Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: PlayNowRadio Trojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 05.03.2014, 16:42   #1
DTiRusT
 
PlayNowRadio Trojaner - Standard

PlayNowRadio Trojaner



Hallöchen Zusammen,
Ich Bin der David und habe seit 2 Tagen den Trojaner "PlayNowRadio".
Da ich im Internet nach kurzer Recherche Fündig wurde wollt ich das Problem mit euch lösen.
David OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.03.2014 17:27:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,94 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,61% Memory free
9,19 Gb Paging File | 3,65 Gb Available in Paging File | 39,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,75 Gb Total Space | 741,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 921,11 Gb Total Space | 920,91 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\WINDOWS\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\WINDOWS\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\OpenWith.exe "%1" (Microsoft Corporation)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = AC 1C AE C5 46 9F CE 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = [binary data]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Upgrade]
"UpgradeTime" = Reg Error: Unknown registry data type -- File not found

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{3B436AF8-09D9-4321-8C9F-250900DFDA63}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{44449D2F-50F3-4E71-A706-B0455DFD9A37}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{60F7755A-2B32-4D2B-BEBA-0E9C338F1A90}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{898AF077-8132-4847-9F4A-F8F3BB95A365}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{8A083FA5-A463-47C8-8AFD-29EF90C1F4A3}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{9768D904-FFF1-489D-8955-13958E2ABAD5}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{9CA3F080-3475-42C2-90D1-891A2F7DDE76}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{9E7A43BA-1254-43CA-A188-EEF28231622E}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{A4BE7D12-9236-49CF-B9FB-E4A450897708}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{A72EB7C6-BCE6-4EBF-9E0C-B5A7DEA744BF}" = lport=80 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{B2FFEED2-DF14-4247-BA08-BCE1121CAA1A}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{C7681355-BAD1-4566-859D-A704EF256FAB}" = lport=443 | protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\netservice\nvnetworkservice.exe | 
"{CD7C6932-AC5C-4ACF-AC28-A05CAF35FB5B}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{CD852549-75F0-4A35-9A7B-3C08B582430F}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{DA511C15-2362-4A54-9A06-01CD085EF484}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 
"{EF84766F-6FF8-4A90-A734-E29B4AFEFA86}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{F083ACC5-3FA6-4A6F-B7DC-F20C0C744200}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe | 
"{FBF08335-3557-44DB-9303-8175FE53E6D1}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe | 

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E31BF-75FC-4D50-8259-A35380A0C37A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{022678B8-99B3-4A12-976A-D4C087CB4FBA}" = dir=out | name=juniper networks junos pulse | 
"{05D4B7C3-02F4-4E32-944A-E9C72CEC2B0F}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{0711DE2D-8EB6-4B18-B74E-C160B3AA43E1}" = dir=in | name=pinball fx2 | 
"{07D1AA62-1AD1-46E2-989E-A41D08BAB5AF}" = dir=out | name=@{microsoft.bingnews_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/brandedapptitle} | 
"{08A81185-3308-4AC4-A22F-11421A66AF1B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{0E18D401-D516-4930-B6EB-A0690AFB0B78}" = dir=in | name=microsoft solitaire collection | 
"{103AECDD-141F-4DC5-B59C-70EF28039010}" = dir=out | name=@{microsoft.bingweather_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{10880D15-4F1A-4AB8-8A07-C6D2014F4947}" = dir=out | name=microsoft solitaire collection | 
"{16183EDB-52DD-4C51-8FA8-F5145786D5A2}" = dir=out | name=@{microsoft.bingweather_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingweather/resources/apptitle} | 
"{16A3AF3E-A59D-4043-9115-12F08245AA81}" = dir=out | name=- games app - | 
"{19A441D6-8A52-4BE1-9B72-A930E0983488}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{1C99B516-E719-45A5-9D50-9DA0F6203E45}" = dir=out | name=@{microsoft.bingtravel_1.2.0.145_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/apptitle} | 
"{25D6739A-9841-41B2-A57B-3477511D8093}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{25E7DCF7-0200-4FC1-B7CD-5690A4AF8212}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{26FFFEC3-DADA-41EF-BCAC-01045A9EC01F}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | 
"{27775CE5-DA40-4519-92FD-857E2B6DAE92}" = dir=out | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{27E758A6-3B53-4FFE-9D92-4BCC8BC18AF4}" = protocol=6 | dir=in | app=c:\users\kuptz\desktop\steam.exe | 
"{28437404-8200-44DF-B5E2-98F9463B1547}" = dir=in | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{2B4C84AE-7B22-4DC9-944F-34F577FFD937}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{2BAF9CBF-5C28-4D7D-BB28-59555C7567B3}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{2CE92915-EC52-4C81-981B-2EB7FCC8FD36}" = dir=out | name=@{microsoft.zunemusic_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/ids_manifest_music_app_name} | 
"{2FDA4A8F-B73C-4483-ABE1-638B3A10C9B8}" = protocol=17 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{311A5101-8BE2-42F6-B4B9-655D11B674D3}" = dir=in | name=skype | 
"{3408710C-5BD9-44DF-8C0E-627041DAE97A}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{34DF258B-50B6-4DBF-A81A-C9ED02EC2177}" = dir=out | name=@{microsoft.bingmaps_1.2.0.136_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{35D9AE7B-A4C2-4071-91F4-5D73AE7BACA6}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\windowsupnpmv.exe | 
"{385D3CF3-F2D6-4628-9046-4E519EABEA22}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{3A356094-8445-428A-B710-F4F0A4DEC437}" = dir=out | name=7digital music store | 
"{3B43FB62-7112-49A9-A529-CA9DBAEF5D54}" = dir=in | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{40A77F9D-295A-4095-A401-C609BDD723DD}" = dir=out | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{40A8AF77-EECE-4CF3-AF74-D094914A70F5}" = dir=out | name=newsxpresso | 
"{40D86F22-DAD1-40A7-913C-07E282CC576D}" = dir=out | name=sonicwall mobile connect | 
"{4282FE99-8560-4BC7-9576-5F3ED84E263F}" = dir=in | name=checkpoint.vpn | 
"{4763D956-42A4-47BF-BA0A-987742784E3C}" = dir=out | name=@{microsoft.bingsports_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/bingsports} | 
"{491807C1-1600-4CEA-B20C-4D5E7F6B91D4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{4942DC1E-AFC3-4CAE-B2E9-93CE25A4B911}" = dir=in | name=microsoft mahjong | 
"{4983164E-AB4B-4520-A358-566EE28AA592}" = dir=out | name=skitch touch | 
"{4A6E88D4-BBDC-4595-B11E-D4AD88BC8FE1}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{4E98ACA5-0877-4AFD-B1EF-6D1B24D2BD66}" = dir=out | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{4FCDE5CD-0053-4E08-AD6D-51B4271CE454}" = dir=out | name=windows_ie_ac_001 | 
"{506C396E-18DD-46F3-ADC7-E4E78295B558}" = dir=out | name=@{microsoft.xboxlivegames_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{512D6D45-3BA3-4E4D-BC98-CAC3A08CAC97}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{51D2F7F2-3174-4D9F-9BD0-324D90E3D93A}" = dir=out | name=microsoft minesweeper | 
"{51F84FA9-D90E-4A88-8F2B-00606E20D840}" = dir=out | name=acer explorer | 
"{548DCF8C-BFF2-4BA4-AA88-FBAF9AC8BCC6}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{556E581C-4A28-4E6A-A099-E6A2A5DC81F7}" = dir=in | name=f5 vpn | 
"{560448D6-095C-4907-B046-AC7F710701A7}" = dir=in | name=sonicwall.mobileconnect | 
"{577F7482-A3C4-4B94-B464-BA3BE1378E02}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{5941AEC4-C836-4C7F-863A-5BA8DA6D7352}" = dir=in | name=newsxpresso | 
"{5A3A19A5-33DC-4C24-9672-DFBCD2578C8B}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{5B0779AD-F69C-48F8-88A7-88490DB73A59}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{5C3F3BA9-3A90-4839-A719-4A991A1714B0}" = dir=out | name=windows_ie_ac_001 | 
"{5E286410-A0C1-44CA-94F6-98A3B33D57E5}" = dir=out | name=f5 vpn | 
"{5F4632C0-D5B1-40C3-B0D9-E3A759C81B9E}" = dir=out | name=sonicwall.mobileconnect | 
"{5FD57ECE-CD70-4A6C-BC08-6B9006A902FC}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{63488828-158A-49C8-9CC8-CFB20EF7AC99}" = dir=out | name=@{microsoft.bingnews_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingnews/resources/news} | 
"{644F85C9-C964-4A5B-8065-65CF20140275}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\windowsupnp.exe | 
"{6723D51C-363E-48FF-8A36-73A69847F6A9}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\videoplayer.exe | 
"{6786ED66-1066-46F5-AEC3-68FCA413A978}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{68DFB7AC-690D-43F9-8F44-69700F99AF7C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6A37332F-7EE1-4C38-B4D3-CF3921BEB2D8}" = dir=out | name=microsoft mahjong | 
"{6B09B20C-EC53-4C63-83B4-EE6B988B4E57}" = dir=out | name=@{microsoft.bingfoodanddrink_3.0.2.236_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfoodanddrink/resources/apptitlewithbranding} | 
"{6B596BAE-37E4-4552-9175-2EA1F3FD9ADE}" = dir=in | name=sonicwall mobile connect | 
"{6B989FF6-4FC2-4ED5-8A0D-6D21EF181C6D}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{6BAECAEE-37E2-4BF5-A84F-E4390E2E6C0B}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{6BDECD71-B7A2-4E7E-ABF7-87F5E1781105}" = dir=in | name=@{microsoft.windowscommunicationsapps_16.4.4206.722_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{6DFFBC71-EBC4-4848-8BF3-D4E665506BFB}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{6EE0991E-EA54-4760-8EE0-856B7D532F22}" = dir=out | name=ebay | 
"{70772A3D-3185-434C-9290-6EF10E8FEB7B}" = dir=in | name=@{microsoft.windowsreadinglist_6.3.9654.20349_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowsreadinglist/resources/apppackagename} | 
"{712C1186-7F9D-468F-8D77-B46A6792AFC2}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{71D6004B-1046-4DCA-B4F6-7BDF97786BF9}" = dir=out | name=hp printer control | 
"{7363FC45-A3D9-4BDE-820F-D46435996D77}" = dir=out | name=check point vpn | 
"{73BC90D6-C9BF-4BFE-965C-6814748687A3}" = dir=in | name=@{microsoft.reader_6.2.8516.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.reader/resources/shortdisplayname} | 
"{74E572A9-969B-4035-BF95-D031B68102C0}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{7653CD97-280F-4866-A8D6-729E20B82887}" = dir=out | name=@{microsoft.bingtravel_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingtravel/resources/brandedapptitle} | 
"{7E72BD82-F4F6-4028-A0EB-CAA4749A5A82}" = protocol=6 | dir=in | app=c:\users\kuptz\appdata\roaming\bittorrent\bittorrent.exe | 
"{8071CF9B-6CF8-440C-A16B-DCDFDBF93BF8}" = dir=out | name=@{microsoft.zunevideo_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/33270} | 
"{808F1451-4108-46FD-ADBB-F17324B5F0BD}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{82EAEAC4-F9A6-4C58-A8D3-8EB60898BDB8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{846D6B94-127A-4B42-8C1E-EC84B46F18D5}" = protocol=17 | dir=in | app=c:\users\kuptz\desktop\steam.exe | 
"{84F9655A-78AD-4522-A545-ED94459DCC37}" = dir=out | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{85FFA4EF-E1D9-42E1-89E9-F3054FFD3507}" = dir=in | name=taptiles | 
"{866513B8-8B5C-4D68-9407-B435C2FD3177}" = dir=out | name=@{microsoft.bingfinance_1.2.0.135_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/apptitle} | 
"{8703F440-6D4D-4814-BC64-590CFC19DC4F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{88170C96-D5D4-46EB-BCFA-5BC04CD26A56}" = dir=in | name=@{browserchoice_6.2.0.0_neutral_neutral_cw5n1h2txyewy?ms-resource://browserchoice/resources/displayname} | 
"{8817254B-961E-40C3-B3BD-EA34978E983C}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\acer cloud\ccd.exe | 
"{8DED4F2D-2290-4621-8207-CB30026B9D66}" = dir=out | name=skype | 
"{8E0865AF-7F21-499F-8E14-E2C5C22B2702}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{90132D16-617F-44E1-9867-ED0D092C4334}" = dir=out | name=@{microsoft.xboxlivegames_2.0.139.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.xboxlivegames/resources/34150} | 
"{907B38D9-73B8-4435-B1B7-653DE1EC127D}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\video\musicplayer.exe | 
"{91BFD70F-8F60-4458-ABDF-A4B4260D0C7F}" = dir=out | name=windows_ie_ac_001 | 
"{92A622EC-C315-4D4A-ACC4-25E8B0C86A20}" = dir=in | app=%programfiles% (x86)\techsmith\camtasia studio 8\camtasiastudio.exe | 
"{94267F0E-DDA3-4337-9FA8-8DBFE6A9A9D0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{94A94064-C0CB-4C36-A31A-35253A95D0F8}" = dir=out | name=pinball fx2 | 
"{95CF8EB3-7AB5-4DF9-AD55-61004AFAE4BA}" = protocol=17 | dir=in | app=c:\users\kuptz\appdata\roaming\bittorrent\bittorrent.exe | 
"{96FF64E8-53B6-4454-8659-6AE44C298EC5}" = dir=out | name=@{microsoft.bingsports_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingsports/resources/brandedapptitle} | 
"{97539EC4-69BE-49A1-B85D-785BFA8CDBF2}" = protocol=17 | dir=in | app=c:\program files (x86)\acer\clear.fi photo\dmcdaemon.exe | 
"{97B6DBA7-B23F-435C-BE4C-8DD2AD3A9F69}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{9A06A352-DC95-49A6-A6F7-AB1D6C701A79}" = dir=in | app=c:\program files (x86)\acer\clear.fi sdk21\movie\playmovie.exe | 
"{9BCCBCF2-EE0B-4AA4-974E-CBE97D9632BF}" = protocol=17 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{9C399663-96DB-44CB-B299-D34D5C44D575}" = dir=out | name=@{microsoft.skypeapp_1.1.0.25_x86__kzf8qxf38zg5c?ms-resource://microsoft.skypeapp/resources/manifest_display_name} | 
"{9CE6AA19-77BB-43BD-BD46-F7F813F96CC5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9D642F2D-E852-48D0-A4A0-EBB8F48C5844}" = dir=in | name=acer explorer | 
"{9E3D57FC-7C37-4424-9352-4831E97D029D}" = dir=out | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{9F86E508-4928-4222-BC0E-FED77A7A81EA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{A077682B-435C-4DBD-AA54-4F19A0110F25}" = dir=out | name=tunein radio | 
"{A3098F14-87F8-4D1B-8EBE-F64FED3F78DF}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{A3F21A37-9524-41AD-93AE-5AB2325D232B}" = dir=out | name=@{microsoft.binghealthandfitness_3.0.2.233_x64__8wekyb3d8bbwe?ms-resource://microsoft.binghealthandfitness/resources/apptitle} | 
"{A3F3DEF4-D3AF-418E-BA8E-9E6D33390FD1}" = protocol=6 | dir=in | app=c:\program files (x86)\efusion\blackshot\system\blackshot.exe | 
"{A5619B71-5816-4C2C-ABC3-6233E6E18CA1}" = dir=out | name=cut the rope | 
"{A96A5070-5E53-4695-96D9-F6248AF86B6F}" = dir=out | name=@{microsoft.zunemusic_1.0.927.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunemusic/resources/33273} | 
"{A9C42D23-5B18-4CD6-86C1-05F0469ACF9C}" = dir=out | name=@{microsoft.bingfinance_3.0.2.234_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingfinance/resources/brandedapptitle} | 
"{B09E1F8C-D66E-44F8-8593-779A3B49D689}" = dir=out | name=the treasures of montezuma 3 | 
"{B2D9CA6B-D818-4255-BA28-FE791CB202B0}" = dir=in | name=microsoft minesweeper | 
"{B36D98D9-EAB5-4F1F-89EC-A2027DE6B5EA}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{B454B59A-75AF-4FFC-B221-0E003761AA82}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B94ABC98-ED27-4B24-9CA7-4B8FEF41B0BD}" = dir=out | name=taptiles | 
"{BACAB970-8F66-4484-90AB-4E6A1A4B7176}" = dir=out | name=google search | 
"{BDA982BB-3072-48E7-A8F2-EE0EF19F0337}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4.exe | 
"{C1C53BFC-0DD2-4EEA-82CB-84160A1403A8}" = dir=out | name=windows_ie_ac_001 | 
"{C44B0AF6-BFAB-4D4B-8CCD-340CB6149ED9}" = dir=out | name=weatherbug | 
"{C7E9139E-2F2E-42A5-996C-ABB9F13E1C36}" = dir=in | name=hp printer control | 
"{CBE876E9-6461-4B0E-A917-92ADB2F3260D}" = dir=in | name=check point vpn | 
"{CC2F6FC5-20D4-4D6E-8C56-54FD2488C1B5}" = dir=out | name=@{microsoft.zunevideo_2.2.705.0_x64__8wekyb3d8bbwe?ms-resource://microsoft.zunevideo/resources/ids_manifest_video_app_name} | 
"{CCCAB6D0-4325-4BA7-80A5-CB4E047CCE89}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 4 beta\bf4.exe | 
"{D331AF65-D68D-4470-8ACF-F7C84D0620E0}" = protocol=6 | dir=in | app=c:\program files (x86)\acer\clear.fi media\dmcdaemon.exe | 
"{D36B66A8-CB97-4B53-9845-45F0FEFF2749}" = dir=out | name=@{microsoft.bingmaps_2.0.2530.2317_x64__8wekyb3d8bbwe?ms-resource://microsoft.bingmaps/resources/appdisplayname} | 
"{D5D4BB07-E912-4BCB-B0A3-4845154BD6E6}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{D5FB45DC-3565-4DAB-8363-1D52F335E507}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\data\spotifywebhelper.exe | 
"{D6980480-941A-4DF6-AB81-3734ECD3D779}" = dir=out | name=junipernetworks.junospulsevpn | 
"{D713B330-3027-49D7-8580-EB0730285AA0}" = dir=out | name=shark dash | 
"{D7E202E1-38E0-4FEA-9FFC-4C48D6DB96FB}" = dir=out | name=evernote touch | 
"{DB59588E-ED90-4C47-A7B5-7929DD0C0BD2}" = dir=out | name=checkpoint.vpn | 
"{DCFA797B-183A-4184-9AE1-EC120668FC7A}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{E2D8FECA-ACA2-42E8-B3F2-96EAF90CDF89}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{E305A168-9D76-4748-B0FA-91530A280532}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E34FB6C0-5257-4FA6-A3AA-DFC7AC53816F}" = dir=out | name=txtr ebooks | 
"{E77C15E1-9926-4760-838C-670C43C72290}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{E7985E1D-C36F-4787-80A8-6350D07E9266}" = dir=in | name=@{c:\windows\winstore\resources.pri?ms-resource://winstore/resources/displayname} | 
"{E9A33BEE-2D75-4A8E-B98B-943E9DCCA7EA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 4\bf4_x86.exe | 
"{EC799E33-72BA-42D7-9127-DEFE68F9799D}" = dir=in | name=junipernetworks.junospulsevpn | 
"{EE5E4002-E599-4C18-810C-F32E0A493DE5}" = dir=in | name=evernote touch | 
"{EEA09C4E-FA57-4E76-A31D-91722C219AC9}" = dir=out | name=@{microsoft.windowscommunicationsapps_17.5.9600.20413_x64__8wekyb3d8bbwe?ms-resource://microsoft.windowscommunicationsapps/resources/communicationspackagename} | 
"{EF10E3C2-97FF-43B1-AA0F-C376E3315480}" = dir=in | app=c:\program files\hp\hp deskjet 2510 series\bin\usbsetup.exe | 
"{F3407575-B04B-429D-86F4-0028345A2C46}" = dir=out | name=adera | 
"{F64300AD-D559-4000-BD45-0997BCC8E70A}" = dir=out | name=f5.vpn.client | 
"{F6B3E84F-F956-47DB-B5F2-9C1176C559D1}" = protocol=6 | dir=in | app=c:\program files (x86)\spotify\spotify.exe | 
"{F77E5446-4378-4E99-8B7A-7061AAAEA193}" = dir=in | name=f5.vpn.client | 
"{FBA2A67D-7F3F-45A2-A62E-6D26A66070DA}" = dir=in | name=juniper networks junos pulse | 
"TCP Query User{195D1CF9-B262-42BB-A651-5B64508B6595}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"TCP Query User{1D9BA1E7-E916-4C17-93A7-3B51D5D65501}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{5B7B8954-ACFD-492C-A376-EC950D4078C2}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=6 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"TCP Query User{5FD6CA14-F7B7-4245-8B90-82D04413E68E}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"TCP Query User{6A50F7E4-EC7E-4640-A96D-4EE785CB2829}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"TCP Query User{71666EA7-C5C7-48C4-A8A3-4C59EB2EFC43}C:\users\kuptz\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\kuptz\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{9E371A3A-3184-4105-A2D0-72F520E13371}C:\users\kuptz\downloads\bittorrent_b30621.exe" = protocol=6 | dir=in | app=c:\users\kuptz\downloads\bittorrent_b30621.exe | 
"TCP Query User{ABA8E1A0-A604-46F2-B295-41BD128949CA}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{ED7C79CE-EF5B-4843-A0C4-EB04A9D62A00}C:\program files (x86)\tera\tera-launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{2AB603F4-BE0B-4A80-A441-CE20B38CF7EF}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{2B144074-D860-4D34-A0D7-620C4C46FBCA}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 
"UDP Query User{33D514EE-5521-420F-BADD-5F3957A6281D}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{4D2572D4-2697-4474-B60E-61AF09D0CBA6}C:\users\kuptz\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\kuptz\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{57E69720-0F84-46E9-AE2A-E613940D1A99}C:\users\kuptz\downloads\bittorrent_b30621.exe" = protocol=17 | dir=in | app=c:\users\kuptz\downloads\bittorrent_b30621.exe | 
"UDP Query User{A6660784-7C18-4229-AACD-4EDFE6A31768}C:\program files (x86)\torntv.com\torntv downloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\torntv.com\torntv downloader.exe | 
"UDP Query User{C22F3CD1-29F1-4CCF-BAAF-219B0BC8663E}C:\aeriagames\wolfteam-de\wolfteam.bin" = protocol=17 | dir=in | app=c:\aeriagames\wolfteam-de\wolfteam.bin | 
"UDP Query User{E02699E2-1A71-46FD-A196-CC31CB60D3EC}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{EC1F6BFD-6FD9-4E27-88F2-62A54E709D1E}C:\program files (x86)\tera\tera-launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tera\tera-launcher.exe | 

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}" = Acer Recovery Management
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{288614B1-F070-4B47-A1F5-4790BD8A3176}" = HP Deskjet 2510 series - Grundlegende Software für das Gerät
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{858C1B33-C3D5-4377-B77B-1E2F338C7F66}" = Intel(R) Network Connections 17.2.153.0
"{91F52DE4-B789-42B0-9311-A349F10E5479}" = Acer Power Management
"{96EFECB7-6359-4D6A-B3FE-4A3CE0B6444F}" = Studie zur Verbesserung von HP Deskjet 2510 series Produkten
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 334.89
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.8.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Network.Service" = NVIDIA Network Service
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 11.10.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Update.Core" = NVIDIA Update Core
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.20
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"{F17E4000-ED91-11E2-B3BD-F04DA23A5C58}" = MSVCRT Redists
"GIMP-2_is1" = GIMP 2.8.10
"PROSetDX" = Intel(R) Network Connections 17.2.153.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.1.0
"WinRAR archiver" = WinRAR 5.00 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{07B48D2C-E60D-41E6-B546-11D128F633EC}" = HP Deskjet 2510 series Hilfe
"{0E4630AF-0AB7-440E-A978-1A78FC4F43B9}" = Nero Launcher
"{1A77A1B6-74D7-46E4-B216-EBAC07C806DC}" = S4 League_EU
"{1B305614-536F-47B0-917D-140C1D2477BA}}_is1" = AnotherLife Client Version 1.3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBAE18D-4DE4-47AA-83EC-D1B046F262DC}" = PDF Settings CC
"{1FCC073B-CC01-4443-AD20-E559F66E6E83}" = Office Addin 2003
"{216C7F38-4BBC-4E9A-8392-C9FA21B54386}" = HP Deskjet 2510 series Setup Guide
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}" = Adobe Photoshop CC
"{34D9106C-A947-47ED-B4AB-764736350769}" = Minecraft
"{35DA427D-BB23-49B8-9AFD-CFFCFE3B708D}" = clear.fi SDK- Movie 2
"{388E4B09-3E71-4649-8921-F44A3A2954A7}" = Microsoft Visual Studio 2005 Tools for Office Runtime
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{6D2BBE1D-E600-4695-BA37-0B0E605542CC}" = Office Addin
"{6F1C00D2-25C2-4CBA-8126-AE9A6E2E9CD5}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7E210E1C-52A1-40E3-817B-D504E9F64DFA}_is1" = Flyff
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{8FB53850-246A-3507-8ADE-0060093FFEA6}" = Visual Studio Tools for the Office system 3.0 Runtime
"{90150000-0138-0409-0000-0000000FF1CE}" = Microsoft Office
"{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF0D9FE-9893-4647-81B9-17B7BEA4E6FD}" = Nero 12 Essentials OEM.a01
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = TERA
"{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}" = AcerCloud
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{B5AD89F2-03D3-4206-8487-018298007DD0}" = clear.fi Photo
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}" = AcerCloud Docs
"{CFAB3721-549D-4827-A4E8-7F90192114AB}" = Battlefield 4™ Beta
"{E9AF1707-3F3A-49E2-8345-4F2D629D0876}" = clear.fi Media
"{EBA33CAD-E071-48d5-A168-FBA4EEB42E93}" = clear.fi SDK - Video 2
"{EE26E302-876A-48D9-9058-3129E5B99999}" = Live Updater
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"DAEMON Tools Lite" = DAEMON Tools Lite
"ESN Sonar-0.70.4" = ESN Sonar
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.27.225
"Google Chrome" = Google Chrome
"HP Photo Creations" = HP Photo Creations
"IObit_StartMenu8_is1" = Start Menu 8
"League of Legends 3.0.1" = League of Legends
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Microsoft Visual Studio 2005 Tools for Office Runtime" = Visual Studio 2005 Tools for Office Second Edition Runtime
"Mozilla Thunderbird 24.0 (x86 de)" = Mozilla Thunderbird 24.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Spotify" = Spotify
"Steam" = Steam
"Steam App 730" = Counter-Strike: Global Offensive
"TeamViewer 8" = TeamViewer 8
"Visual Studio Tools for the Office system 3.0 Runtime" = Visual Studio Tools for the Office system 3.0 Runtime

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"SOE-PlanetSide 2 PSG" = PlanetSide 2

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 05.03.2014 08:32:36 | Computer Name = Dawid | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.

Error - 05.03.2014 08:32:54 | Computer Name = Dawid | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Cinema 4D R12\resource\modules\python\res\Python.win32.framework\Lib\distutils\command\wininst-8_d.exe".
Die
abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.03.2014 08:32:54 | Computer Name = Dawid | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Cinema 4D R12\resource\modules\python\res\Python.win64.framework\Lib\distutils\command\wininst-8_d.exe".
Die
abhängige Assemblierung "Microsoft.VC80.DebugCRT,processorArchitecture="x86",publicKeyToken="1fc8b3b9a1e18e3b",type="win32",version="8.0.50608.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".

Error - 05.03.2014 08:32:55 | Computer Name = Dawid | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\WordAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.

Error - 05.03.2014 08:32:55 | Computer Name = Dawid | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest". Fehler in Manifest- 
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\ExcelAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.

Error - 05.03.2014 08:32:55 | Computer Name = Dawid | Source = SideBySide | ID = 16842824
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest". Fehler in Manifest-
oder Richtliniendatei "C:\Program Files (x86)\Acer\Office Addin 2003\PowerPointAddIn2003.dll.Manifest"
in Zeile 4. Das asmv2:clrClassInvocation-Element wird als untergeordnetes Element
des urn:schemas-microsoft-com:asm.v1^entryPoint-Elements angezeigt, das von dieser
Windows-Version nicht unterstützt wird.

Error - 05.03.2014 08:33:32 | Computer Name = Dawid | Source = MsiInstaller | ID = 11921
Description = 

Error - 05.03.2014 08:37:38 | Computer Name = Dawid | Source = MsiInstaller | ID = 11921
Description = 

Error - 05.03.2014 08:50:03 | Computer Name = Dawid | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 33.0.1750.146,
Zeitstempel: 0x531287da Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.16476,
Zeitstempel: 0x52944cd2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020141 ID des fehlerhaften
Prozesses: 0x9c0 Startzeit der fehlerhaften Anwendung: 0x01cf386fc9b27a7d Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\combase.dll Berichtskennung: ab4f4dff-a464-11e3-bf1d-7054d2bf9f59
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist: 

Error - 05.03.2014 10:37:00 | Computer Name = Dawid | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: chrome.exe, Version: 33.0.1750.146,
Zeitstempel: 0x531287da Name des fehlerhaften Moduls: combase.dll, Version: 6.3.9600.16476,
Zeitstempel: 0x52944cd2 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00020141 ID des fehlerhaften
Prozesses: 0xd88 Startzeit der fehlerhaften Anwendung: 0x01cf387908152eb9 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Pfad
des fehlerhaften Moduls: C:\WINDOWS\SYSTEM32\combase.dll Berichtskennung: 9c173222-a473-11e3-bf1d-7054d2bf9f59
Vollständiger
Name des fehlerhaften Pakets: Anwendungs-ID, die relativ zum fehlerhaften Paket
ist: 

[ System Events ]
Error - 26.02.2014 07:48:18 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:18 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:18 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:20 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:20 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:21 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:21 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:21 | Computer Name = Dawid | Source = Application Popup | ID = 1060
Description = 

Error - 26.02.2014 07:48:35 | Computer Name = Dawid | Source = Service Control Manager | ID = 7000
Description = Der Dienst "LibUsb-Win32 - Daemon, Version 0.1.10.1" wurde aufgrund
folgenden Fehlers nicht gestartet: %%2

Error - 26.02.2014 07:51:35 | Computer Name = Dawid | Source = DCOM | ID = 10016
Description = 


< End of report >
         
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.03.2014 17:27:00 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\****\Downloads
64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16518)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,94 Gb Total Physical Memory | 6,00 Gb Available Physical Memory | 75,61% Memory free
9,19 Gb Paging File | 3,65 Gb Available in Paging File | 39,72% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 920,75 Gb Total Space | 741,43 Gb Free Space | 80,52% Space Free | Partition Type: NTFS
Drive D: | 921,11 Gb Total Space | 920,91 Gb Free Space | 99,98% Space Free | Partition Type: NTFS

Computer Name: **** | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\Kuptz\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Google\Update\1.3.22.5\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Users\Kuptz\AppData\Roaming\playnowradio\playnowradio\1.3.4.8\playnowradio.exe (Pay By Ads LTD)
PRC - C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
PRC - C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu_Hook.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (IObit)
PRC - C:\Program Files (x86)\IObit\Start Menu 8\StartMenu8.exe (IObit)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Users\Kuptz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.146\chrome_elf.dll ()
MOD - C:\Users\Kuptz\AppData\Roaming\playnowradio\playnowradio\1.3.4.8\chrmXtn.dll ()
MOD - C:\Program Files (x86)\Origin\platforms\qwindows.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qtiff.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qtga.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qwbmp.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qmng.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qjpeg.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qico.dll ()
MOD - C:\Program Files (x86)\Origin\imageformats\qgif.dll ()
MOD - C:\Program Files (x86)\IObit\Start Menu 8\NTFSScan.dll ()
MOD - C:\Program Files (x86)\IObit\Start Menu 8\pri.dll ()
MOD - C:\Program Files (x86)\IObit\Start Menu 8\madExcept_.bpl ()
MOD - C:\Program Files (x86)\IObit\Start Menu 8\madDisAsm_.bpl ()
MOD - C:\Program Files (x86)\IObit\Start Menu 8\madBasic_.bpl ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()


========== Services (SafeList) ==========

SRV:64bit: - (IEEtwCollectorService) -- C:\WINDOWS\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation)
SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation)
SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (AppXSvc) -- C:\Windows\SysNative\AppXDeploymentServer.dll (Microsoft Corporation)
SRV:64bit: - (workfolderssvc) -- C:\Windows\SysNative\workfolderssvc.dll (Microsoft Corporation)
SRV:64bit: - (AppReadiness) -- C:\Windows\SysNative\AppReadiness.dll (Microsoft Corporation)
SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation)
SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation)
SRV:64bit: - (lfsvc) -- C:\Windows\SysNative\GeofenceMonitorService.dll (Microsoft Corporation)
SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV:64bit: - (WEPHOSTSVC) -- C:\Windows\SysNative\wephostsvc.dll (Microsoft Corporation)
SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation)
SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation)
SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation)
SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (vmicguestinterface) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation)
SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation)
SRV:64bit: - (smphost) -- C:\Windows\SysNative\smphost.dll (Microsoft Corporation)
SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation)
SRV:64bit: - (ScDeviceEnum) -- C:\Windows\SysNative\ScDeviceEnum.dll (Microsoft Corporation)
SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation)
SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation)
SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation)
SRV:64bit: - (NcbService) -- C:\Windows\SysNative\ncbservice.dll (Microsoft Corporation)
SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation)
SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation)
SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation)
SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation)
SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (NvNetworkService) -- C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe (NVIDIA Corporation)
SRV - (NvStreamSvc) -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe (NVIDIA Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (StartMenuService) -- C:\Program Files (x86)\IObit\Start Menu 8\StartMenuServices.exe (IObit)
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (lfsvc) -- C:\Windows\SysWOW64\GeofenceMonitorService.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (npggsvc) -- C:\Windows\SysWOW64\GameMon.des (INCA Internet Co., Ltd.)
SRV - (PrintNotify) -- C:\Windows\system32\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation)
SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation)
SRV - (smphost) -- C:\Windows\SysWOW64\smphost.dll (Microsoft Corporation)
SRV - (CCDMonitorService) -- C:\Program Files (x86)\Acer\Acer Cloud\CCDMonitorService.exe (Acer Incorporated)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer Power Management\ePowerSvc.exe (Acer Incorporated)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (libusbd) -- C:\Windows\SysWOW64\libusbd-nt.exe (hxxp://libusb-win32.sourceforge.net)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (Disc Soft Ltd)
DRV:64bit: - (nvvad_WaveExtensible) -- C:\Windows\SysNative\drivers\nvvad64v.sys (NVIDIA Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avnetflt) -- C:\Windows\SysNative\drivers\avnetflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (intelpep) -- C:\Windows\SysNative\drivers\intelpep.sys (Microsoft Corporation)
DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\drivers\USBXHCI.SYS (Microsoft Corporation)
DRV:64bit: - (pdc) -- C:\Windows\SysNative\drivers\pdc.sys (Microsoft Corporation)
DRV:64bit: - (spaceport) -- C:\Windows\SysNative\drivers\spaceport.sys (Microsoft Corporation)
DRV:64bit: - (SerCx2) -- C:\Windows\SysNative\drivers\SerCx2.sys (Microsoft Corporation)
DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\drivers\wfplwfs.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (stornvme) -- C:\Windows\SysNative\drivers\stornvme.sys (Microsoft Corporation)
DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\drivers\VerifierExt.sys (Microsoft Corporation)
DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\drivers\USBHUB3.SYS (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (condrv) -- C:\Windows\SysNative\drivers\condrv.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\WINDOWS\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (dam) -- C:\Windows\SysNative\drivers\dam.sys (Microsoft Corporation)
DRV:64bit: - (acpiex) -- C:\Windows\SysNative\drivers\acpiex.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (mvumis) -- C:\Windows\SysNative\drivers\mvumis.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\drivers\msgpioclx.sys (Microsoft Corporation)
DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\drivers\msgpiowin32.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\drivers\lsi_sss.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LSI_SAS3) -- C:\Windows\SysNative\drivers\lsi_sas3.sys (LSI Corporation)
DRV:64bit: - (ADP80XX) -- C:\Windows\SysNative\drivers\adp80xx.sys (PMC-Sierra)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (3ware) -- C:\Windows\SysNative\drivers\3ware.sys (LSI)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\drivers\EhStorTcgDrv.sys (Microsoft Corporation)
DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\drivers\EhStorClass.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\drivers\VSTXRAID.SYS (VIA Corporation)
DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\drivers\UCX01000.SYS (Microsoft Corporation)
DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\drivers\uaspstor.sys (Microsoft Corporation)
DRV:64bit: - (sdstor) -- C:\Windows\SysNative\drivers\sdstor.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology, Inc.)
DRV:64bit: - (storahci) -- C:\Windows\SysNative\drivers\storahci.sys (Microsoft Corporation)
DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\drivers\SpbCx.sys (Microsoft Corporation)
DRV:64bit: - (SerCx) -- C:\Windows\SysNative\drivers\SerCx.sys (Microsoft Corporation)
DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\drivers\wpcfltr.sys (Microsoft Corporation)
DRV:64bit: - (CLFS) -- C:\Windows\SysNative\drivers\clfs.sys (Microsoft Corporation)
DRV:64bit: - (ReFS) -- C:\WINDOWS\SysNative\drivers\refs.sys (Microsoft Corporation)
DRV:64bit: - (UEFI) -- C:\Windows\SysNative\drivers\uefi.sys (Microsoft Corporation)
DRV:64bit: - (vpci) -- C:\Windows\SysNative\drivers\vpci.sys (Microsoft Corporation)
DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\drivers\WpdUpFltr.sys (Microsoft Corporation)
DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\drivers\WdFilter.sys (Microsoft Corporation)
DRV:64bit: - (WdNisDrv) -- C:\Windows\SysNative\drivers\WdNisDrv.sys (Microsoft Corporation)
DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\drivers\WdBoot.sys (Microsoft Corporation)
DRV:64bit: - (ahcache) -- C:\Windows\SysNative\drivers\ahcache.sys (Microsoft Corporation)
DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\drivers\BasicDisplay.sys (Microsoft Corporation)
DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\drivers\BasicRender.sys (Microsoft Corporation)
DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\drivers\HyperVideo.sys (Microsoft Corporation)
DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\drivers\mshidumdf.sys (Microsoft Corporation)
DRV:64bit: - (acpitime) -- C:\Windows\SysNative\drivers\acpitime.sys (Microsoft Corporation)
DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\drivers\acpipagr.sys (Microsoft Corporation)
DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys (Microsoft Corporation)
DRV:64bit: - (kdnic) -- C:\Windows\SysNative\drivers\kdnic.sys (Microsoft Corporation)
DRV:64bit: - (gencounter) -- C:\Windows\SysNative\drivers\vmgencounter.sys (Microsoft Corporation)
DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\drivers\npsvctrig.sys (Microsoft Corporation)
DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\drivers\BthhfHid.sys (Microsoft Corporation)
DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\drivers\hyperkbd.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\drivers\bthhfenum.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\drivers\hidi2c.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (netvsc) -- C:\Windows\SysNative\drivers\netvsc63.sys (Microsoft Corporation)
DRV:64bit: - (NdisVirtualBus) -- C:\Windows\SysNative\drivers\NdisVirtualBus.sys (Microsoft Corporation)
DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\drivers\NdisImPlatform.sys (Microsoft Corporation)
DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\drivers\mslldp.sys (Microsoft Corporation)
DRV:64bit: - (Ndu) -- C:\Windows\SysNative\drivers\Ndu.sys (Microsoft Corporation)
DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\drivers\fxppm.sys (Microsoft Corporation)
DRV:64bit: - (bcmfn2) -- C:\Windows\SysNative\drivers\bcmfn2.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (iaStorAV) -- C:\Windows\SysNative\drivers\iaStorAV.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_GPIO) -- C:\Windows\SysNative\drivers\iaLPSSi_GPIO.sys (Intel Corporation)
DRV:64bit: - (iaLPSSi_I2C) -- C:\Windows\SysNative\drivers\iaLPSSi_I2C.sys (Intel Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (ScreamBAudioSvc) -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys (Screaming Bee LLC)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c63x64.sys (Intel Corporation)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (MotioninJoyXFilter) -- C:\Windows\SysNative\drivers\MijXfilt.sys (MotioninJoy)
DRV:64bit: - (xusb21) -- C:\Windows\SysNative\drivers\xusb21.sys (Microsoft Corporation)
DRV - (libusb0) -- C:\Windows\SysWOW64\drivers\libusb0.sys ()


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {4D487709-8636-458C-B179-07EE9FC078CC}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{4D487709-8636-458C-B179-07EE9FC078CC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS
IE - HKLM\..\SearchScopes,DefaultScope = {4D487709-8636-458C-B179-07EE9FC078CC}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{4D487709-8636-458C-B179-07EE9FC078CC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=IE10TR&src=IE10TR&pc=MAARJS


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=d4ffad36-d074-4119-8ff9-bfddfd7f5f3d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=d4ffad36-d074-4119-8ff9-bfddfd7f5f3d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [String data over 1000 bytes]
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=d4ffad36-d074-4119-8ff9-bfddfd7f5f3d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=d4ffad36-d074-4119-8ff9-bfddfd7f5f3d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..\SearchScopes,DefaultScope = {038F7505-F3F4-4735-88AF-4ACF774BC9C6}
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=ShoppingHelper&dpid=ShoppingHelper&co=DE&userid=d4ffad36-d074-4119-8ff9-bfddfd7f5f3d&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..\SearchScopes\{038F7505-F3F4-4735-88AF-4ACF774BC9C6}: "URL" = hxxp://search.gophoto.it/?pl=1&q={searchTerms}&ch=v1noadmin_1403
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..\SearchScopes\{663CE77E-14D2-44C4-B0AC-876340DFD530}: "URL" = hxxp://search.softonic.com/MOY00621/tb_v1?q={searchTerms}&SearchSource=4&cc=&mi=b0f252a90000000000007054d2bf9f59&r=46
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.5\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 24.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\msktbird@mcafee.com: C:\Program Files\McAfee\MSK

[2013.10.05 22:58:52 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Kuptz\AppData\Roaming\mozilla\Extensions
[2013.11.15 21:08:11 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://search.conduit.com/?ctid=CT3319434&octid=EB_ORIGINAL_CTID&SearchSource=55&CUI=&UM=4&UP=SP0851A865-90DF-4EC9-BD7D-DF1CB32207FF&SSPV=
CHR - plugin: Error reading preferences file
CHR - Extension: Google Drive = C:\Users\Kuptz\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: YouTube = C:\Users\Kuptz\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_1\
CHR - Extension: Google-Suche = C:\Users\Kuptz\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_1\
CHR - Extension: AdBlock = C:\Users\Kuptz\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.6.18_0\
CHR - Extension: Google Wallet = C:\Users\Kuptz\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\Kuptz\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2013.08.22 14:25:41 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [NvBackend] C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [Nvtmru] "C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" File not found
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\WINDOWS\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001..\Run: [Akamai NetSession Interface] C:\Users\Kuptz\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (Disc Soft Ltd)
O4 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O9 - Extra Button: HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O9 - Extra 'Tools' menuitem : HP Smart Print - {22CC3EBD-C286-43aa-B8E6-06B115F74162} - C:\Program Files (x86)\Hewlett-Packard\Smart Print 2.0\smartprintsetup.exe (Hewlett-Packard)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..Trusted Domains: aeriagames.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..Trusted Domains: aeriagames.com ([]https in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-4274084767-3785968379-287791435-1001\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{615C3583-638F-48CB-9314-470340ACD4EE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~2\NVIDIA~1\3DVISI~1\NVSTIN~1.DLL) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\WINDOWS\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Security Packages - (livessp) - File not found
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.03.05 13:41:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.03.03 20:12:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IminentToolbar
[2014.03.03 20:12:14 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\IminentToolbar
[2014.03.03 20:11:31 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\Cool Mirage Ltd
[2014.03.03 20:11:28 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\playnowradio
[2014.03.03 20:10:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2014.03.03 20:09:52 | 000,283,064 | ---- | C] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys
[2014.03.03 20:09:50 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\DAEMON Tools Lite
[2014.03.03 20:09:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2014.03.03 20:09:28 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2014.03.03 19:25:51 | 000,000,000 | ---D | C] -- C:\Games
[2014.03.02 22:23:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\S4League
[2014.03.02 22:20:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\S4League
[2014.03.02 22:14:26 | 1213,405,855 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\S4_League.exe
[2014.03.01 18:51:16 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\MAXON
[2014.03.01 18:51:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cinema 4D R12
[2014.03.01 18:49:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cinema 4D R12
[2014.02.23 20:32:34 | 031,432,480 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvoglv64.dll
[2014.02.23 20:32:34 | 025,256,224 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcompiler.dll
[2014.02.23 20:32:34 | 023,683,360 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglv32.dll
[2014.02.23 20:32:34 | 017,715,784 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvd3dumx.dll
[2014.02.23 20:32:34 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2014.02.23 20:32:34 | 015,740,232 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvwgf2um.dll
[2014.02.23 20:32:34 | 011,636,176 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuda.dll
[2014.02.23 20:32:34 | 011,589,272 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvopencl.dll
[2014.02.23 20:32:34 | 009,728,064 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll
[2014.02.23 20:32:34 | 009,690,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvopencl.dll
[2014.02.23 20:32:34 | 003,142,432 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuvid.dll
[2014.02.23 20:32:34 | 002,956,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll
[2014.02.23 20:32:34 | 002,782,496 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuvenc.dll
[2014.02.23 20:32:34 | 002,410,784 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll
[2014.02.23 20:32:34 | 001,885,472 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdispco6433489.dll
[2014.02.23 20:32:34 | 001,515,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdispgenco6433489.dll
[2014.02.23 20:32:34 | 000,892,192 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\NvIFR64.dll
[2014.02.23 20:32:34 | 000,875,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\NvFBC64.dll
[2014.02.23 20:32:34 | 000,863,520 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvIFR.dll
[2014.02.23 20:32:34 | 000,844,576 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvFBC.dll
[2014.02.23 20:32:34 | 000,832,424 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvumdshim.dll
[2014.02.23 20:32:34 | 000,483,104 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvEncodeAPI64.dll
[2014.02.23 20:32:34 | 000,408,352 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvEncodeAPI.dll
[2014.02.23 20:32:34 | 000,378,656 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\NvIFROpenGL.dll
[2014.02.23 20:32:34 | 000,353,504 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvoglshim64.dll
[2014.02.23 20:32:34 | 000,333,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvIFROpenGL.dll
[2014.02.23 20:32:34 | 000,305,600 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglshim32.dll
[2014.02.23 20:32:34 | 000,174,296 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvinitx.dll
[2014.02.23 20:32:34 | 000,148,528 | ---- | C] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvinit.dll
[2014.02.22 19:41:07 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2014.02.20 20:54:52 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\Desktop\Auto Musik
[2014.02.17 16:44:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Photoshop CS6
[2014.02.16 14:19:54 | 000,479,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncHost.exe
[2014.02.16 14:19:53 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncCore.dll
[2014.02.16 14:19:53 | 000,637,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SettingSyncHost.exe
[2014.02.16 14:19:53 | 000,584,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SettingSyncCore.dll
[2014.02.16 14:19:51 | 003,210,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msmpeg2vdec.dll
[2014.02.16 14:19:51 | 002,804,528 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msmpeg2vdec.dll
[2014.02.16 14:19:50 | 018,577,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Xaml.dll
[2014.02.16 14:19:49 | 002,142,936 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfcore.dll
[2014.02.16 14:19:49 | 002,131,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfcore.dll
[2014.02.16 14:19:49 | 001,928,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\combase.dll
[2014.02.16 14:19:48 | 013,925,888 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
[2014.02.16 14:19:48 | 002,617,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\authui.dll
[2014.02.16 14:19:48 | 001,371,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\combase.dll
[2014.02.16 14:19:47 | 001,399,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winmde.dll
[2014.02.16 14:19:46 | 002,295,808 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\authui.dll
[2014.02.16 14:19:46 | 001,374,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\wmpmde.dll
[2014.02.16 14:19:46 | 001,204,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\winmde.dll
[2014.02.16 14:19:45 | 000,809,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmp4srcsnk.dll
[2014.02.16 14:19:45 | 000,764,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfmpeg2srcsnk.dll
[2014.02.16 14:19:45 | 000,745,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\oleaut32.dll
[2014.02.16 14:19:45 | 000,669,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
[2014.02.16 14:19:45 | 000,470,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mfds.dll
[2014.02.16 14:19:45 | 000,282,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SystemEventsBrokerServer.dll
[2014.02.16 14:19:45 | 000,263,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bisrv.dll
[2014.02.16 14:19:45 | 000,202,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ubpm.dll
[2014.02.16 14:19:45 | 000,032,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ploptin.dll
[2014.02.16 14:19:44 | 001,415,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\lsasrv.dll
[2014.02.16 14:19:44 | 001,227,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\mispace.dll
[2014.02.16 14:19:44 | 000,663,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfmp4srcsnk.dll
[2014.02.16 14:19:44 | 000,589,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\rastls.dll
[2014.02.16 14:19:44 | 000,461,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\XpsGdiConverter.dll
[2014.02.16 14:19:44 | 000,433,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mfds.dll
[2014.02.16 14:19:44 | 000,306,688 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msieftp.dll
[2014.02.16 14:19:44 | 000,273,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.Graphics.dll
[2014.02.16 14:19:44 | 000,218,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.Graphics.dll
[2014.02.16 14:19:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\psmsrv.dll
[2014.02.16 14:19:43 | 000,980,480 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\mispace.dll
[2014.02.16 14:19:43 | 000,513,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\rastls.dll
[2014.02.16 14:19:43 | 000,336,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\XpsGdiConverter.dll
[2014.02.16 14:19:43 | 000,273,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msieftp.dll
[2014.02.16 14:19:43 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\deviceregistration.dll
[2014.02.16 14:19:43 | 000,024,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\bi.dll
[2014.02.16 14:19:43 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\drivers\BtaMPM.sys
[2014.02.15 14:27:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Start Menu 8
[2014.02.13 22:17:45 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014.02.13 22:17:45 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014.02.13 22:17:45 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014.02.13 22:17:45 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014.02.13 22:17:44 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014.02.13 22:17:44 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014.02.13 22:17:43 | 001,964,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014.02.13 22:17:43 | 000,627,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014.02.13 22:17:43 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014.02.13 22:17:43 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014.02.13 22:17:41 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014.02.13 22:17:40 | 002,041,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014.02.13 22:17:40 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014.02.13 22:17:40 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014.02.13 22:17:40 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014.02.13 22:17:40 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014.02.13 22:17:39 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014.02.13 22:17:39 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014.02.13 22:17:38 | 005,768,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014.02.13 22:17:38 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014.02.13 22:17:38 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014.02.13 22:17:27 | 004,604,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d2d1.dll
[2014.02.13 22:17:27 | 002,397,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\d3d10warp.dll
[2014.02.13 22:17:26 | 000,570,880 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msdrm.dll
[2014.02.13 22:17:25 | 007,416,832 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\Windows.UI.Search.dll
[2014.02.13 22:17:24 | 013,209,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\twinui.dll
[2014.02.13 22:17:24 | 011,702,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\twinui.dll
[2014.02.13 22:17:24 | 004,961,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\Windows.UI.Search.dll
[2014.02.13 22:17:23 | 001,462,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\propsys.dll
[2014.02.13 22:17:23 | 001,105,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SearchFolder.dll
[2014.02.13 22:17:10 | 000,548,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\vbscript.dll
[2014.02.13 22:17:09 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\pcaui.exe
[2014.02.13 22:17:09 | 000,017,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\pcaui.exe
[2014.02.13 22:17:08 | 001,113,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\KernelBase.dll
[2014.02.13 22:17:05 | 004,217,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SyncEngine.dll
[2014.02.13 22:17:03 | 002,804,224 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\actxprxy.dll
[2014.02.13 22:17:01 | 000,919,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\MrmCoreR.dll
[2014.02.13 22:17:01 | 000,870,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDrive.exe
[2014.02.13 22:17:01 | 000,720,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveTelemetry.dll
[2014.02.13 22:17:01 | 000,628,736 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\MrmCoreR.dll
[2014.02.13 22:17:01 | 000,121,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\SkyDriveShell.dll
[2014.02.13 22:17:01 | 000,115,712 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysNative\winbici.dll
[2014.02.13 22:17:01 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\SkyDriveShell.dll
[2014.02.08 14:31:46 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\Awesomium
[2014.02.08 14:19:17 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\Documents\Elder Scrolls Online
[2014.02.08 14:19:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Elder Scrolls Online
[2014.02.07 17:50:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Zenimax Online
[2014.02.06 19:43:21 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\Documents\Overlay-Optionen
[2014.02.06 19:37:51 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\Documents\Keybinder von Brooklyn
[2014.02.04 20:34:27 | 000,000,000 | ---D | C] -- C:\Users\Kuptz\AppData\Roaming\Screaming Bee
[2014.02.04 20:34:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Screaming Bee
[2014.02.04 20:34:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Screaming Bee
[3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Kuptz\*.tmp files -> C:\Users\Kuptz\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.03.05 17:20:14 | 002,634,022 | ---- | M] () -- C:\Users\Kuptz\Desktop\368010_flag-federativnoj-respubliki_1920x1080_(www.GdeFon.ru).jpg
[2014.03.05 16:48:00 | 000,001,120 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2014.03.05 16:41:00 | 000,001,383 | ---- | M] () -- C:\Users\Kuptz\Desktop\Play Now Radio.lnk
[2014.03.05 13:34:49 | 000,165,659 | ---- | M] () -- C:\MyXML.xml
[2014.03.05 13:34:40 | 000,002,199 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.03.05 13:34:39 | 000,001,116 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2014.03.05 13:22:55 | 001,776,918 | ---- | M] () -- C:\WINDOWS\SysNative\PerfStringBackup.INI
[2014.03.05 13:22:55 | 000,764,340 | ---- | M] () -- C:\WINDOWS\SysNative\perfh007.dat
[2014.03.05 13:22:55 | 000,722,278 | ---- | M] () -- C:\WINDOWS\SysNative\perfh009.dat
[2014.03.05 13:22:55 | 000,159,160 | ---- | M] () -- C:\WINDOWS\SysNative\perfc007.dat
[2014.03.05 13:22:55 | 000,135,394 | ---- | M] () -- C:\WINDOWS\SysNative\perfc009.dat
[2014.03.05 13:20:37 | 000,067,584 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2014.03.05 13:18:35 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys
[2014.03.05 13:18:32 | 2526,191,615 | -HS- | M] () -- C:\hiberfil.sys
[2014.03.04 20:11:05 | 000,007,605 | ---- | M] () -- C:\Users\Kuptz\AppData\Local\Resmon.ResmonCfg
[2014.03.04 15:47:15 | 000,214,392 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014.03.03 20:09:52 | 000,283,064 | ---- | M] (Disc Soft Ltd) -- C:\WINDOWS\SysNative\drivers\dtsoftbus01.sys
[2014.03.03 18:01:39 | 000,214,392 | ---- | M] () -- C:\WINDOWS\SysWow64\PnkBstrB.ex0
[2014.03.02 22:25:10 | 000,001,690 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2014.03.02 22:19:33 | 1213,405,855 | ---- | M] (InstallShield Software Corporation) -- C:\Program Files\S4_League.exe
[2014.03.01 18:51:13 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\Cinema 4D.lnk
[2014.02.27 14:48:10 | 005,002,184 | ---- | M] () -- C:\WINDOWS\SysNative\FNTCACHE.DAT
[2014.02.23 19:12:04 | 000,000,856 | ---- | M] () -- C:\Users\Kuptz\Desktop\Downloads.lnk
[2014.02.22 20:15:48 | 000,001,304 | ---- | M] () -- C:\Users\Kuptz\Desktop\Steam.exe - Verknüpfung.lnk
[2014.02.22 19:41:07 | 000,000,219 | ---- | M] () -- C:\Users\Kuptz\Desktop\Counter-Strike Global Offensive.url
[2014.02.17 22:00:34 | 000,693,240 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
[2014.02.17 22:00:34 | 000,105,464 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
[2014.02.17 16:47:48 | 000,000,040 | -H-- | M] () -- C:\69ED9D3C7BA8
[2014.02.17 16:47:17 | 000,001,666 | ---- | M] () -- C:\Users\Kuptz\Desktop\PsCS6.exe.lnk
[2014.02.08 19:34:51 | 031,432,480 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvoglv64.dll
[2014.02.08 19:34:51 | 025,256,224 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcompiler.dll
[2014.02.08 19:34:51 | 023,683,360 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglv32.dll
[2014.02.08 19:34:51 | 018,257,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvwgf2umx.dll
[2014.02.08 19:34:51 | 017,715,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvd3dumx.dll
[2014.02.08 19:34:51 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcompiler.dll
[2014.02.08 19:34:51 | 015,740,232 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvwgf2um.dll
[2014.02.08 19:34:51 | 014,669,032 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvd3dum.dll
[2014.02.08 19:34:51 | 011,636,176 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuda.dll
[2014.02.08 19:34:51 | 011,589,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvopencl.dll
[2014.02.08 19:34:51 | 009,728,064 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuda.dll
[2014.02.08 19:34:51 | 009,690,424 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvopencl.dll
[2014.02.08 19:34:51 | 003,142,432 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuvid.dll
[2014.02.08 19:34:51 | 003,090,184 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvapi64.dll
[2014.02.08 19:34:51 | 002,956,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvid.dll
[2014.02.08 19:34:51 | 002,782,496 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcuvenc.dll
[2014.02.08 19:34:51 | 002,713,728 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvapi.dll
[2014.02.08 19:34:51 | 002,410,784 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvcuvenc.dll
[2014.02.08 19:34:51 | 001,885,472 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdispco6433489.dll
[2014.02.08 19:34:51 | 001,515,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvdispgenco6433489.dll
[2014.02.08 19:34:51 | 000,947,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvumdshimx.dll
[2014.02.08 19:34:51 | 000,892,192 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\NvIFR64.dll
[2014.02.08 19:34:51 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\NvFBC64.dll
[2014.02.08 19:34:51 | 000,863,520 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvIFR.dll
[2014.02.08 19:34:51 | 000,844,576 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvFBC.dll
[2014.02.08 19:34:51 | 000,832,424 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvumdshim.dll
[2014.02.08 19:34:51 | 000,483,104 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvEncodeAPI64.dll
[2014.02.08 19:34:51 | 000,408,352 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvEncodeAPI.dll
[2014.02.08 19:34:51 | 000,378,656 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\NvIFROpenGL.dll
[2014.02.08 19:34:51 | 000,353,504 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvoglshim64.dll
[2014.02.08 19:34:51 | 000,333,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\NvIFROpenGL.dll
[2014.02.08 19:34:51 | 000,305,600 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvoglshim32.dll
[2014.02.08 19:34:51 | 000,174,296 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvinitx.dll
[2014.02.08 19:34:51 | 000,148,528 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysWow64\nvinit.dll
[2014.02.08 19:34:51 | 000,061,216 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysNative\OpenCL.dll
[2014.02.08 19:34:51 | 000,053,024 | ---- | M] (Khronos Group) -- C:\WINDOWS\SysWow64\OpenCL.dll
[2014.02.08 19:34:51 | 000,024,544 | ---- | M] () -- C:\WINDOWS\SysNative\nvinfo.pb
[2014.02.08 18:42:36 | 006,712,608 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvcpl.dll
[2014.02.08 18:42:36 | 003,498,272 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvc64.dll
[2014.02.08 18:42:32 | 002,559,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvsvcr.dll
[2014.02.08 18:42:32 | 000,386,336 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvmctray.dll
[2014.02.08 18:42:32 | 000,063,776 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\SysNative\nvshext.dll
[2014.02.06 12:30:12 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollectorres.dll
[2014.02.06 12:07:39 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iesetup.dll
[2014.02.06 12:06:47 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwproxystub.dll
[2014.02.06 11:56:03 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\iernonce.dll
[2014.02.06 11:49:03 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieUnatt.exe
[2014.02.06 11:48:45 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieetwcollector.exe
[2014.02.06 11:48:11 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9diag.dll
[2014.02.06 11:32:49 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ie4uinit.exe
[2014.02.06 11:17:15 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msrating.dll
[2014.02.06 11:11:37 | 005,768,704 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\jscript9.dll
[2014.02.06 11:01:36 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iesetup.dll
[2014.02.06 11:00:46 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieetwproxystub.dll
[2014.02.06 10:57:13 | 000,627,200 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\msfeeds.dll
[2014.02.06 10:52:21 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\iernonce.dll
[2014.02.06 10:50:32 | 002,041,856 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\inetcpl.cpl
[2014.02.06 10:47:22 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieUnatt.exe
[2014.02.06 10:46:27 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\jscript9diag.dll
[2014.02.06 10:25:43 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\msrating.dll
[2014.02.06 10:09:30 | 001,964,032 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\inetcpl.cpl
[2014.02.06 09:40:06 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysNative\ieapfltr.dll
[2014.02.06 09:34:31 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\SysWow64\ieapfltr.dll
[2014.02.05 18:52:50 | 003,573,739 | ---- | M] () -- C:\WINDOWS\SysNative\nvcoproc.bin
[2014.02.04 21:21:49 | 007,459,280 | ---- | M] () -- C:\Users\Kuptz\ts3_recording_14_02_04_21_21_8.wav
[3 C:\WINDOWS\SysNative\*.tmp files -> C:\WINDOWS\SysNative\*.tmp -> ]
[2 C:\WINDOWS\SysWow64\*.tmp files -> C:\WINDOWS\SysWow64\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Users\Kuptz\*.tmp files -> C:\Users\Kuptz\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.03.05 17:20:14 | 002,634,022 | ---- | C] () -- C:\Users\Kuptz\Desktop\368010_flag-federativnoj-respubliki_1920x1080_(www.GdeFon.ru).jpg
[2014.03.04 20:11:05 | 000,007,605 | ---- | C] () -- C:\Users\Kuptz\AppData\Local\Resmon.ResmonCfg
[2014.03.04 19:21:05 | 000,001,383 | ---- | C] () -- C:\Users\Kuptz\Desktop\Play Now Radio.lnk
[2014.03.02 22:25:10 | 000,001,690 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2014.03.01 18:51:13 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\Cinema 4D.lnk
[2014.02.22 20:15:48 | 000,001,304 | ---- | C] () -- C:\Users\Kuptz\Desktop\Steam.exe - Verknüpfung.lnk
[2014.02.22 19:41:07 | 000,000,219 | ---- | C] () -- C:\Users\Kuptz\Desktop\Counter-Strike Global Offensive.url
[2014.02.17 16:47:48 | 000,000,040 | -H-- | C] () -- C:\69ED9D3C7BA8
[2014.02.17 16:47:17 | 000,001,666 | ---- | C] () -- C:\Users\Kuptz\Desktop\PsCS6.exe.lnk
[2014.02.16 14:19:42 | 000,385,614 | ---- | C] () -- C:\WINDOWS\SysNative\ApnDatabase.xml
[2014.02.15 14:27:34 | 000,165,659 | ---- | C] () -- C:\MyXML.xml
[2014.02.14 21:39:24 | 000,000,914 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2014.02.13 22:17:23 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysWow64\connectedsearch-results.searchconnector-ms
[2014.02.13 22:17:23 | 000,009,701 | ---- | C] () -- C:\WINDOWS\SysNative\connectedsearch-results.searchconnector-ms
[2014.02.04 21:21:09 | 007,459,280 | ---- | C] () -- C:\Users\Kuptz\ts3_recording_14_02_04_21_21_8.wav
[2014.01.15 12:54:17 | 000,103,936 | ---- | C] () -- C:\WINDOWS\SysWow64\OEMLicense.dll
[2014.01.14 16:41:23 | 000,214,392 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrB.exe
[2014.01.14 16:41:23 | 000,076,888 | ---- | C] () -- C:\WINDOWS\SysWow64\PnkBstrA.exe
[2013.12.20 22:54:26 | 000,327,680 | ---- | C] () -- C:\WINDOWS\mss32.dll
[2013.12.15 20:51:40 | 000,033,792 | ---- | C] () -- C:\WINDOWS\SysWow64\drivers\libusb0.sys
[2013.12.14 22:02:15 | 000,003,334 | ---- | C] () -- C:\Users\Kuptz\AppData\Local\recently-used.xbel
[2013.10.20 10:36:55 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2013.10.13 12:57:36 | 000,000,132 | ---- | C] () -- C:\Users\Kuptz\AppData\Roaming\Adobe BMP-Format CC - Voreinstellungen
[2013.10.13 12:55:33 | 000,001,456 | ---- | C] () -- C:\Users\Kuptz\AppData\Local\Adobe Für Web speichern 13.0 Prefs
[2013.10.12 10:18:22 | 018,157,520 | ---- | C] () -- C:\Users\Kuptz\ts3_recording_13_10_12_11_18_20.wav
[2013.10.11 16:17:53 | 034,936,400 | ---- | C] () -- C:\Users\Kuptz\ts3_recording_13_10_11_17_17_51.wav
[2013.08.22 16:36:43 | 000,215,943 | ---- | C] () -- C:\WINDOWS\SysWow64\dssec.dat
[2013.08.22 16:36:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\SysWow64\NOISE.DAT
[2013.08.22 15:46:23 | 000,067,584 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2013.08.22 08:01:23 | 000,043,131 | ---- | C] () -- C:\WINDOWS\mib.bin
[2013.08.22 04:32:36 | 000,046,080 | ---- | C] () -- C:\WINDOWS\SysWow64\BWContextHandler.dll
[2013.08.22 00:55:20 | 000,364,544 | ---- | C] () -- C:\WINDOWS\SysWow64\msjetoledb40.dll
[2013.08.22 00:52:39 | 000,673,088 | ---- | C] () -- C:\WINDOWS\SysWow64\mlang.dat
[2012.07.25 21:22:56 | 000,267,284 | ---- | C] () -- C:\WINDOWS\SysWow64\igvpkrng600.bin
[2012.07.25 21:22:54 | 000,963,376 | ---- | C] () -- C:\WINDOWS\SysWow64\igcodeckrng600.bin
[2012.06.19 17:52:42 | 000,001,536 | ---- | C] () -- C:\WINDOWS\SysWow64\IusEventLog.dll

========== ZeroAccess Check ==========

[2014.01.14 16:40:33 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.11.23 12:49:06 | 021,196,664 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.11.23 09:19:35 | 018,642,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2013.08.22 10:49:49 | 000,921,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2013.08.22 03:45:10 | 000,691,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2013.08.22 10:45:17 | 000,483,840 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2014.02.17 16:22:49 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\.minecraft
[2013.11.11 22:42:41 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Aeria Games & Entertainment
[2014.02.08 14:31:46 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Awesomium
[2014.03.05 17:30:10 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\BitTorrent
[2014.03.03 20:11:34 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Cool Mirage Ltd
[2014.03.03 20:09:50 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\DAEMON Tools Lite
[2014.02.26 15:56:20 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\DVDVideoSoft
[2014.03.03 20:12:14 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\IminentToolbar
[2013.10.04 18:35:49 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\LolClient
[2014.03.01 18:51:16 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\MAXON
[2014.03.03 20:09:49 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\OpenCandy
[2014.01.18 21:16:31 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Origin
[2013.10.09 15:00:20 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\PDAppFlex
[2014.03.03 20:11:28 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\playnowradio
[2013.10.04 15:39:00 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Riot Games
[2014.02.04 20:35:34 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Screaming Bee
[2013.10.05 22:54:37 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Sony
[2013.11.15 13:07:33 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\TeamViewer
[2013.11.11 17:34:09 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\TechSmith
[2013.10.20 08:56:18 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\TERA
[2013.10.05 22:58:52 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\Thunderbird
[2014.03.05 17:18:03 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\TS3Client
[2013.11.15 21:09:33 | 000,000,000 | ---D | M] -- C:\Users\Kuptz\AppData\Roaming\TuneUp Software

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 237 bytes -> C:\Users\Kuptz\SkyDrive:ms-properties

< End of report >
         
--- --- ---

Alt 06.03.2014, 07:02   #2
schrauber
/// the machine
/// TB-Ausbilder
 

PlayNowRadio Trojaner - Standard

PlayNowRadio Trojaner



hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.





Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________

Alt 06.03.2014, 15:45   #3
DTiRusT
 
PlayNowRadio Trojaner - Standard

PlayNowRadio Trojaner



Hi Schrauber,
Danke das sie mir Helfen wollten, aber da ich das Programm gestern
Erfolgreich von meinem Computer Entfernen konnte
Können sie denn Thread schließen.
MfG
David K.

PS: ein anderer Thread hat mir dabei geholfen
Link: hxxp://www.trojaner-board.de/150583-trojaner-play-now-radio-entfernen.html
__________________

Alt 07.03.2014, 13:22   #4
schrauber
/// the machine
/// TB-Ausbilder
 

PlayNowRadio Trojaner - Standard

PlayNowRadio Trojaner



ok
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Antwort

Themen zu PlayNowRadio Trojaner
akamai, avira, bho, bonjour, converter, desktop, ebay, error, firefox, google, homepage, iexplore.exe, install.exe, logfile, monitor.exe, mp3, msiinstaller, popup, preferences, problem, realtek, registry, scan, security, shark, software, teamspeak, trojaner, windows



Zum Thema PlayNowRadio Trojaner - Hallöchen Zusammen, Ich Bin der David und habe seit 2 Tagen den Trojaner "PlayNowRadio". Da ich im Internet nach kurzer Recherche Fündig wurde wollt ich das Problem mit euch lösen. - PlayNowRadio Trojaner...
Archiv
Du betrachtest: PlayNowRadio Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.