dat
[2008/02/14 13:32:04 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2008/02/12 15:46:22 | 000,214,864 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2008/02/12 15:46:21 | 000,669,184 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe
[2008/02/12 15:46:21 | 000,075,064 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2008/02/11 15:22:15 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini
[2007/05/19 09:22:17 | 001,499,938 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2006/11/02 11:00:58 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
 
========== LOP Check ==========
 
[2008/02/12 08:04:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/02/03 14:59:54 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/11/18 11:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Easybits GO
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/05/23 07:23:38 | 000,000,000 | ---D | M] -- E:\ProgramData\HighAndes
[2012/01/04 19:05:27 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy
[2011/09/23 11:31:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic
[2012/02/02 19:24:32 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2010/03/15 16:13:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2010/02/15 11:14:21 | 000,000,000 | ---D | M] -- E:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/06/28 11:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/02 20:09:36 | 000,032,606 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/02 20:05:00 | 000,000,420 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{67EDA5FC-0019-45FD-BD8F-60FFCB19790F}.job
[2012/02/02 20:07:06 | 000,000,454 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{FF4DA3C5-B76D-406A-8828-716AE39A637B}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> E:\Windows:nlsPreferences
@Alternate Data Stream - 1264 bytes -> E:\ProgramData\Microsoft:SQasxH89fAhVdXZTo4rQsa1lB8
@Alternate Data Stream - 1257 bytes -> E:\ProgramData\Microsoft:mF4IF8xPxZPwwlfGMSTyMdmOB
@Alternate Data Stream - 1241 bytes -> E:\ProgramData\Microsoft:DsK0QpZjrH4Bu7uFCcUC3mv2JNM
@Alternate Data Stream - 1237 bytes -> E:\ProgramData\Microsoft:BzN69YMHrh8PpgVkajVTf
@Alternate Data Stream - 1126 bytes -> E:\Program Files (x86)\Common Files\System:8pBA6f4chx8LvxmXGoa
@Alternate Data Stream - 1075 bytes -> E:\Users\*****\AppData\Local:Gy1L44sVjSHClQdReyzsUh8
< End of report >
         
--- --- ---

[/CODE]


Geändert von Lou Schalter (08.10.2013 um 22:31 Uhr)

Alt 08.10.2013, 22:38   #6
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hallo,

Zitat:
Also vom Administrator-Benutzerkonto aus. Da kann man sich nach wie vor anmelden.
Ach so, dann müssen wir nicht von der Boot-CD scannen.
Gehe bitte in diesen Admin-Account und mach dort einen FRST-Scan wie folgt:


Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________
--> GVU Trojaner Windows 7 64 Bit

Alt 09.10.2013, 00:10   #7
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Das hatte ich vorhin bereits probiert. Da hatte es dann als es bei SCHEDLGU.txt war erstmal gehangen, danach kam die Fehlermeldung

Line 11324 File G{backslash}FRST64.exe

Error in expression

EDIT

Bin gerade als Administrator angemeldet, habe mit FRST64 gescannt, hier die (leere) Logdatei:

Code:
ATTFilter
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-10-2013
Ran by Administrator at 2013-10-09 00:49:59
Running from C:\Users\Administrator\Desktop
Boot Mode: Normal
==========================================================


==================== Security Center ========================
         
Es kam wieder die Fehlermeldung:

AutoIt Error

Line 11324 (File "C:\Users\Administrator\Desktop\FRST64.exe"):

Error: Error in Expression

Und vorher, während dem Scannen hat sich Microsoft Security Essentials gemeldet und angezeigt:

Von Security Essentials wurden unbekannte Elemente auf dem PC gefunden. (...)
Dateipfad: C:\ProgramData\4wcl7hv.plz

EDIT 2

Hier noch der Log von Gmer (auch auf dem Admin-Konto ausgeführt)

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-10-09 01:28:18
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk2\DR2 -> \Device\Scsi\mv64xx1Port1Path0Target0Lun0 MARVELL_ rev.1.01 273,31GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ADMINI~1\AppData\Local\Temp\pwtoapod.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!GetInformation + 7                                                                                  0000000010001047 18 bytes [10, 33, C4, 89, 44, 24, 1C, ...]
.text   C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!GetInformation + 26                                                                                 000000001000105a 10 bytes [10, 8D, 4C, 24, 10, C7, 44, ...]
.text   ...                                                                                                                                                                                                * 11
.text   C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!getSubProductCode + 6                                                                               00000000100010d6 3 bytes [A1, 94, D0]
.text   C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe[2756] C:\Windows\BDTSupport.dll!getSubProductCode + 10                                                                              00000000100010da 8 bytes [10, 33, C4, 89, 84, 24, 20, ...]
.text   C:\Windows\system32\hasplms.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                      0000000076fb1465 2 bytes [FB, 76]
.text   C:\Windows\system32\hasplms.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                     0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                                                                * 2
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                                                                                                            0000000072dc1a22 2 bytes [DC, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                                                                                                            0000000072dc1ad0 2 bytes [DC, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                                                                                                            0000000072dc1b08 2 bytes [DC, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                                                                                                            0000000072dc1bba 2 bytes [DC, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                                                                                                            0000000072dc1bda 2 bytes [DC, 72]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                                                     0000000076fb1465 2 bytes [FB, 76]
.text   C:\Windows\SysWOW64\PnkBstrA.exe[2932] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                                                    0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                                                                * 2
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                                     0000000076fb1465 2 bytes [FB, 76]
.text   C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe[3416] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                                    0000000076fb14bb 2 bytes [FB, 76]
.text   ...                                                                                                                                                                                                * 2
.text   C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefd8d4ed0 9 bytes [68, 78, 03, FE, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefbc65c54 7 bytes [68, 08, 03, FE, 02, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefbc65c64 9 bytes [68, 40, 03, FE, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4192] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefee617a0 9 bytes [68, B0, 03, FE, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A                                                                                           0000000076e1f578 7 bytes JMP 0000000103340570
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W                                                                                           0000000076e2b0cc 7 bytes JMP 00000001033405a8
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\kernel32.dll!CreateThread                                                                                                0000000076cf6580 9 bytes JMP 00000001033404c8
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                                                              000007fefdaa75f0 7 bytes [68, E0, 05, 34, 03, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                                                000007fefd871180 10 bytes [68, C0, 06, 34, 03, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                                                               000007fefd871320 7 bytes [68, 50, 06, 34, 03, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                                                       000007fefd874450 6 bytes [68, 18, 06, 34, 03, C3]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                                                           000007fefd876720 10 bytes [68, 88, 06, 34, 03, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefd8d4ed0 9 bytes [68, 78, 03, 34, 03, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefbc65c54 7 bytes [68, 08, 03, 34, 03, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefbc65c64 9 bytes [68, 40, 03, 34, 03, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[4884] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefee617a0 9 bytes [68, B0, 03, 34, 03, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A                                                                                           0000000076e1f578 7 bytes JMP 0000000102ff0570
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W                                                                                           0000000076e2b0cc 7 bytes JMP 0000000102ff05a8
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\kernel32.dll!CreateThread                                                                                                0000000076cf6580 9 bytes JMP 0000000102ff04c8
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                                                              000007fefdaa75f0 7 bytes [68, E0, 05, FF, 02, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                                                000007fefd871180 10 bytes [68, C0, 06, FF, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                                                               000007fefd871320 7 bytes [68, 50, 06, FF, 02, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                                                       000007fefd874450 6 bytes [68, 18, 06, FF, 02, C3]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                                                           000007fefd876720 10 bytes [68, 88, 06, FF, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefd8d4ed0 9 bytes [68, 78, 03, FF, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefbc65c54 7 bytes [68, 08, 03, FF, 02, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefbc65c64 9 bytes [68, 40, 03, FF, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[8792] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefee617a0 9 bytes [68, B0, 03, FF, 02, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A                                                                                           0000000076e1f578 7 bytes JMP 0000000100bd0570
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W                                                                                           0000000076e2b0cc 7 bytes JMP 0000000100bd05a8
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\kernel32.dll!CreateThread                                                                                                0000000076cf6580 9 bytes JMP 0000000100bd04c8
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                                                              000007fefdaa75f0 7 bytes [68, E0, 05, BD, 00, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                                                000007fefd871180 10 bytes [68, C0, 06, BD, 00, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                                                               000007fefd871320 7 bytes [68, 50, 06, BD, 00, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                                                       000007fefd874450 6 bytes [68, 18, 06, BD, 00, C3]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                                                           000007fefd876720 10 bytes [68, 88, 06, BD, 00, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007fefd8d4ed0 9 bytes [68, 78, 03, BD, 00, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefbc65c54 7 bytes [68, 08, 03, BD, 00, C3, CC]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefbc65c64 9 bytes [68, 40, 03, BD, 00, C3, CC, ...]
.text   C:\Program Files\Internet Explorer\iexplore.exe[7792] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007fefee617a0 9 bytes [68, B0, 03, BD, 00, C3, CC, ...]

---- Threads - GMER 2.1 ----

Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:5052]                                                                                                                             0000000075df7587
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:3020]                                                                                                                             000000006db50cb3
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:4144]                                                                                                                             0000000077032e65
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:3004]                                                                                                                             0000000077033e85
Thread  C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [4768:10040]                                                                                                                            0000000077033e85

---- EOF - GMER 2.1 ----
         
EDIT 3

Es ist spaet, frage mich gerade wo diese ominoese Partition G auf einmal herkommt ... jedenfalls ist hier auch ein Betriebssystem installiert. Hier die Logfiles.

OTL.txt

Code:
ATTFilter
OTL logfile created on: 10/9/2013 2:58:46 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 273.20 Gb Total Space | 17.53 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011/11/09 23:11:32 | 000,204,288 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2008/01/19 04:06:50 | 000,383,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2008/01/19 04:00:52 | 000,195,584 | ---- | M] (Microsoft Corporation) [On_Demand] -- E:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2011/08/06 01:14:15 | 000,411,432 | ---- | M] (Valve Corporation) [Disabled] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011/06/06 06:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2010/11/20 23:24:16 | 000,030,720 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\seclogon.dll -- (seclogon)
SRV - [2010/06/23 19:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto] -- E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/08 16:55:54 | 000,075,064 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009/07/13 21:41:53 | 000,242,688 | ---- | M] (Microsoft Corporation) [On_Demand] -- G:\Windows\System32\qwave.dll -- (QWAVE)
SRV - [2008/07/27 14:03:13 | 000,069,632 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006/12/27 19:00:00 | 000,356,352 | ---- | M] (AVM Berlin) [Auto] -- E:\Program Files (x86)\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2006/10/18 10:26:16 | 000,285,216 | ---- | M] (Acronis) [Auto] -- E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011/11/09 23:45:30 | 010,567,680 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011/11/09 22:12:44 | 000,325,632 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/12/07 14:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009/07/14 10:36:28 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009/04/21 13:08:10 | 000,012,800 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand] -- E:\Windows\System32\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2007/02/16 10:36:21 | 000,629,536 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2007/02/16 10:36:20 | 000,198,944 | ---- | M] (Acronis) [Kernel | Boot] -- E:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2006/12/27 19:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- E:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2006/09/18 17:36:24 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2005/03/28 20:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand] -- E:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Administrator_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 77 37 8F B3 C3 CE 01  [binary data]
IE - HKU\Administrator_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Administrator_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\*****_ON_G\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 70 AC 4D D3 F3 F7 CC 01  [binary data]
IE - HKU\*****_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_G\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_G\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - E:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn.me/esnsonar,version=0.70.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.4:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@esn/esnlaunch,version=2.1.7:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.40.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012/02/01 20:14:46 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2011/11/18 11:49:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2010/06/20 17:02:25 | 000,000,000 | ---D | M] (Adobe Flash) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82e4700b-58f2-4aa0-8949-964b59155c87}
[2011/12/20 21:09:49 | 000,000,000 | ---D | M] (Default) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2008/03/11 12:08:03 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2009/02/12 16:56:10 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010/02/15 16:52:08 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
[2010/06/28 12:11:23 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/11/27 14:00:28 | 000,000,000 | ---D | M] (Java Console) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/12/20 21:09:48 | 000,025,560 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browserdirprovider.dll
[2011/12/20 21:09:48 | 000,140,760 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\brwsrcmp.dll
[2007/04/10 12:21:08 | 000,163,256 | ---- | M] (Microsoft Corporation) -- E:\Program Files (x86)\mozilla firefox\plugins\np-mswmp.dll
[2010/09/14 23:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011/12/20 21:09:48 | 000,067,032 | ---- | M] (mozilla.org) -- E:\Program Files (x86)\mozilla firefox\plugins\npnul32.dll
[2011/06/06 06:55:30 | 000,183,696 | ---- | M] (Adobe Systems Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll
[2010/06/28 12:02:52 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin6.dll
[2010/06/28 12:02:53 | 000,159,744 | ---- | M] (Apple Inc.) -- E:\Program Files (x86)\mozilla firefox\plugins\npqtplugin7.dll
[2011/03/12 16:14:17 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011/03/12 16:14:17 | 000,002,344 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/03/12 16:14:17 | 000,002,371 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\google.xml
[2011/03/12 16:14:17 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/03/12 16:14:17 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/03/12 16:14:17 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
[2011/05/15 21:20:36 | 000,000,849 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
 
O1 HOSTS File: ([2006/09/18 17:37:24 | 000,000,761 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - E:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} -  File not found
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} -  File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -  File not found
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - E:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (af0.Adblock.BHO) - {90EFF544-3981-4d46-85C9-C0361D0931D6} - E:\Windows\SysWow64\mscoree.dll (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} -  File not found
O2 - BHO: (no name) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} -  File not found
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} -  File not found
O3 - HKU\Administrator_ON_G\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} -  File not found
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] E:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif]  File not found
O4:64bit: - HKLM..\Run: [Launch LCore]  File not found
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] E:\Windows\System32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC]  File not found
O4:64bit: - HKLM..\Run: [SoundMAX]  File not found
O4 - HKLM..\Run: [DeathAdder] E:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] E:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [SoundMAXPnP] E:\Program Files (x86)\Analog Devices\Core\smax4pnp.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] E:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VirtualCloneDrive]  File not found
O4 - HKLM..\Run: [vmware-tray]  File not found
O4 - HKU\*****_ON_G..\Run: [Google Update]  File not found
O4 - HKU\*****_ON_G..\Run: [SpybotSD TeaTimer]  File not found
O4 - HKU\LocalService_ON_G..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_G..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_G..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_G..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\Administrator_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\*****_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} -  File not found
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} -  File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - E:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - E:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - E:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - E:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] -  File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - E:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 -  File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 -  File not found
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - .DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - .DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - *****_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15:64bit: - *****_ON_G\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15:64bit: - *****_ON_G\..Trusted Domains: soe.com ([]* in Trusted sites)
O15:64bit: - *****_ON_G\..Trusted Domains: sony.com ([]* in Trusted sites)
O15:64bit: - *****_ON_G\..Trusted Ranges: Range1 ([http] in Trusted sites)
O15:64bit: - *****_ON_G\..Trusted Ranges: Range1 ([https] in Trusted sites)
O15:64bit: - LocalService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - LocalService_ON_G\..Trusted Domains: sony.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: clonewarsadventures.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: freerealms.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: soe.com ([]* in )
O15:64bit: - NetworkService_ON_G\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - E:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - E:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - E:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - E:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - E:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - E:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - E:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - E:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - E:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - E:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - E:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - E:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - E:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - E:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) -  File not found
O30:64bit: - LSA: Security Packages - (livessp) -  File not found
O30 - LSA: Security Packages - (kerberos) - E:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - E:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - E:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - E:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - E:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) -  File not found
O30 - LSA: Security Packages - (livessp) -  File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/10/08 23:11:50 | 000,000,000 | -HSD | C] -- E:\RECYCLER
[2013/09/26 16:21:33 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Steam
[3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[3 E:\Windows\SysWow64\*.tmp files -> E:\Windows\SysWow64\*.tmp -> ]
[1 E:\*.tmp files -> E:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/01/09 17:01:06 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2012/01/04 18:06:52 | 000,217,088 | ---- | C] () -- E:\Windows\SysWow64\qtmlClient.dll
[2011/11/09 17:39:44 | 000,059,904 | ---- | C] () -- E:\Windows\SysWow64\OpenVideo.dll
[2011/11/09 17:39:32 | 000,054,784 | ---- | C] () -- E:\Windows\SysWow64\OVDecode.dll
[2011/10/14 19:54:52 | 000,321,856 | ---- | C] () -- E:\Windows\SysWow64\nvStreaming.exe
[2011/10/08 23:37:34 | 000,000,732 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps64.dat
[2011/09/12 19:06:16 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2011/04/09 12:55:28 | 000,179,261 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2010/12/22 18:05:26 | 000,001,356 | ---- | C] () -- E:\Users\*****\AppData\Local\d3d9caps.dat
[2010/11/27 13:56:32 | 000,000,120 | ---- | C] () -- E:\Users\*****\AppData\default.pls
[2010/06/06 14:15:17 | 000,122,992 | -H-- | C] () -- E:\Windows\SysWow64\mlfcache.dat
[2010/03/08 16:55:54 | 002,434,856 | ---- | C] () -- E:\Windows\SysWow64\pbsvc_bc2.exe
[2010/02/05 10:34:43 | 000,000,093 | ---- | C] () -- E:\Users\*****\AppData\Local\fusioncache.dat
[2009/12/09 20:29:02 | 000,052,736 | ---- | C] () -- E:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/11/22 21:00:42 | 000,000,000 | ---- | C] () -- E:\Windows\SysWow64\Access.dat
[2009/11/08 12:37:00 | 000,044,544 | ---- | C] () -- E:\Windows\SysWow64\Gif89.dll
[2009/09/27 09:13:48 | 000,000,033 | ---- | C] () -- E:\Windows\Multimedia manager.INI
[2009/01/23 18:40:27 | 000,000,056 | -H-- | C] () -- E:\Windows\SysWow64\ezsidmv.dat
[2009/01/01 12:00:39 | 000,043,520 | ---- | C] () -- E:\Windows\SysWow64\CmdLineExt03.dll
[2008/11/27 19:29:00 | 000,096,801 | ---- | C] () -- E:\Windows\War3Unin.dat
[2008/08/25 15:34:16 | 000,000,466 | RHS- | C] () -- E:\ProgramData\ntuser.pol
[2008/08/12 16:17:52 | 000,003,308 | ---- | C] () -- E:\Windows\bthservsdp.dat
[2008/08/08 15:57:05 | 000,106,605 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchema.bin
[2008/08/08 15:57:05 | 000,018,904 | ---- | C] () -- E:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2008/07/29 12:02:05 | 000,000,000 | ---- | C] () -- E:\ProgramData\LauncherAccess.dt
[2008/07/29 12:00:03 | 000,005,632 | ---- | C] () -- E:\Windows\SysWow64\drivers\StarOpen.sys
[2008/04/22 17:46:56 | 000,368,640 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2008/04/22 17:46:42 | 000,060,124 | ---- | C] () -- E:\Windows\SysWow64\tcpmon.ini
[2008/02/18 16:26:18 | 000,001,167 | ---- | C] () -- E:\Windows\mozver.dat
[2008/02/14 13:32:04 | 000,000,000 | ---- | C] () -- E:\Windows\nsreg.dat
[2008/02/12 15:46:22 | 000,214,864 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2008/02/12 15:46:21 | 000,669,184 | ---- | C] () -- E:\Windows\SysWow64\pbsvc.exe
[2008/02/12 15:46:21 | 000,075,064 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2008/02/11 15:22:15 | 000,000,069 | ---- | C] () -- E:\Windows\NeroDigital.ini
[2007/05/19 09:22:17 | 001,499,938 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2006/11/02 11:35:48 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2006/11/02 11:00:58 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2006/11/02 08:37:14 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2006/11/02 08:24:17 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2006/11/02 08:18:17 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2006/11/02 05:47:54 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
 
========== LOP Check ==========
 
[2008/02/12 08:04:51 | 000,000,000 | ---D | M] -- E:\ProgramData\Acronis
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2011/02/03 14:59:54 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2011/11/18 11:48:32 | 000,000,000 | ---D | M] -- E:\ProgramData\Easybits GO
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2011/05/23 07:23:38 | 000,000,000 | ---D | M] -- E:\ProgramData\HighAndes
[2012/01/04 19:05:27 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy
[2011/09/23 11:31:20 | 000,000,000 | ---D | M] -- E:\ProgramData\Panasonic
[2012/02/02 19:24:32 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2010/03/15 16:13:37 | 000,000,000 | ---D | M] -- E:\ProgramData\Samsung
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2006/11/02 11:41:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2007/02/16 04:35:14 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2010/02/15 11:14:21 | 000,000,000 | ---D | M] -- E:\ProgramData\{0DD0EEEE-2A7C-411C-9243-1AE62F445FC3}
[2010/06/28 11:47:55 | 000,000,000 | ---D | M] -- E:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2012/02/02 20:09:36 | 000,032,606 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
[2012/02/02 20:05:00 | 000,000,420 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{67EDA5FC-0019-45FD-BD8F-60FFCB19790F}.job
[2012/02/02 20:07:06 | 000,000,454 | -H-- | M] () -- E:\Windows\Tasks\User_Feed_Synchronization-{FF4DA3C5-B76D-406A-8828-716AE39A637B}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 128 bytes -> E:\Windows:nlsPreferences
@Alternate Data Stream - 1264 bytes -> E:\ProgramData\Microsoft:SQasxH89fAhVdXZTo4rQsa1lB8
@Alternate Data Stream - 1257 bytes -> E:\ProgramData\Microsoft:mF4IF8xPxZPwwlfGMSTyMdmOB
@Alternate Data Stream - 1241 bytes -> E:\ProgramData\Microsoft:DsK0QpZjrH4Bu7uFCcUC3mv2JNM
@Alternate Data Stream - 1237 bytes -> E:\ProgramData\Microsoft:BzN69YMHrh8PpgVkajVTf
@Alternate Data Stream - 1126 bytes -> E:\Program Files (x86)\Common Files\System:8pBA6f4chx8LvxmXGoa
@Alternate Data Stream - 1075 bytes -> E:\Users\*****\AppData\Local:Gy1L44sVjSHClQdReyzsUh8
< End of report >
         
Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 10/9/2013 2:58:46 AM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 88.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 110.00 Mb Total Space | 85.88 Mb Free Space | 78.07% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 6.35 Gb Free Space | 1.36% Space Free | Partition Type: NTFS
Drive E: | 465.76 Gb Total Space | 313.54 Gb Free Space | 67.32% Space Free | Partition Type: NTFS
Drive F: | 7.26 Gb Total Space | 7.26 Gb Free Space | 100.00% Space Free | Partition Type: FAT32
Drive G: | 273.20 Gb Total Space | 17.53 Gb Free Space | 6.42% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- E:\Windows\System32\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- E:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1 File not found
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" File not found
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l File not found
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 File not found
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "C:\Program Files (x86)\Microsoft Office\Office14\msohtmed.exe" %1
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64)
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64)
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\*****_ON_G\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"JNLP" = JNLP
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
< End of report >
         
Zwischenfrage: Ist das richtig, dass hier beim OTLPE bei Use No-Company-Name WhiteList bislang immer ein Haekchen gesetzt war? In eurer Anleitung existiert dieses Feld garnicht. Im Tutorial ist die Version 3.1.30.3, ich nutze gerade Version 3.1.48.0.

Geändert von Lou Schalter (08.10.2013 um 23:33 Uhr)

Alt 09.10.2013, 08:57   #8
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hallo,

Zitat:
Von Security Essentials wurden unbekannte Elemente auf dem PC gefunden. (...)
Dateipfad: C:\ProgramData\4wcl7hv.plz
Das gehört eindeutig zum GVU-Sperrschirm.

Wenn FRST nicht läuft, dann versuch bitte, im Admin-Account mit OTL (nicht OTLpe..) zu scannen wie folgt:


Lade dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Setze den Haken bei Scan all Users.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.
__________________
cheers,
Leo

Alt 09.10.2013, 18:52   #9
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hi Leo,

hier die Logs von OTL:
(danke fürs nochmalige Erwähnen: "nicht OTLpe", sonst hätt' ich letzteres genommen)

Code:
ATTFilter
OTL logfile created on: 09.10.2013 19:42:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,13 Gb Available Physical Memory | 84,47% Memory free
23,98 Gb Paging File | 21,81 Gb Available in Paging File | 90,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273,20 Gb Total Space | 17,66 Gb Free Space | 6,46% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 313,53 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 6,35 Gb Free Space | 1,36% Space Free | Partition Type: NTFS
Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.10.09 19:41:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.12.07 22:11:56 | 000,659,224 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.03.26 00:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010.12.11 20:17:48 | 000,358,944 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.05.18 14:29:16 | 003,866,624 | ---- | M] (Analog Devices, Inc.) -- C:\Program Files (x86)\Analog Devices\SoundMAX\SoundMAX.exe
PRC - [2007.12.19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.06.28 10:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013.10.08 00:48:41 | 000,060,512 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\ProgramData\vh7lcw4.pzz -- (Winmgmt)
SRV - [2013.09.19 23:45:28 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.26 00:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.26 00:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.26 00:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.11 20:18:12 | 001,064,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 09:49:58 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012.11.07 09:49:54 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012.11.07 09:49:46 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012.06.28 10:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012.03.03 01:17:20 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.03.03 01:17:16 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.03.03 01:17:14 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.03.03 01:17:10 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 16:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.09.28 17:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.03.26 00:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.26 00:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.26 00:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.26 00:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 23:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 21:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 21:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.07 20:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.10.01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.03.23 17:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009.12.23 12:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.23 16:10:04 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009.09.16 16:26:18 | 000,331,816 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2009.08.10 16:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.08.19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 62 77 37 8F B3 C3 CE 01  [binary data]
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_8_800_168.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012.08.05 15:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2012.07.03 21:20:32 | 000,001,401 | RHS- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 68.168.222.227 www.google-analytics.com.
O1 - Hosts: 68.168.222.227 ad-emea.doubleclick.net.
O1 - Hosts: 68.168.222.227 www.statcounter.com.
O1 - Hosts: 108.163.215.51 www.google-analytics.com.
O1 - Hosts: 108.163.215.51 ad-emea.doubleclick.net.
O1 - Hosts: 108.163.215.51 www.statcounter.com.
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [SoundMAX] C:\Program Files (x86)\Analog Devices\SoundMAX\soundmax.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9:64bit: - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - Reg Error: Key error. File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11598DD2-21FD-4F1A-8609-82672B95369C}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD4187B-1E1C-4C45-B0AC-7C258A9EEF84}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE4204A-550C-44D7-BA0F-60B49CD5C464}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.09 05:11:50 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2013.10.08 20:31:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013.10.08 02:03:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.10.08 02:02:10 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.10.08 02:02:10 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.10.08 02:02:09 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.10.08 02:02:09 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.10.08 02:02:08 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.10.08 02:02:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.10.08 02:02:07 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.10.08 02:02:07 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.10.08 02:02:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.10.08 02:02:06 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.10.08 02:02:06 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.10.08 02:02:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.10.08 02:02:05 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.10.08 02:02:05 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.10.08 02:02:05 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.10.08 01:52:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.10.08 01:51:02 | 001,472,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.10.08 01:51:02 | 000,224,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2013.10.08 01:51:01 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.10.08 01:50:57 | 000,155,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\ataport.sys
[2013.10.08 01:50:56 | 003,968,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.10.08 01:50:55 | 005,550,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.10.08 01:50:55 | 003,913,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.10.08 01:50:55 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2013.10.08 01:50:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.10.08 01:50:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.10.08 01:50:55 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.10.08 01:50:55 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.10.08 01:50:55 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.10.08 01:50:55 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.10.08 01:50:54 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.10.08 01:50:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.10.08 01:50:54 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.10.08 01:50:54 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.10.08 01:50:54 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.10.08 01:50:54 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.10.08 01:50:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.10.08 01:50:54 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.10.08 01:50:54 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.10.08 01:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.10.08 01:50:54 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.10.08 01:50:54 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.10.08 01:50:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.10.08 01:50:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.10.08 01:50:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.10.08 01:50:53 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\apisetschema.dll
[2013.10.08 01:50:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.10.08 01:50:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.10.08 01:50:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.10.08 01:50:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.10.08 01:50:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.10.08 01:50:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.10.08 01:50:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.10.08 01:50:48 | 001,888,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL
[2013.10.08 01:50:48 | 001,620,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL
[2013.10.08 01:50:47 | 001,217,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rpcrt4.dll
[2013.10.08 01:50:43 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.10.08 01:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013.10.08 01:47:48 | 000,129,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSSTDFMT.DLL
[2013.10.08 01:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013.10.08 01:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013.10.08 01:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.10.08 01:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.10.08 01:40:09 | 000,868,264 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.10.08 01:40:09 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.10.08 01:39:58 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.10.08 01:39:58 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.10.08 01:39:58 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.10.08 01:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.08 01:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.10.08 01:24:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.10.08 01:18:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2013.10.08 01:18:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2013.10.08 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert
[2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2013.10.08 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Razer
[2013.10.08 01:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech
[2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.10.08 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2013.10.08 01:15:23 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2013.10.08 01:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
[2013.10.08 00:48:36 | 000,060,512 | ---- | C] (Microsoft Corporation) -- C:\ProgramData\vh7lcw4.pzz
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.09 21:38:23 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.09 21:38:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.09 21:38:07 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.09 21:36:09 | 001,313,301 | ---- | M] () -- C:\ProgramData\vh7lcw4.pff
[2013.10.09 21:36:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\vh7lcw4.ctrl
[2013.10.09 19:45:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.09 01:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000UA.job
[2013.10.09 01:31:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000Core.job
[2013.10.09 01:04:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.09 00:54:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.09 00:54:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.08 20:15:30 | 000,427,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.08 01:56:57 | 001,680,578 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.08 01:56:57 | 000,713,640 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.08 01:56:57 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.08 01:56:57 | 000,155,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.08 01:56:57 | 000,127,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.08 01:47:48 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013.10.08 01:39:54 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.10.08 01:39:53 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.10.08 01:39:53 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.10.08 01:39:52 | 000,868,264 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.10.08 01:39:52 | 000,790,440 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.10.08 01:39:52 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.10.08 00:48:41 | 000,060,512 | ---- | M] (Microsoft Corporation) -- C:\ProgramData\vh7lcw4.pzz
[2013.10.08 00:48:32 | 000,180,224 | ---- | M] () -- C:\ProgramData\4wcl7hv.plz
[2013.09.19 23:45:28 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.09.19 23:45:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.09.19 23:45:06 | 003,723,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
 
========== Files Created - No Company Name ==========
 
[2013.10.08 01:47:48 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013.10.08 01:15:38 | 000,001,445 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.10.08 00:57:49 | 001,313,301 | ---- | C] () -- C:\ProgramData\vh7lcw4.pff
[2013.10.08 00:48:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\vh7lcw4.ctrl
[2013.10.08 00:48:32 | 000,180,224 | ---- | C] () -- C:\ProgramData\4wcl7hv.plz
[2013.08.20 19:53:55 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.07.20 21:59:20 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.05.05 02:46:01 | 000,000,099 | ---- | C] () -- C:\Windows\wininit.ini
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.22 00:29:49 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.22 00:29:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.12.28 02:40:49 | 000,002,889 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.28 02:40:47 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.10.23 01:54:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.10.23 00:45:31 | 000,076,351 | ---- | C] () -- C:\ProgramData\kuksclqtviclkhm
[2012.10.18 13:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.03 23:07:54 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012.03.02 00:19:41 | 001,685,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.02 00:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw
@Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX
@Alternate Data Stream - 1217 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr
@Alternate Data Stream - 1206 bytes -> C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1088 bytes -> C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 09.10.2013 19:42:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,13 Gb Available Physical Memory | 84,47% Memory free
23,98 Gb Paging File | 21,81 Gb Available in Paging File | 90,95% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273,20 Gb Total Space | 17,66 Gb Free Space | 6,46% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 313,53 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 6,35 Gb Free Space | 1,36% Space Free | Partition Type: NTFS
Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{041BCE83-F0B9-42D1-98BE-DDB265046063}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{0805053A-2D43-46DB-B6E8-C95866660227}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{0EC80031-90A4-47C4-9AF6-50E38B75A54B}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{0F0D9157-BC97-4A28-9567-A415DE507C11}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{17C41F29-DD98-478C-A980-412CA94CA2C0}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{1B3A2FEC-0698-4C0D-BB3D-22CAAF787117}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{21463FB6-1085-48F8-9205-48761E89DDBE}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{2815342B-CB9F-4B0F-8C16-0836C3C21267}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2F9DF250-BCED-43F5-9F69-4722BA5895EC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{30E90380-F1DF-4901-A56C-2D139EC694D1}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{365C43FD-1ED3-4691-BD37-225EC7E54053}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3B7B4058-3EA7-4774-A62E-1B0F20D50C6F}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
"{4955C946-9F15-469B-8B89-DE4CF9D748DE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{53B88C47-6B5D-4469-AD9F-1717E374E805}" = lport=6881 | protocol=6 | dir=in | name=war thunder | 
"{5AE90831-8968-482E-815E-B62FA82CA4DC}" = lport=58450 | protocol=6 | dir=in | name=pando media booster | 
"{5C3E00E0-90A5-4860-97E9-01BD041CFB1F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{5C9FD667-CA31-4590-8763-62C0D354001D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{610A475D-04CE-41DC-9DB9-21DD0C4380B6}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6306A43C-7079-4C06-A5FC-BDBC8E7845E8}" = lport=58450 | protocol=17 | dir=in | name=pando media booster | 
"{66F3C3EC-F97B-4AB9-A52F-DE90A0FF84D2}" = lport=27022 | protocol=6 | dir=in | name=war thunder | 
"{69D713A9-FEDC-4863-9FDF-A9DA627ABDF6}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{6C21A427-567D-4834-8C34-0FA68FA01E65}" = lport=33333 | protocol=6 | dir=in | name=war thunder | 
"{6E91E018-6D08-4F28-B83A-F97215F2BDCA}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{6E9FF070-27A5-4C7E-B7E5-5A26D15317D1}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{72181C67-C0E7-4502-91B3-014CDB4FE2CA}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{838C401F-6CA0-4185-BC51-CD883082FCB5}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{96C3713B-196C-418E-AE7C-CB84EFC9C457}" = lport=443 | protocol=6 | dir=in | name=war thunder | 
"{9A0C4E94-4384-475F-84FF-583F564C38DC}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{A05CAD94-3CE1-4AEA-AA0C-1A7A0E0BCFCB}" = lport=7850 | protocol=6 | dir=in | name=war thunder | 
"{AAF928B3-6249-4ADA-96E3-5E8B463C7318}" = lport=20010 | protocol=17 | dir=in | name=war thunder | 
"{ABDE700B-565F-4D3E-81EE-FED88D82F7DE}" = lport=80 | protocol=6 | dir=in | name=war thunder | 
"{C8650C6D-76E7-4EFC-8344-63995A1077C6}" = lport=20443 | protocol=6 | dir=in | name=war thunder | 
"{D3FAACCA-4B0B-4E1D-AE9F-18E53669AA38}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{D995391C-FB24-4D35-94B5-E6CCBB9713AB}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D9E68CE7-5CDC-4C5B-B415-80D0BBC033C5}" = lport=3478 | protocol=17 | dir=in | name=war thunder | 
"{DA058CD9-40ED-43BA-A059-20E7F3CF68DA}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{DB460ABC-21A0-4747-B0B8-5BFB3041AB75}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8825B2F-13A2-4046-86B5-6A30668ECD85}" = lport=58450 | protocol=17 | dir=in | name=pando media booster | 
"{EB2F7BA6-18A1-46DF-AC0D-B7DA18BA583B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F1462203-C1F7-4687-A23C-85BA2914B8EB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F1A05989-01CE-4803-80E3-37887A65FB09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F8B62395-FFB8-4EDC-8C26-5364811074EC}" = lport=8090 | protocol=6 | dir=in | name=war thunder | 
"{FA0C5556-BFA4-43A2-B3D6-DBFD37ED810F}" = lport=58450 | protocol=6 | dir=in | name=pando media booster | 
"{FBEEF205-9E30-4CF0-99CE-AC321FB70BAD}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01BD868C-FD52-4933-B88A-C8417DFE13BD}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | 
"{0275CBC9-B9BB-40D6-B2CB-059DA4F2CC7F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 
"{031CD01C-3FB8-4A03-82B4-1B49CC5B9D85}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{049DAD6C-F750-415B-8CAF-D38814DA0F87}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{0513EA52-9DC4-4FB7-82D5-33AD118AFD13}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{05C72326-50DE-43C5-9CBE-29726CFE721E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{08070037-EE8D-4D55-A57B-97EAE4D4C3F8}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{0F8E0939-6F0E-43BC-A7D9-303BE8F2BB7E}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{113419EF-5D14-469B-AE21-CF469CB0E222}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
"{12917B2D-C70C-4961-9784-C9B51F489016}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{16808560-D3CC-4BAD-8BE6-2AD598DBE107}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{1A5F6987-38B6-46D4-84DF-0C396DC3AF92}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{1ADABC35-509D-429B-8CB9-69F9599C2ED0}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{1B89B5D8-057C-4B2A-B2BA-CC9FFEFC3813}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\starcraft ii public test.exe | 
"{1EDBC7DB-4604-49C8-8E98-FA3330750C00}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{21F34AFA-67E9-4D68-9A08-3ECD20CD353C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe | 
"{2278786D-13E6-4E1F-9CAE-5946B7F92382}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{23AE1166-4F85-48E0-8835-AE3B1832A7DF}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{26957A25-D5B8-4D50-B427-B5E901DF06CF}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\starcraft ii.exe | 
"{2828F2F1-FF4B-435A-9C1A-A43A61E22CEF}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{2C0938F1-97BA-4CEE-9F1E-A4CF9D6EFA24}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | 
"{2ED26C03-0F60-4DB8-838C-B05D6942A7E1}" = dir=in | app=c:\windows\system32\hasplms.exe | 
"{3090C7B3-06AE-416C-BF48-E08C473D38B0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{336FE4D9-B5C5-433B-ACA2-48FE99F38072}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{34322A03-4144-4FCF-B157-C748FEFDE7F3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{385C7191-8E30-4D59-B368-BB5C1BEF498B}" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"{43B288F5-130B-406E-A447-F17F79D32344}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{45D18C22-76C0-4176-9671-C58D88BD8F18}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{4A88F78F-4876-4AFE-BD47-B77DEC2296F4}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{4CBE7146-A7E6-47CE-A1A8-B5540A3F7B51}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{4ED9F4EC-2ED8-4948-A690-740B1CC70F77}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{4F09FA49-E30A-4F12-A22A-4A364DF84DE9}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\starcraft ii.exe | 
"{517D58F3-7967-4A20-A21A-93DE266419AA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{51C99D30-A920-4286-B8EA-EF769339FECE}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{533B6B7F-079E-4255-BFE6-9C8895A6127E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{562C9129-D4C2-4F77-A8D4-AE0CA62D89A1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\war thunder\launcher.exe | 
"{58BB5F4C-509B-43AA-86B9-D9B224ACCA37}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{609AACF0-4FF7-463B-9A09-55349F6F6FD6}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{627F33BA-D876-4266-8710-F86180498D0D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{6350022A-7BFF-4B72-B05D-627DE0424078}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{63855988-6EC1-45DA-AAE2-66172D85BB65}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{63FFD871-9CBD-4D11-B688-872CE95B2172}" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | 
"{64B1F469-0617-41DA-B24A-C3ACF668D1A4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{685E88BB-7A53-48C4-8533-E58BD32A470B}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{6B6DB0F4-33DE-4421-BE5F-A53B82945762}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6BEA41D0-7BAA-4B8D-9521-98ED5C07BEE9}" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | 
"{6C4DADBF-00D2-42C0-86DE-31A9F09853C8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{6D770FB3-9FCE-42E6-A7F6-07A812A221D6}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe | 
"{6F708AA9-F12C-48DA-AB81-91D7E8DD3BE4}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"{717652E7-E9D8-4E28-BD0B-BD588A355D69}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{72C0C221-D09E-4E7C-8971-F624C329F2FC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{7343813F-51F7-45D7-A98E-8130638C9293}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{73C7AA5E-6C07-4BEB-BE46-3EF4525E1ED6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{76BA101E-437A-4207-BC67-2A631856840C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{7A5BD92E-60E8-4520-8AA3-22897019673C}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{7BA40122-01DA-4B85-A646-745159EECEA4}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{7C592E07-DB00-41F3-B551-9F1E32119350}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3sp.exe | 
"{814DF18C-641E-4F1E-9882-8071B5EB3EC4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{824F6E93-7DDA-4E50-A736-E940D34E4DC8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{85B9F90F-214D-4CED-801C-0F840483CE06}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{8A0A3ED0-F350-47C2-A937-C7A20B80DF6F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8BF32488-7DEE-44F9-8932-ACEDE15F92E6}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{8EFB36D1-6693-41A5-8CE0-056D27DE3655}" = protocol=17 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"{993BDBF9-A5A7-4302-82CE-5D661DB643A8}" = protocol=6 | dir=out | app=system | 
"{9A7E9D20-B845-451C-815C-350B4C098E02}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\lightworks.exe | 
"{A2D30372-E6E7-4904-9DBB-479436C9429E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\ac3mp.exe | 
"{A33DE1A7-7E99-4034-A971-CB38223E8D17}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"{A3C8F432-459F-4CC2-BE53-93C50D170876}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{A8F9240A-862F-4C84-92D6-0E5FC3BDE145}" = protocol=6 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{AACC15C5-0AC0-47C8-8016-9A674473C726}" = protocol=6 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
"{ABFF51FE-6B79-42D1-9B08-A751B800ABAA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{ACEBA7E2-7200-44B1-920C-B2D0CE527800}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"{AFD4055D-F339-414C-BB98-E0D1FA32A14D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{B2800A25-F1F6-4283-B0C2-8465D531105D}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"{B61DC346-C285-40D4-98BA-2045B6AEB7AB}" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"{B62DE640-DF77-4BB3-982E-F50D044A4FBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{B65C42C8-1112-4D6E-B1E1-717D303883C9}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{B6AC4BA6-CA25-414B-B9F2-A4F73BB2A11B}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe | 
"{B972066D-7D0C-4850-8884-DBBCE549C225}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BB1899E8-109E-4659-9A63-A1D6382EA45C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{BB45FFF7-47B0-4784-86EF-DBEE8FAD0376}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{BCCEC534-81AF-4A8E-A43C-39B7227E373F}" = protocol=6 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"{BF0A0A04-B9F7-4E9C-AD0F-EBA278CD6633}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{BFB338AC-DAC6-4126-A911-49812FC824E9}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{BFE19329-87FC-4ED1-ACED-36663644AEB8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{C0F3A06C-820D-483B-ADE2-EC6D5393A180}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe | 
"{C23EC837-13D8-49EE-B9A4-CE7A4CBA51EE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{C3E6226C-5ADA-4AA6-AA96-6158FBE622C8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"{C4495D5B-EE5B-4481-8335-7A963D1E7924}" = protocol=17 | dir=in | app=c:\program files (x86)\vmware\vmware workstation\vmware-authd.exe | 
"{C6CCC671-4726-4472-A5ED-76116B5BE22F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war ii - retribution\dow2.exe | 
"{C71F4C5E-35A1-4B01-B759-5C46E6150102}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C783DB10-C5A0-4831-ACB8-0A19E4E91CFF}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe | 
"{CAC30814-02A9-4CD3-BE40-B4CFF458BDD2}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CC3ECC34-D6EB-4084-B62C-34D7704C679A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{CDD89E04-545E-4727-9300-5FDC44B397DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\warhammer 40,000 space marine\spacemarine.exe | 
"{CE5602DF-7B9F-40BE-B2A4-EDA5EC5ADEBE}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{CF75015E-0144-4023-923C-06F46C04CBCC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D09D215C-46C1-4F01-B338-ED6AAF2BBB5C}" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | 
"{D3F88BFE-7A6D-48B4-A3F6-542B7779CA64}" = protocol=17 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{D5788B80-9F9A-40AD-8AF4-FFCB7AF9046C}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\reliccoh.exe | 
"{DD7B4AB7-F33E-4999-B372-377ECADDE39E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DD96DCD5-A4A8-46DF-BF93-1F74871162D4}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{DDFB45FF-8963-4491-9C53-CFB9927CAEB2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{E4A5EC19-BD79-453F-90C3-522EB18FE925}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E56B7801-1C2E-4A58-930D-7A98EA4A221A}" = protocol=17 | dir=in | app=c:\program files (x86)\lightworks\ntcardvt.exe | 
"{E9921D88-D850-436A-A819-94F9989F2080}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EDB12D78-262B-4031-8CB6-3DE923853FBA}" = protocol=6 | dir=in | app=c:\program files (x86)\thq\company of heroes\relicdownloader\relicdownloader.exe | 
"{F11D0917-2FAA-44D2-A4C3-0CCD38DADECD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\aoeonline.exe | 
"{F12251A2-9809-4851-92EC-668D3D394601}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed iii\assassinscreed3.exe | 
"{F3415043-5083-4638-A372-146D50E4B1F8}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{F40F5E1C-8B56-4DE7-A7DF-7C2B30A1E022}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{F5EE74CE-2E58-41C4-82B7-17DF64A2F074}" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"{FB0C2BA0-FE50-4750-9E24-E71E8AEF954E}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{FC9C145A-A02D-426E-84BC-E66E0DA3733D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FCC736DC-1ED3-4BFC-A248-096608C2E0CE}" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\starcraft ii public test.exe | 
"{FCD5E02C-834D-4ACF-9B6F-02E8DDD27F7D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dawn of war 2\dow2.exe | 
"{FE9A56DC-1D68-420D-84E0-B6C07A00B448}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 
"{FEB7362F-9909-4C1B-8841-7448E736BB01}" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\launcher.exe | 
"TCP Query User{0277EAEB-C7DA-4306-B961-EB9BD1007115}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{06D130BD-7E7A-41E1-8A9C-565650BA6C2E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{139EF40A-EDBA-48A6-9F24-1A4FBB95012C}C:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe | 
"TCP Query User{2FBDD666-3D9C-47A1-B4E1-B953E0EFD5CA}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"TCP Query User{3209600D-473D-4F8D-B37D-94E94C5F619F}C:\program files (x86)\war thunder\aces.exe" = protocol=6 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | 
"TCP Query User{3E28EB28-1E84-4FE4-8C79-9E8ABBB1A90F}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=6 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"TCP Query User{8091DD60-F51C-4B73-867C-0EBA126ECFF5}C:\users\*****\appdata\roaming\paabyw\yxeno.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\paabyw\yxeno.exe | 
"TCP Query User{8374D1FF-91B9-4A66-8970-AC1B87B2BF5F}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 
"TCP Query User{A14AC6B5-838E-46DA-9C72-A28EDD9137A0}C:\users\*****\appdata\roaming\rybe\pays.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\rybe\pays.exe | 
"TCP Query User{A741BADC-D60A-4462-BBCB-6B250AB57B45}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | 
"TCP Query User{A8AF028F-6634-4CAC-8A2A-638A99DF4D73}D:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"TCP Query User{C78436BC-8D98-463D-A144-2EBDEBEDCEFA}E:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{D1032DF4-5673-428D-9C77-D45EBD65216D}C:\users\*****\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | 
"TCP Query User{FDF857FF-268E-41F6-9647-29278D088F37}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{1779D395-10B6-44F5-8002-1BD1E854FE1A}C:\program files (x86)\war thunder\aces.exe" = protocol=17 | dir=in | app=c:\program files (x86)\war thunder\aces.exe | 
"UDP Query User{4C008A4B-2271-4208-817E-23CD14707C16}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 
"UDP Query User{84B6DCBD-1008-41F1-B58E-47547DCC3245}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{88D1FC30-1D23-4F90-AA3B-22EE2A2BD08E}C:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\microsoft\windows\temporary internet files\content.ie5\7jrjab1y\diablo-iii-setup-dede.exe | 
"UDP Query User{8E3F20B3-91B4-4E6A-8EFB-B9B33647F10D}C:\users\*****\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\local\temp\gw2.exe | 
"UDP Query User{A72B61F8-1873-4695-89F4-4EFBA1514353}C:\users\*****\appdata\roaming\rybe\pays.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\rybe\pays.exe | 
"UDP Query User{A860AB25-5E62-4881-AA33-AB62630A233E}E:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe" = protocol=17 | dir=in | app=e:\spiele\starcraft ii\sc2-x.x.x.x-1.5.0.22342-enus-downloader.exe | 
"UDP Query User{A8FC0A65-4EA9-41E5-AC53-3D4FCAC93336}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{AC261C5A-1244-4B32-B519-F3FB731AF317}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{B3DE29B2-E2EA-4367-8176-8EC66BCE62B2}C:\program files (x86)\marvell\raid\apache2\bin\httpd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\marvell\raid\apache2\bin\httpd.exe | 
"UDP Query User{B47A89E3-6E80-4A7A-89C5-88842902AD4E}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe | 
"UDP Query User{D560999C-09BF-4943-98E2-DB9D6AFE8356}E:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=e:\spiele\spiele\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{E6B865E6-9FA3-4412-B57B-6A9E6F903E4A}D:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dc universe online\unreal3\binaries\win32\dcgame.exe | 
"UDP Query User{F065CDF5-A64E-4BE4-BBC7-416D2BBBC73D}C:\users\*****\appdata\roaming\paabyw\yxeno.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\paabyw\yxeno.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1280E900-35DA-4E08-A700-B79A5B2B8532}" = Microsoft Antimalware Service DE-DE Language Pack
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{25613C10-27D2-410B-942B-D922D5C3A7BE}" = Interlok driver setup x64
"{35D00343-3BFA-46A1-C6DD-FFD770501E0B}" = AMD Drag and Drop Transcoding
"{57580625-C673-7FEA-8791-E84B7AAF5069}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{91A8C38A-0239-11E0-9658-189EDFD72085}" = M-Audio FastTrack Driver 6.0.6 (x64)
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DC911ADF-7B60-40F2-A112-FB1EB6402D07}" = Microsoft Security Client DE-DE Language Pack
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003BFBBD-6C67-419E-A24D-0DCAFC3A5249}" = tools-freebsd
"{02FCAA8F-59D3-4198-822E-135C61EE4F0B}" = NeroKwikMedia Help (CHM)
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08C8666B-C502-4AB3-B4CB-D74AC42D14FE}" = Nero BackItUp 10 Help (CHM)
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{16987E99-C95C-4513-9239-7B44A0A71DB5}" = Nero SoundTrax 10 Help (CHM)
"{197597A7-AD33-4898-9D8E-73066818B464}" = tools-netware
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83217040FF}" = Java 7 Update 40
"{277C1559-4CF7-44FF-8D07-98AA9C13AABD}" = Nero Multimedia Suite 10
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{329411A0-19F3-4740-874F-17400B126F27}" = Nero Vision 10 Help (CHM)
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{371F27A1-9502-4762-AE97-1C1938B21055}" = Avid Pro Tools SE 8.0.3
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{52C7650B-B2A0-4682-BDBE-CDEFE0522F4F}" = PC VGA Camer@
"{5508128A-2C7B-46B5-81F9-58E8E8115F0B}" = AdblockIE
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{58CB9A9A-1EFB-4EA8-B50C-3097E754AC21}" = High-Definition Video Playback
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{63AA3EAB-23BB-48B2-9AD0-44F878075604}" = Nero 10 Menu TemplatePack Basic
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{67ED38A3-4882-448B-B44D-3428AB00D7D5}" = Acronis*True*Image*Home
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79361740-EAE3-11E2-9911-B8AC6F98CCE3}" = Google Earth Plug-in
"{7A295D8F-484B-4FFB-89AB-C1FD497591FE}" = Nero WaveEditor 10 Help (CHM)
"{7A5D731D-B4B3-490E-B339-75685712BAAB}" = Nero Burning ROM 10
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{8ECEC853-5C3D-4B10-B5C7-FF11FF724807}" = Nero Recode 10
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.STANDARDR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.STANDARDR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.STANDARDR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.STANDARDR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.STANDARDR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.STANDARDR_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.STANDARDR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.STANDARDR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.STANDARDR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2010
"{91140000-0012-0000-0000-0000000FF1CE}_Office14.STANDARDR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4297F3-2A51-4ED9-92CA-4BCB8380947E}" = Nero Vision 10
"{9B6B24BE-80E7-46C4-9FA5-B167D5E0F345}" = Nero BurningROM 10 Help (CHM)
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.06
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A2S166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A3FF5CB2-FB35-4658-8751-9EDE1D65B3AA}" = VMware Workstation
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AB1C87CB-1807-4CF0-B4C2-CEE14C18CDB4}" = tools-solaris
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AE0F62A7-A1A2-407F-9F4C-48939BD9AD8D}" = tools-winPre2k
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C3580AC4-C827-4332-B935-9A282ED5BB97}" = Nero Dolby Files 10
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D102611A-6466-4101-A51D-51069303AC65}" = tools-linux
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{DB7C1D4A-08BA-4C7E-A8AA-B7F9BB372DCF}" = Nero Recode 10 Help (CHM)
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E1EE5339-5D32-458F-BAAB-B19F6301BCE2}" = Nero SoundTrax 10
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{EB1B8449-CD8F-485B-ADB6-02FBCFE180D3}" = Razer DeathAdder(TM) Mouse
"{ed8deea4-29fa-3932-9612-e2122d8a62d9}}_is1" = War Thunder Launcher 1.0.1.199
"{EDCDFAD5-DF80-4600-A493-E9DAD6810230}" = Nero WaveEditor 10
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FCF00A6E-FB58-477A-ABE9-232907105521}" = Nero CoverDesigner 10
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD9383C-01D5-4897-A954-43AF599AED30}" = tools-windows
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMWLANCLI" = AVM FRITZ!WLAN
"Battlelog Web Plugins" = Battlelog Web Plugins
"Browser Defender_is1" = Browser Defender 2.0.6.15
"Company of Heroes" = Company of Heroes
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.0.128
"Guild Wars 2" = Guild Wars 2
"Host OpenAL (ADI)" = Host OpenAL (ADI)
"InstallShield_{52C7650B-B2A0-4682-BDBE-CDEFE0522F4F}" = PC VGA Camer@
"KLiteCodecPack_is1" = K-Lite Codec Pack 9.9.5 (Basic)
"mv61xxDriver" = marvell 61xx
"Office14.STANDARDR" = Microsoft Office Standard 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Security Task Manager" = Security Task Manager 1.8d
"Spyware Doctor" = Spyware Doctor 7.0
"SpywareBlaster_is1" = SpywareBlaster 5.0
"StarCraft II" = StarCraft II
"Steam App 105430" = Age of Empires Online
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 236390" = War Thunder
"Steam App 24200" = DC Universe Online
"Steam App 49520" = Borderlands 2
"Steam App 55150" = Warhammer 40,000 Space Marine
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 570" = Dota 2
"Uplay" = Uplay
"uTorrent" = µTorrent
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.0
"VMware_Workstation" = VMware Workstation
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 24.06.2013 04:28:27 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 25.06.2013 21:48:14 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 26.06.2013 13:46:54 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 27.06.2013 16:05:45 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 28.06.2013 17:24:29 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 29.06.2013 18:14:23 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 30.06.2013 07:34:56 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.07.2013 14:36:42 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2013 13:32:08 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.07.2013 22:25:09 | Computer Name = *****-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 09.10.2013 13:44:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:44:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:45:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:45:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:46:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:46:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:47:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:47:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:48:10 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
Error - 09.10.2013 13:48:40 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%127
 
 
< End of report >
         
Info: Habe erst während des Scans festgestellt, dass Security Essentials noch aktiv war. Hätte ich das besser ausgeschaltet / soll ichs nochmal mit deaktiviertem SE scannen?

Alt 09.10.2013, 20:46   #10
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Ok, das passt. Dann im Admin-Konto weiter wie folgt:


Schritt 1

Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.




Schritt 2

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.
__________________
cheers,
Leo

Alt 10.10.2013, 07:32   #11
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hi Leo,

hier die Logfiles:

Code:
ATTFilter
ComboFix 13-10-09.01 - Administrator 10.10.2013   7:54.1.8 - x64
ausgeführt von:: c:\users\Administrator\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\4wcl7hv.plz
c:\programdata\dsgsdgdsgdsgw.pad
c:\programdata\vh7lcw4.pzz
c:\users\*****\3730873.exe
c:\users\*****\AppData\Local\Google\Chrome\User Data\Default\Preferences
c:\users\*****\npwmsdrm.dll
c:\windows\npwmsdrm.dll
D:\install.exe
.
.
(((((((((((((((((((((((   Dateien erstellt von 2013-09-10 bis 2013-10-10  ))))))))))))))))))))))))))))))
.
.
2013-10-10 06:00 . 2013-10-10 06:00	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-10-10 06:00 . 2013-10-10 06:00	--------	d-----w-	c:\users\*****\AppData\Local\temp
2013-10-08 22:57 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{A3B20919-56B4-444B-A0D3-C65A7F9B6497}\mpengine.dll
2013-10-08 18:31 . 2013-10-08 18:31	--------	d-----w-	C:\FRST
2013-10-08 00:03 . 2013-10-08 00:05	--------	d-----w-	c:\windows\system32\MRT
2013-10-07 23:52 . 2013-10-07 23:52	--------	d-sh--w-	c:\windows\SysWow64\%APPDATA%
2013-10-07 23:51 . 2013-07-19 01:58	2048	----a-w-	c:\windows\system32\tzres.dll
2013-10-07 23:51 . 2013-07-19 01:41	2048	----a-w-	c:\windows\SysWow64\tzres.dll
2013-10-07 23:51 . 2013-07-09 05:52	224256	----a-w-	c:\windows\system32\wintrust.dll
2013-10-07 23:51 . 2013-07-09 05:46	1472512	----a-w-	c:\windows\system32\crypt32.dll
2013-10-07 23:51 . 2013-07-09 04:52	175104	----a-w-	c:\windows\SysWow64\wintrust.dll
2013-10-07 23:51 . 2013-07-09 04:46	1166848	----a-w-	c:\windows\SysWow64\crypt32.dll
2013-10-07 23:51 . 2013-07-09 05:46	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2013-10-07 23:51 . 2013-07-09 05:46	139776	----a-w-	c:\windows\system32\cryptnet.dll
2013-10-07 23:51 . 2013-07-09 04:46	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2013-10-07 23:51 . 2013-07-09 04:46	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2013-10-07 23:47 . 2013-10-07 23:47	--------	d-----w-	c:\programdata\Licenses
2013-10-07 23:47 . 2009-03-24 10:52	129872	----a-w-	c:\windows\SysWow64\MSSTDFMT.DLL
2013-10-07 23:47 . 2013-10-07 23:49	--------	d-----w-	c:\program files (x86)\SpywareBlaster
2013-10-07 23:40 . 2013-10-07 23:40	--------	d-----w-	c:\programdata\Oracle
2013-10-07 23:40 . 2013-10-07 23:40	--------	d-----w-	c:\program files (x86)\Common Files\Java
2013-10-07 23:40 . 2013-10-07 23:39	868264	----a-w-	c:\windows\SysWow64\npDeployJava1.dll
2013-10-07 23:39 . 2013-10-07 23:39	96168	----a-w-	c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-10-07 23:39 . 2013-10-07 23:39	--------	d-----w-	c:\program files (x86)\Java
2013-10-07 23:24 . 2013-10-07 23:25	--------	d-----w-	C:\AdwCleaner
2013-10-07 23:18 . 2013-10-07 23:18	--------	d-----w-	c:\users\Administrator\AppData\Local\Threat Expert
2013-10-07 23:15 . 2013-10-07 23:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\ATI
2013-10-07 23:15 . 2013-10-07 23:15	--------	d-----w-	c:\users\Administrator\AppData\Local\ATI
2013-10-07 23:15 . 2013-10-07 23:15	--------	d-----w-	c:\users\Administrator\AppData\Roaming\Razer
2013-10-07 23:15 . 2013-10-07 23:15	--------	d-----w-	c:\users\Administrator\AppData\Local\Logitech
2013-10-07 23:02 . 2013-10-10 06:02	--------	d-----w-	c:\programdata\VMware
2013-10-07 20:25 . 2013-09-05 05:32	9694160	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-09-29 11:43 . 2013-09-29 12:04	--------	d-----w-	c:\users\*****\AppData\Local\SCE
2013-09-10 18:17 . 2013-09-10 18:19	--------	d-----w-	c:\users\*****\AppData\Roaming\PACE Anti-Piracy
2013-09-10 18:17 . 2013-09-10 18:17	--------	d-----w-	c:\users\*****\AppData\Local\PACE Anti-Piracy
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-10-10 05:45 . 2012-11-12 11:57	692616	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2013-10-10 05:45 . 2012-03-01 21:23	71048	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-10-10 05:45 . 2012-11-12 12:45	17813896	----a-w-	c:\windows\SysWow64\FlashPlayerInstaller.exe
2013-10-07 23:39 . 2012-03-04 16:42	790440	----a-w-	c:\windows\SysWow64\deployJava1.dll
2013-09-15 17:53 . 2013-03-21 22:29	76888	----a-w-	c:\windows\SysWow64\PnkBstrA.exe
2013-09-15 17:52 . 2013-03-22 21:58	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.xtr
2013-09-15 17:52 . 2013-03-21 22:29	281392	----a-w-	c:\windows\SysWow64\PnkBstrB.exe
2013-09-06 21:37 . 2013-09-06 21:37	965008	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{D63563FB-9D56-4649-8722-020D83192E35}\gapaengine.dll
2013-09-01 15:08 . 2012-03-01 21:15	79143768	----a-w-	c:\windows\system32\MRT.exe
2013-08-22 20:33 . 2012-06-13 06:11	941720	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\NISBackup\gapaengine.dll
2013-08-20 17:54 . 2013-03-21 22:29	189248	----a-w-	c:\windows\SysWow64\PnkBstrB.ex0
2013-08-20 09:16 . 2013-08-20 17:53	3123272	----a-w-	c:\windows\SysWow64\pbsvc.exe
2013-08-02 01:48 . 2013-10-07 23:50	44032	----a-w-	c:\windows\apppatch\acwow64.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="c:\program files (x86)\Analog Devices\Core\smax4pnp.exe" [2009-06-05 1310720]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"vmware-tray"="c:\program files (x86)\VMware\VMware Workstation\vmware-tray.exe" [2011-03-25 129648]
"DigidesignMMERefresh"="c:\program files (x86)\Digidesign\Drivers\MMERefresh.exe" [2010-06-23 77824]
"DeathAdder"="c:\program files (x86)\Razer\DeathAdder\razerhid.exe" [2011-03-21 248320]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-07-02 254336]
.
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
vh7lcw4.lnk - c:\windows\System32\rundll32.exe c:\progra~3\4wcl7hv.plz,GL300 [2009-7-14 45568]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 ajlvsasx;ajlvsasx;c:\windows\system32\drivers\ajlvsasx.sys;c:\windows\SYSNATIVE\drivers\ajlvsasx.sys [x]
R1 crtjnuyc;crtjnuyc;c:\windows\system32\drivers\crtjnuyc.sys;c:\windows\SYSNATIVE\drivers\crtjnuyc.sys [x]
R1 eaarkkjg;eaarkkjg;c:\windows\system32\drivers\eaarkkjg.sys;c:\windows\SYSNATIVE\drivers\eaarkkjg.sys [x]
R1 ktmujbzd;ktmujbzd;c:\windows\system32\drivers\ktmujbzd.sys;c:\windows\SYSNATIVE\drivers\ktmujbzd.sys [x]
R1 ptqllcii;ptqllcii;c:\windows\system32\drivers\ptqllcii.sys;c:\windows\SYSNATIVE\drivers\ptqllcii.sys [x]
R1 rlffuili;rlffuili;c:\windows\system32\drivers\rlffuili.sys;c:\windows\SYSNATIVE\drivers\rlffuili.sys [x]
R1 rmtofanc;rmtofanc;c:\windows\system32\drivers\rmtofanc.sys;c:\windows\SYSNATIVE\drivers\rmtofanc.sys [x]
R1 ubqgdokm;ubqgdokm;c:\windows\system32\drivers\ubqgdokm.sys;c:\windows\SYSNATIVE\drivers\ubqgdokm.sys [x]
R1 varehocl;varehocl;c:\windows\system32\drivers\varehocl.sys;c:\windows\SYSNATIVE\drivers\varehocl.sys [x]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe;c:\program files (x86)\Skype\Updater\Updater.exe [x]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys;c:\windows\SYSNATIVE\drivers\avmeject.sys [x]
R3 CYUSB;Cypress Generic USB Driver;c:\windows\system32\Drivers\CYUSB.sys;c:\windows\SYSNATIVE\Drivers\CYUSB.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys;c:\windows\SYSNATIVE\drivers\dmvsc.sys [x]
R3 FWLANUSB;AVM FRITZ!WLAN;c:\windows\system32\DRIVERS\fwlanusb.sys;c:\windows\SYSNATIVE\DRIVERS\fwlanusb.sys [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 rzdaendpt;Razer DeathAdder end point;c:\windows\system32\DRIVERS\rzdaendpt.sys;c:\windows\SYSNATIVE\DRIVERS\rzdaendpt.sys [x]
R3 rzvkeyboard;Razer Virtual Keyboard Driver;c:\windows\system32\DRIVERS\rzvkeyboard.sys;c:\windows\SYSNATIVE\DRIVERS\rzvkeyboard.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R4 sdAuxService;PC Tools Auxiliary Service;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe;c:\program files (x86)\Spyware Doctor\pctsAuxs.exe [x]
S0 mv64xx;mv64xx;c:\windows\system32\DRIVERS\mv64xx.sys;c:\windows\SYSNATIVE\DRIVERS\mv64xx.sys [x]
S0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore64.sys;c:\windows\SYSNATIVE\drivers\PCTCore64.sys [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys;c:\windows\SYSNATIVE\DRIVERS\tdrpm273.sys [x]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [x]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys;c:\windows\SYSNATIVE\drivers\aksdf.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe;c:\windows\SYSNATIVE\atiesrxx.exe [x]
S2 Browser Defender Update Service;Browser Defender Update Service;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe;c:\program files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe [x]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run;c:\windows\SYSNATIVE\hasplms.exe  -run [x]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe;c:\program files (x86)\Nero\Update\NASvc.exe [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [x]
S2 vmci;VMware vmci;c:\windows\system32\drivers\vmci.sys;c:\windows\SYSNATIVE\drivers\vmci.sys [x]
S2 VMUSBArbService;VMware USB Arbitration Service;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe;c:\program files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe [x]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys;c:\windows\SYSNATIVE\DRIVERS\afcdp.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys;c:\windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 danewFltr;NewDeathAdder Mouse;c:\windows\system32\drivers\danew.sys;c:\windows\SYSNATIVE\drivers\danew.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys;c:\windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys;c:\windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 MAUSBFASTTRACK;Service for M-Audio FastTrack;c:\windows\system32\DRIVERS\MAudioFastTrack.sys;c:\windows\SYSNATIVE\DRIVERS\MAudioFastTrack.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys;c:\windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 rzudd;Razer Keyboard Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 VKbms;Virtual HID Minidriver;c:\windows\system32\DRIVERS\VKbms.sys;c:\windows\SYSNATIVE\DRIVERS\VKbms.sys [x]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-10-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-11-12 05:45]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 15:25]
.
2013-10-10 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-07-21 15:25]
.
2013-10-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000Core.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 15:30]
.
2013-10-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000UA.job
- c:\users\*****\AppData\Local\Google\Update\GoogleUpdate.exe [2012-08-05 15:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAAnotif"="c:\program files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe" [2009-06-04 186904]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2010-12-11 358944]
"M-Audio Taskbar Icon"="c:\windows\system32\M-AudioTaskBarIcon.exe" [2010-12-07 798728]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2011-12-07 5889816]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2013-01-27 1281512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
LSP: c:\program files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll
LSP: c:\program files (x86)\VMware\VMware Workstation\vsocklib.dll
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{C4415769-1588-4AD6-9624-B2E69DB78D1A} - (no file)
BHO-{EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
AddRemove-VMware_Workstation - c:\programdata\VMware\VMware Workstation\Uninstaller\uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{472734EA-242A-422B-ADF8-83D1E48CC825}"=hex:51,66,7a,6c,4c,1d,3b,1b,fa,2b,35,
   5d,1a,75,4c,0c,b3,f7,c3,91,e0,ce,8a,38
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,3b,1b,0c,17,cd,
   02,9d,b9,e4,0c,bb,99,ba,17,88,6c,ff,de
"{2A0F3D1B-0909-4FF4-B272-609CCE6054E7}"=hex:51,66,7a,6c,4c,1d,3b,1b,0b,22,1d,
   30,39,58,93,01,ac,7d,20,dc,ca,22,16,fa
"{53707962-6F74-2D53-2644-206D7942484F}"=hex:51,66,7a,6c,4c,1d,3b,1b,72,66,62,
   49,44,3e,34,63,38,4b,60,2d,7d,00,0a,52
"{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}"=hex:51,66,7a,6c,4c,1d,3b,1b,ab,88,06,
   6c,c0,87,4b,08,a8,e4,94,9a,f5,9b,6f,5e
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,3b,1b,74,cb,22,
   8a,32,1d,d8,04,90,c3,11,24,72,4a,21,db
"{90EFF544-3981-4D46-85C9-C0361D0931D6}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,ea,fd,
   8a,b1,68,21,03,9b,c6,80,76,19,4b,73,cb
"{B4F3A835-0E21-4959-BA22-42B3008E02FF}"=hex:51,66,7a,6c,4c,1d,3b,1b,25,b7,e1,
   ae,11,5f,3e,07,a4,2d,02,f3,04,cc,40,e2
"{DBC80044-A445-435B-BC74-9C25C1C588A9}"=hex:51,66,7a,6c,4c,1d,3b,1b,54,1f,da,
   c1,75,f5,3c,0d,a2,7b,dc,65,c5,87,ca,b4
"{EE932B49-D5C0-4D19-A3DA-CE0849258DE6}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,34,81,
   f4,f0,84,7e,03,bd,d5,8e,48,4d,67,cf,fb
.
[HKEY_USERS\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:35,17,e3,eb,78,c4,ce,01
.
[HKEY_USERS\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,2b,ad,d6,53,b4,4d,4f,80,97,e5,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,b8,2b,ad,d6,53,b4,4d,4f,80,97,e5,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_9_900_117_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_9_900_117.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
c:\windows\system32\hasplms.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
c:\program files (x86)\VMware\VMware Workstation\vmware-authd.exe
c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
c:\program files (x86)\Razer\DeathAdder\razertra.exe
c:\program files (x86)\Razer\DeathAdder\razerofa.exe
c:\program files (x86)\Razer\DeathAdder\vdDaemon.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-10-10  08:13:37 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-10-10 06:13
.
Vor Suchlauf: 11 Verzeichnis(se), 18.532.544.512 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 20.958.351.360 Bytes frei
.
- - End Of File - - F5F1E32134A5E803033A6649432EE4E3
87D88FA4D3EFD4431866EA91949644BF
         
Code:
ATTFilter
OTL logfile created on: 10.10.2013 08:17:03 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Administrator\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
11,99 Gb Total Physical Memory | 10,01 Gb Available Physical Memory | 83,48% Memory free
23,98 Gb Paging File | 21,87 Gb Available in Paging File | 91,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 273,20 Gb Total Space | 19,62 Gb Free Space | 7,18% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 313,55 Gb Free Space | 67,32% Space Free | Partition Type: NTFS
Drive E: | 465,76 Gb Total Space | 6,35 Gb Free Space | 1,36% Space Free | Partition Type: NTFS
Drive G: | 7,26 Gb Total Space | 7,26 Gb Free Space | 99,99% Space Free | Partition Type: FAT32
 
Computer Name: *****-PC | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.10.09 19:41:34 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Administrator\Desktop\OTL.exe
PRC - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
PRC - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
PRC - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2011.03.26 00:42:04 | 000,129,648 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
PRC - [2011.03.26 00:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe
PRC - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe
PRC - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
PRC - [2010.12.11 20:17:48 | 000,358,944 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe
PRC - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
PRC - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
PRC - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe
PRC - [2009.06.04 20:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.12.19 11:58:24 | 000,163,840 | ---- | M] (Razer Inc.) -- C:\Program Files (x86)\Razer\DeathAdder\razerofa.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.04.14 11:48:32 | 001,758,208 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\vdDaemon.exe
MOD - [2011.03.21 11:06:08 | 000,248,320 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe
MOD - [2010.04.27 14:41:26 | 000,218,112 | ---- | M] () -- C:\Program Files (x86)\Razer\DeathAdder\razertra.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.03.29 03:34:18 | 000,241,152 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.06.28 10:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV:64bit: - [2009.06.05 18:42:04 | 000,111,616 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\AEADISRV.EXE -- (AEADIFilters)
SRV - [2013.10.10 07:45:37 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.09.15 19:53:00 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.03.03 01:17:18 | 003,246,040 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe -- (afcdpsrv)
SRV - [2012.01.03 15:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.03.29 16:33:08 | 000,598,312 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.03.26 00:42:16 | 000,334,448 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnetdhcp.exe -- (VMnetDHCP)
SRV - [2011.03.26 00:42:00 | 000,404,080 | ---- | M] (VMware, Inc.) [Auto | Stopped] -- C:\Windows\SysWOW64\vmnat.exe -- (VMware NAT Service)
SRV - [2011.03.26 00:41:50 | 000,113,264 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-authd.exe -- (VMAuthdService)
SRV - [2011.03.25 23:27:40 | 000,539,248 | ---- | M] (VMware, Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator.exe -- (VMUSBArbService)
SRV - [2011.03.16 11:42:06 | 000,407,336 | ---- | M] (Valve Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.11 20:18:12 | 001,064,584 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2010.10.22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.08.19 14:57:14 | 000,191,024 | ---- | M] (VMware, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\VMware\VMware Workstation\vmware-ufad.exe -- (ufad-ws60)
SRV - [2010.06.24 01:40:36 | 000,077,824 | ---- | M] (Avid Technology, Inc..) [Auto | Running] -- C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.22 01:21:02 | 000,112,592 | ---- | M] (Threat Expert Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2010.01.18 14:14:24 | 001,141,712 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.12.09 15:23:34 | 000,365,280 | ---- | M] (PC Tools) [Disabled | Stopped] -- C:\Program Files (x86)\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009.08.18 12:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.29 04:35:02 | 011,658,752 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.03.29 03:09:44 | 000,581,120 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.02.14 13:41:10 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.11.07 09:49:58 | 000,025,600 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzdaendpt.sys -- (rzdaendpt)
DRV:64bit: - [2012.11.07 09:49:54 | 000,023,040 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rzvkeyboard.sys -- (rzvkeyboard)
DRV:64bit: - [2012.11.07 09:49:46 | 000,113,664 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2012.06.28 10:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012.03.03 01:17:20 | 000,285,280 | ---- | M] (Acronis) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\afcdp.sys -- (afcdp)
DRV:64bit: - [2012.03.03 01:17:16 | 001,263,200 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpm273.sys -- (tdrpman273)
DRV:64bit: - [2012.03.03 01:17:14 | 000,943,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2012.03.03 01:17:10 | 000,277,088 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.22 16:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.09.28 17:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.03.26 00:43:06 | 000,068,720 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmx86.sys -- (vmx86)
DRV:64bit: - [2011.03.26 00:43:04 | 000,081,008 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmci.sys -- (vmci)
DRV:64bit: - [2011.03.26 00:41:18 | 000,031,856 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VMkbd.sys -- (vmkbd)
DRV:64bit: - [2011.03.26 00:41:08 | 000,030,320 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetuserif.sys -- (VMnetuserif)
DRV:64bit: - [2011.03.25 23:27:36 | 000,038,512 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hcmon.sys -- (hcmon)
DRV:64bit: - [2011.03.25 21:04:58 | 000,045,104 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\vmnetbridge.sys -- (VMnetBridge)
DRV:64bit: - [2011.03.25 21:04:58 | 000,020,016 | ---- | M] (VMware, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vmnetadapter.sys -- (VMnetAdapter)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.07 20:19:02 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010.10.22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010.10.01 01:16:34 | 000,013,312 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VKbms.sys -- (VKbms)
DRV:64bit: - [2010.03.23 17:37:34 | 000,012,032 | ---- | M] (Razer (Asia-Pacific) Pte Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\danew.sys -- (danewFltr)
DRV:64bit: - [2009.12.23 12:36:04 | 000,105,592 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\Tpkd.sys -- (Tpkd)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.09.23 16:10:04 | 000,218,056 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PCTCore64.sys -- (PCTCore)
DRV:64bit: - [2009.09.16 16:26:18 | 000,331,816 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv64xx.sys -- (mv64xx)
DRV:64bit: - [2009.08.10 16:25:32 | 000,047,104 | ---- | M] (Cypress Semiconductor) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CYUSB.sys -- (CYUSB)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 18:42:04 | 000,475,136 | ---- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ADIHdAud.sys -- (ADIHdAudAddService)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.03.02 00:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2010.08.19 14:56:38 | 000,032,816 | ---- | M] (VMware, Inc.) [Kernel | Auto | Running] -- C:\Program Files (x86)\VMware\VMware Workstation\vstor2-ws60.sys -- (vstor2-ws60)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 90 23 21 02 80 C5 CE 01  [binary data]
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1037283242-4171337582-128212150-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_9_900_117.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_9_900_117.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.4: C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.7: C:\Program Files (x86)\Battlelog Web Plugins\2.1.7\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.40.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.40.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.0: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
[2012.08.05 15:23:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2013.10.10 08:08:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (PC Tools Browser Guard BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Reg Error: Value error.) - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - Reg Error: Value error. File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\..\Toolbar\WebBrowser: (PC Tools Browser Guard) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files (x86)\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysNative\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [DeathAdder] C:\Program Files (x86)\Razer\DeathAdder\razerhid.exe ()
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Program Files (x86)\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vmware-tray] C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe (VMware, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1037283242-4171337582-128212150-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\x64\vsocklib.dll (VMware, Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp64.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\VMware\VMware Workstation\vsocklib.dll (VMware, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Program Files (x86)\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11598DD2-21FD-4F1A-8609-82672B95369C}: DhcpNameServer = 192.168.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BD4187B-1E1C-4C45-B0AC-7C258A9EEF84}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BCE4204A-550C-44D7-BA0F-60B49CD5C464}: DhcpNameServer = 192.168.10.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.10.10 08:08:09 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.10.10 07:51:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.10.10 07:51:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.10.10 07:51:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.10.10 07:50:19 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.10.10 07:49:12 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.10.08 20:31:48 | 000,000,000 | ---D | C] -- C:\FRST
[2013.10.08 02:03:07 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT
[2013.10.08 01:52:51 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2013.10.08 01:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Licenses
[2013.10.08 01:47:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
[2013.10.08 01:47:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpywareBlaster
[2013.10.08 01:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle
[2013.10.08 01:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.10.08 01:39:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.10.08 01:39:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.10.08 01:24:27 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.10.08 01:18:50 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Macromedia
[2013.10.08 01:18:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Adobe
[2013.10.08 01:18:39 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Threat Expert
[2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\ATI
[2013.10.08 01:15:44 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\ATI
[2013.10.08 01:15:43 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Razer
[2013.10.08 01:15:42 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Local\Logitech
[2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Searches
[2013.10.08 01:15:36 | 000,000,000 | R--D | C] -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013.10.08 01:15:26 | 000,000,000 | ---D | C] -- C:\Users\Administrator\AppData\Roaming\Identities
[2013.10.08 01:15:23 | 000,000,000 | R--D | C] -- C:\Users\Administrator\Contacts
[2013.10.08 01:02:37 | 000,000,000 | ---D | C] -- C:\ProgramData\VMware
 
========== Files - Modified Within 30 Days ==========
 
[2013.10.10 08:17:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.10.10 08:17:46 | 000,026,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.10.10 08:09:40 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.10.10 08:08:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.10.10 08:08:03 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.10.10 08:06:50 | 001,659,522 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.10.10 08:06:50 | 000,713,640 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.10.10 08:06:50 | 000,666,652 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.10.10 08:06:50 | 000,155,258 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.10.10 08:06:50 | 000,127,308 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.10.10 08:02:38 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.10.10 08:02:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.10.10 08:02:29 | 1066,737,662 | -HS- | M] () -- C:\hiberfil.sys
[2013.10.09 21:36:09 | 001,313,301 | ---- | M] () -- C:\ProgramData\vh7lcw4.pff
[2013.10.09 21:36:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\vh7lcw4.ctrl
[2013.10.09 21:31:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000UA.job
[2013.10.09 01:31:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1037283242-4171337582-128212150-1000Core.job
[2013.10.08 20:15:30 | 000,427,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.10.08 01:47:48 | 000,001,085 | ---- | M] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013.09.15 19:53:00 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.09.15 19:52:42 | 000,281,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
 
========== Files Created - No Company Name ==========
 
[2013.10.10 07:51:22 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.10.10 07:51:22 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.10.10 07:51:22 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.10.10 07:51:22 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.10.10 07:51:22 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.10.08 01:47:48 | 000,001,085 | ---- | C] () -- C:\Users\Public\Desktop\SpywareBlaster.lnk
[2013.10.08 01:15:38 | 000,001,445 | ---- | C] () -- C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013.10.08 00:57:49 | 001,313,301 | ---- | C] () -- C:\ProgramData\vh7lcw4.pff
[2013.10.08 00:48:35 | 000,000,000 | ---- | C] () -- C:\ProgramData\vh7lcw4.ctrl
[2013.08.20 19:53:55 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.07.20 21:59:20 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.05.05 02:46:01 | 000,000,099 | ---- | C] () -- C:\Windows\wininit.ini
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.22 00:29:49 | 000,281,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.03.22 00:29:39 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.10.23 01:54:10 | 000,767,952 | ---- | C] () -- C:\Windows\BDTSupport.dll
[2012.10.23 00:45:31 | 000,076,351 | ---- | C] () -- C:\ProgramData\kuksclqtviclkhm
[2012.10.18 13:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll
[2012.04.06 03:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 03:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.03.03 23:07:54 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012.03.02 00:19:41 | 001,685,884 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.02 00:10:30 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.10.08 01:15:43 | 000,000,000 | ---D | M] -- C:\Users\Administrator\AppData\Roaming\Razer
[2013.06.16 23:43:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2012.03.03 01:32:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Acronis
[2013.09.10 20:42:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Digidesign
[2013.02.17 16:34:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.03.04 00:51:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient
[2012.06.14 14:31:52 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\LolClient2
[2013.08.01 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2013.09.10 20:19:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PACE Anti-Piracy
[2012.03.03 23:11:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Razer
[2013.10.08 00:28:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw
@Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX
@Alternate Data Stream - 1217 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr
@Alternate Data Stream - 1206 bytes -> C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1088 bytes -> C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI

< End of report >
         
Und hier mal die bei "Erkanntes Element" in Microsoft Security Essentials aufgeführten letzten Positionen (hatte SE ausgeschaltet, dabei waren mir die Einträge aufgefallen. Steht bestimmt auch irgendwo in den Logs, aber schaden kanns ja nicht ^^):

Code:
ATTFilter
09.10. Trojan:JS/Reveton.A
08.10. Trojan:Win32/Reveton.V
08.10. Trojan:Win32/Reveton.V (Eintrag doppelt)
06.10. Exploit:Java/CVE-2013-2465

und bei "unter Quarantäne gestellte Elemente":

09.10.13 Trojan:JS/Reveton.A
08.10.13 Trojan:Win32/Reveton.V
05.05.13 Trojan:Win32/Urausy.C
21.03.13 PWS:Win32/Zbot
18.03.13 Exploit:Win64/Anogre.gen!A
26.02.13 Exploit:Win64/Anogre.gen!A
23.02.13 Exploit:Win64/Anogre.gen!A
18.01.13 Exploit:Win64/Anogre.gen!A
06.01.13 Trojan:Win32/Meredrop
28.12.12 Trojan:Win32/Reveton!Ink (jeweils unterschiedliche Uhrzeiten)
28.12.12 Trojan:Win32/Reveton!Ink
28.12.12 Trojan:Win32/Reveton!Ink
28.12.12 Trojan:Win32/Reveton!Ink
28.12.12 Trojan:Win32/Reveton!Ink
         

Alt 10.10.2013, 09:36   #12
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hi,

ich seh da einen Hinweis im Log, dass auch noch ein Bootkit (schätzungsweise Wistler; ein Befall des MBR = Masterbootsektors) vorliegt... Dem müssen wir danach auch unbedingt noch nachgehen.
Aber zuerst zum Sperrbildschirm: Mach bitte folgenden OTL-Fix im Admin-Konto. Kannst du danach den Rechner wieder normal in das betroffene Benutzerkonto starten, ohne dass dir irgendwas den Weg versperrt?


  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch *****), dann mach das hier im Skript wieder rückgängig.
Code:
ATTFilter
:OTL
[2013.10.09 21:36:09 | 001,313,301 | ---- | M] () -- C:\ProgramData\vh7lcw4.pff
[2013.10.09 21:36:03 | 000,000,000 | ---- | M] () -- C:\ProgramData\vh7lcw4.ctrl
[2012.10.23 00:45:31 | 000,076,351 | ---- | C] () -- C:\ProgramData\kuksclqtviclkhm
@Alternate Data Stream - 158 bytes -> C:\ProgramData\TEMP:DFC5A2B2
@Alternate Data Stream - 1337 bytes -> C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP
@Alternate Data Stream - 1283 bytes -> C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw
@Alternate Data Stream - 1264 bytes -> C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX
@Alternate Data Stream - 1217 bytes -> C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr
@Alternate Data Stream - 1206 bytes -> C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk
@Alternate Data Stream - 119 bytes -> C:\ProgramData\TEMP:5C321E34
@Alternate Data Stream - 115 bytes -> C:\ProgramData\TEMP:A8ADE5D8
@Alternate Data Stream - 1088 bytes -> C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI

:files
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vh7lcw4.lnk

:commands
[emptytemp]
         
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.
__________________
cheers,
Leo

Alt 10.10.2013, 19:21   #13
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Hier der Log vom OTL Fix:

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\ProgramData\vh7lcw4.pff moved successfully.
C:\ProgramData\vh7lcw4.ctrl moved successfully.
C:\ProgramData\kuksclqtviclkhm moved successfully.
ADS C:\ProgramData\TEMP:DFC5A2B2 deleted successfully.
ADS C:\ProgramData\Microsoft:mxdZjYwDRUU9SQXpYjdCMYzUP deleted successfully.
ADS C:\ProgramData\Microsoft:ZdNaBsvHQikjGLGKCWNicw deleted successfully.
ADS C:\ProgramData\Microsoft:pkHZHlxYL9cCCjokyYftwajtsX deleted successfully.
ADS C:\Program Files (x86)\Common Files\microsoft shared:gnhzvPLd0sUBaw8pJEsRfHqpr deleted successfully.
ADS C:\Program Files (x86)\Common Files\System:PrIFGv3bUMI5Igbq0nbXopSpyk deleted successfully.
ADS C:\ProgramData\TEMP:5C321E34 deleted successfully.
ADS C:\ProgramData\TEMP:A8ADE5D8 deleted successfully.
ADS C:\ProgramData\Microsoft:UQ5sVDzEmldjh7UWHKV2QyxI deleted successfully.
========== FILES ==========
c:\users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\vh7lcw4.lnk moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 18806 bytes
->Temporary Internet Files folder emptied: 225863737 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1783 bytes
 
User: All Users
 
User: *****
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1392778 bytes
->Java cache emptied: 2455154 bytes
->Google Chrome cache emptied: 225237102 bytes
->Flash cache emptied: 10983 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 8410484 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 442,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 10102013_201521

Files\Folders moved on Reboot...
C:\Users\Administrator\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\C50ECY5D\142714-gvu-trojaner-windows-7-64-bit-2[1].htm moved successfully.
C:\Windows\temp\vmware-SYSTEM\vmware-usbarb-SYSTEM-2476.log moved successfully.
File move failed. C:\Windows\temp\TmpFile1 scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
EDIT:

Jawoll, bin jetzt wieder unter dem normalen Benutzer angemeldet.

Alt 10.10.2013, 20:13   #14
aharonov
/// TB-Ausbilder
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Ok, dann ab jetzt im betroffenen Konto weitermachen:


Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
cheers,
Leo

Alt 10.10.2013, 20:17   #15
Lou Schalter
 
GVU Trojaner Windows 7 64 Bit - Standard

GVU Trojaner Windows 7 64 Bit



Er frägt mich ob ich von Version 2.8.13.0 auf Version 3.0.0.12 updaten will. Denke das dürfte nix schaden, ich update mal.

Antwort

Themen zu GVU Trojaner Windows 7 64 Bit
aktuelle, anderen, benutzer, besucht, computer, direkt, farbar recovery scan tool, frage, guten, lag, link, modus, netzwerk, probleme, recht, recovery, scan, software, surfen, system, tool, trojaner, websites, windows, windows 7, zweck



Ähnliche Themen: GVU Trojaner Windows 7 64 Bit


  1. Windows 7 SP 1 mit Trojaner infiziert - Windows Update Fehlercode 8007002
    Log-Analyse und Auswertung - 11.09.2015 (60)
  2. Windows 7: Trojaner - Windows Updates, Firewall defekt
    Log-Analyse und Auswertung - 20.03.2015 (24)
  3. Windows 7: Nach BKA Trojaner Fehlermeldung beim Starten, Windows Sicherheitscenter kann nicht gestartet werden
    Log-Analyse und Auswertung - 18.11.2014 (9)
  4. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  5. windows verschlüsselungs Flirtfever-Trojaner, Windows XP
    Log-Analyse und Auswertung - 13.06.2012 (1)
  6. Nach BKA Trojaner, Windows Firewall deaktiviert sich (Windows XP)
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  7. Willkomen bei Windows Update, Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 06.06.2012 (1)
  8. UKash Windows Secure Trojaner mit Windows XP eingefangen
    Plagegeister aller Art und deren Bekämpfung - 05.06.2012 (1)
  9. Windows Notfall Sicherheits Update Center - Windows XP Trojaner
    Log-Analyse und Auswertung - 21.05.2012 (2)
  10. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  11. Windows 7 (64bit) Virus/Trojaner (evtl. Windows Verschlüsselungs Trojaner)
    Plagegeister aller Art und deren Bekämpfung - 07.05.2012 (19)
  12. Windows-Verschlüsselungs Trojaner Windows 7 Starter
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (10)
  13. Infiziert mit Windows-Verschlüsselungs Trojaner -Mail mit Telefonrechnung - windows vista
    Plagegeister aller Art und deren Bekämpfung - 06.05.2012 (12)
  14. "Willkommen bei Windows Update Sie haben sich mit einen Windows-Verschlüsselungs Trojaner infiziert.
    Log-Analyse und Auswertung - 27.04.2012 (3)
  15. 'Windows Security Center' Trojaner - Windows-Benutzer gesperrt !
    Log-Analyse und Auswertung - 16.03.2012 (5)
  16. Windows Vista Home Premium 32-Bit Trojaner Windows gesperrt 50€ zahlen.
    Log-Analyse und Auswertung - 23.01.2012 (1)
  17. Trojaner Fake.AV c:\Users\Sexgott\AppData\Roaming\microsoft\Windows\start menu\Programs\windows reco
    Mülltonne - 28.04.2011 (1)

Zum Thema GVU Trojaner Windows 7 64 Bit - Hallo liebe Community, habe mir bereits einige der artverwandten Fälle angesehen und mich nun dazu entschlossen euch um eure fachkundige Hilfe zu bitten. Es handelt sich um den Computer eines - GVU Trojaner Windows 7 64 Bit...
Archiv
Du betrachtest: GVU Trojaner Windows 7 64 Bit auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.