Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Werbevirus Oxy

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 02.04.2014, 18:44   #16
sunjojo
/// Malwareteam
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Zitat:
Auf der Seite passiert nichts bis auf "Werbung", und wollte es ehrlich gesagt nich ausprobieren irgendwo drauf zu drücken, immer direkt neuen Tab gestartet.
Hartnäckig das Teil. Mach mal bitte folgendes:


Schritt 1
Öffne deinen Google Chrome Browser.
  • Klicke auf das Chrome-Menü (rechts im Browser).
  • Wähle nun "Einstellungen" in dem Menü aus.
  • Scrolle nach unten und klicke "Erweiterte Einstellungen anzeigen" an.
  • Nun werden dir weitere Optionen angezeigt. Wähle aus (letzter Punkt der Einstellungsmöglichkeiten).
  • Ein Fenster wird geöffnet, in welchem du "Zurücksetzen" auswählst.
  • Jetzt werden deine aktuellen Browsereinstellungen zurückgesetzt (Startseite, Suchseite, ...), Erweiterungen und Designs deaktiviert.

Schritt 2
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden ).
  • Doppelklick auf die OTL.exe
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimal Ausgabe
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

Ist das Problem in Google Chrome noch vorhanden?



Poste folgende Logfiles in deiner nächsten Antwort:
  • OTL-Scan
__________________
Gruß,

Jonas

Alt 03.04.2014, 16:09   #17
Vime
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Ist in Google Chrome noch vorhanden.


Code:
ATTFilter
OTL logfile created on: 02.04.2014 20:13:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KomaKuh\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 51,10% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 725,47 Gb Free Space | 77,89% Space Free | Partition Type: NTFS
Drive F: | 7,26 Gb Total Space | 0,01 Gb Free Space | 0,08% Space Free | Partition Type: FAT32
 
Computer Name: KOMAKUH-PC | User Name: KomaKuh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\KomaKuh\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe ()
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.78\deploy\LolClient.exe ()
PRC - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\RiotLauncher.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\33.0.1750.154\chrome_elf.dll ()
MOD - C:\Riot Games\League of Legends\RADS\projects\lol_air_client\releases\0.0.1.78\deploy\LolClient.exe ()
MOD - C:\Riot Games\League of Legends\RADS\system\rads_user_kernel.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runt73a1fc9d#\e329906c12dea639b0bb56143dfa8fc4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\e9883c6aff20fa3611ffe42322bf8a51\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\835995cb3fbaa0382d4eb962a88f503e\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\aab789fb8e9675f0a3d90602148e2175\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0a81bada44a029dd28fed217513ad24d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\c945f3a92565d12cb482a0345d9856e5\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\bfbc088cc59aba62f5329e591625e5f4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\6fa468188705932387c89c28c77e3367\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d5cfc19d54290dc150dedcc6a58cf6ba\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\62babec3a3f651eb0214234a160a975d\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\0bcfa477c2670c4343ffdf576810d81d\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\bff5f538eab1eb8a5c42e9867715de33\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\10ac4ed5a22a4882529e01cf7bd8b895\mscorlib.ni.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf LTD)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadserd) -- C:\Windows\SysNative\drivers\ssadserd.sys (MCCI Corporation)
DRV:64bit: - (androidusb) -- C:\Windows\SysNative\drivers\ssadadb.sys (Google Inc)
DRV:64bit: - (ssadmdfl) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (SaiNtBus) -- C:\Windows\SysNative\drivers\SaiBus.sys (Saitek)
DRV:64bit: - (SaiMini) -- C:\Windows\SysNative\drivers\SaiMini.sys (Saitek)
DRV:64bit: - (SaiK1703) -- C:\Windows\SysNative\drivers\SaiK1703.sys (Saitek)
DRV:64bit: - (SaiU1703) -- C:\Windows\SysNative\drivers\SaiU1703.sys (Saitek)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation)
DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (xnacc) -- C:\Windows\SysNative\drivers\xnacc.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Research Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AtiPcie) -- C:\Windows\SysNative\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.)
DRV - (AODDriver4.2.0) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA 61 04 28 EB DE CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {758B870D-DF78-4A6A-9955-DEDDCACF94DC}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\..\SearchScopes\{758B870D-DF78-4A6A-9955-DEDDCACF94DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_12_0_0_77.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.51.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.23.9\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
 
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&gs_ri={google:suggestRid}&xssi=t&q={searchTerms}&{google:cursorPosition}{google:currentPageUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/de
CHR - plugin: Error reading preferences file
CHR - Extension: Google Docs = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.7.4_0\
CHR - Extension: Google-Suche = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Auto Replay for YouTubeâ„¢ = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb\1.9.33_0\
CHR - Extension: Google Wallet = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_0\
CHR - Extension: Google Mail = C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{83289611-1BCC-4EF6-A775-A8C441C32F86}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O22:64bit: - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\SysNative\DreamScene.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b1400c0-4adb-11e3-9f77-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{0b1400c0-4adb-11e3-9f77-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2014.04.02 20:12:01 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\KomaKuh\Desktop\OTL.exe
[2014.04.02 14:28:07 | 000,692,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.02 14:28:07 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.02 14:28:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed
[2014.04.02 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2014.04.02 14:25:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe
[2014.04.02 14:06:23 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2014.04.02 14:06:19 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2014.04.02 14:06:19 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2014.04.02 14:06:19 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2014.04.02 14:06:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2014.04.02 13:59:24 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2014.04.02 13:57:33 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2014.04.02 13:55:05 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.02 13:55:05 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014.04.02 13:55:02 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.04.02 13:55:02 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.02 13:55:02 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.04.02 13:55:02 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014.04.02 13:55:02 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.02 13:55:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.02 13:55:02 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014.04.02 13:55:02 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014.04.02 13:55:02 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.04.02 13:55:02 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.02 13:55:02 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.02 13:55:02 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.02 13:55:02 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014.04.02 13:55:02 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014.04.02 13:55:02 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014.04.02 13:55:02 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014.04.02 13:55:02 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.02 13:55:02 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.02 13:55:02 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014.04.02 13:55:02 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014.04.02 13:55:02 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014.04.02 13:55:02 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014.04.02 13:55:02 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014.04.02 13:55:02 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.02 13:55:02 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014.04.02 13:55:02 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.04.02 13:55:02 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014.04.02 13:55:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014.04.02 13:55:02 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.04.02 13:55:02 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014.04.02 13:55:02 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014.04.02 13:55:02 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014.04.02 13:55:02 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.04.02 13:55:02 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014.04.02 13:55:02 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014.04.02 13:55:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.04.02 13:55:02 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.02 13:55:02 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014.04.02 13:55:02 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.02 13:55:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014.04.02 13:55:02 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014.04.02 13:55:02 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.02 13:55:02 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.02 13:55:02 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014.04.02 13:55:02 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014.04.02 13:55:02 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014.04.02 13:55:01 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.02 13:55:01 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.04.02 13:55:01 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.02 13:55:01 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.04.02 13:55:01 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.02 13:55:01 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014.04.02 13:55:01 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.02 13:55:01 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.02 13:55:01 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014.04.02 13:55:01 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.02 13:55:01 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014.04.02 13:55:01 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.02 13:55:01 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014.04.02 13:55:01 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014.04.02 13:55:01 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014.04.02 13:55:01 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.02 13:55:01 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014.04.02 13:55:01 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.02 13:55:01 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014.04.02 13:55:01 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.04.02 13:55:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.04.02 13:55:01 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014.04.02 13:55:01 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014.04.02 13:55:01 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.02 13:55:01 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014.04.02 13:55:01 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.02 13:55:01 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014.04.02 13:55:01 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.02 13:55:01 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.02 13:55:01 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014.04.02 13:55:01 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014.04.02 13:55:01 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.02 13:54:19 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014.04.02 13:54:19 | 000,243,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014.04.02 13:54:19 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014.04.02 13:54:19 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014.04.02 13:54:18 | 005,549,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014.04.02 13:54:18 | 003,969,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.04.02 13:54:18 | 003,914,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.04.02 13:54:18 | 001,732,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014.04.02 13:54:18 | 000,878,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014.04.02 13:54:18 | 000,859,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014.04.02 13:54:18 | 000,619,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014.04.02 13:54:18 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014.04.02 13:54:18 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014.04.02 13:54:18 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014.04.02 13:54:18 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014.04.02 13:54:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014.04.01 18:14:28 | 000,119,512 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.01 18:14:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware 
[2014.04.01 18:14:21 | 000,088,280 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.04.01 18:14:21 | 000,063,192 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.04.01 18:14:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ Malwarebytes Anti-Malware 
[2014.03.31 20:37:04 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Local\GCC
[2014.03.31 19:20:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\337
[2014.03.31 15:48:15 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Appadaumen.de
[2014.03.31 15:27:50 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\Desktop\saves FRST
[2014.03.30 12:35:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net
[2014.03.24 22:06:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2014.03.24 22:06:18 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
[2014.03.24 22:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2014.03.24 22:06:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2014.03.23 08:42:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Overwolf
[2014.03.21 22:23:18 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2014.03.21 22:23:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2014.03.21 22:22:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
[2014.03.21 22:21:10 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2014.03.19 16:16:30 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\Desktop\Skin Installer
[2014.03.18 16:34:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MarkAny
[2014.03.18 16:30:10 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2014.03.17 22:58:11 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\Desktop\töhöhö
[2014.03.16 16:37:06 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
[2014.03.16 16:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer
[2014.03.10 21:49:56 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\Desktop\Betriebspraktikum
[2014.03.08 23:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Picroma
[2014.03.08 23:07:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World
[2014.03.08 23:07:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cube World
[2014.03.08 11:22:18 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Local\ElevatedDiagnostics
[2014.03.08 00:45:58 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Roaming\Rogue Legacy
[2014.03.08 00:45:57 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\Documents\SavedGames
[2014.03.06 12:34:56 | 000,000,000 | ---D | C] -- C:\Users\KomaKuh\AppData\Local\Skype
[2014.03.06 12:34:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014.03.06 12:34:47 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2014.03.05 11:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacksSetup
 
========== Files - Modified Within 30 Days ==========
 
[2014.04.02 20:12:05 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\KomaKuh\Desktop\OTL.exe
[2014.04.02 20:06:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.04.02 19:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.04.02 15:06:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.04.02 14:30:06 | 000,000,905 | ---- | M] () -- C:\Users\KomaKuh\Desktop\Mausi3.application - Verknüpfung.lnk
[2014.04.02 14:28:07 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2014.04.02 14:28:07 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2014.04.02 14:25:32 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014.04.02 14:21:50 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.04.02 14:21:50 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.04.02 14:06:16 | 001,619,284 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2014.04.02 14:06:16 | 000,699,092 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2014.04.02 14:06:16 | 000,653,930 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2014.04.02 14:06:16 | 000,149,232 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2014.04.02 14:06:16 | 000,121,802 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2014.04.02 14:01:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.04.02 14:00:57 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2014.04.02 13:55:05 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2014.04.02 13:55:05 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2014.04.02 13:55:02 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2014.04.02 13:55:02 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2014.04.02 13:55:02 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2014.04.02 13:55:02 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2014.04.02 13:55:02 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2014.04.02 13:55:02 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2014.04.02 13:55:02 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2014.04.02 13:55:02 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2014.04.02 13:55:02 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2014.04.02 13:55:02 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2014.04.02 13:55:02 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2014.04.02 13:55:02 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2014.04.02 13:55:02 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2014.04.02 13:55:02 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2014.04.02 13:55:02 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2014.04.02 13:55:02 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2014.04.02 13:55:02 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2014.04.02 13:55:02 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2014.04.02 13:55:02 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2014.04.02 13:55:02 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2014.04.02 13:55:02 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2014.04.02 13:55:02 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2014.04.02 13:55:02 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2014.04.02 13:55:02 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2014.04.02 13:55:02 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2014.04.02 13:55:02 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2014.04.02 13:55:02 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2014.04.02 13:55:02 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2014.04.02 13:55:02 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2014.04.02 13:55:02 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2014.04.02 13:55:02 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2014.04.02 13:55:02 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2014.04.02 13:55:02 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2014.04.02 13:55:02 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2014.04.02 13:55:02 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2014.04.02 13:55:02 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2014.04.02 13:55:02 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2014.04.02 13:55:02 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2014.04.02 13:55:02 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2014.04.02 13:55:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2014.04.02 13:55:02 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2014.04.02 13:55:02 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2014.04.02 13:55:02 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2014.04.02 13:55:02 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2014.04.02 13:55:02 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2014.04.02 13:55:02 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2014.04.02 13:55:02 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2014.04.02 13:55:01 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2014.04.02 13:55:01 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2014.04.02 13:55:01 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2014.04.02 13:55:01 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2014.04.02 13:55:01 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2014.04.02 13:55:01 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2014.04.02 13:55:01 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2014.04.02 13:55:01 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2014.04.02 13:55:01 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2014.04.02 13:55:01 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2014.04.02 13:55:01 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2014.04.02 13:55:01 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2014.04.02 13:55:01 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2014.04.02 13:55:01 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2014.04.02 13:55:01 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2014.04.02 13:55:01 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2014.04.02 13:55:01 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2014.04.02 13:55:01 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2014.04.02 13:55:01 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2014.04.02 13:55:01 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2014.04.02 13:55:01 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2014.04.02 13:55:01 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2014.04.02 13:55:01 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2014.04.02 13:55:01 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2014.04.02 13:55:01 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2014.04.02 13:55:01 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2014.04.02 13:55:01 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2014.04.02 13:55:01 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2014.04.02 13:55:01 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2014.04.02 13:55:01 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2014.04.02 13:55:01 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2014.04.02 13:55:01 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2014.04.02 13:55:01 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2014.04.02 13:54:19 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2014.04.02 13:54:19 | 000,243,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2014.04.02 13:54:19 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2014.04.02 13:54:19 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2014.04.02 13:54:18 | 005,549,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2014.04.02 13:54:18 | 003,969,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2014.04.02 13:54:18 | 003,914,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2014.04.02 13:54:18 | 001,732,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntdll.dll
[2014.04.02 13:54:18 | 000,878,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\advapi32.dll
[2014.04.02 13:54:18 | 000,859,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdh.dll
[2014.04.02 13:54:18 | 000,619,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdh.dll
[2014.04.02 13:54:18 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2014.04.02 13:54:18 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2014.04.02 13:54:18 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2014.04.02 13:54:18 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2014.04.02 13:54:18 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2014.04.01 18:34:59 | 000,119,512 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\MBAMSwissArmy.sys
[2014.04.01 18:34:24 | 000,001,098 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.03.31 19:19:14 | 000,773,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr100.dll
[2014.03.31 19:19:14 | 000,420,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcp100.dll
[2014.03.21 22:18:55 | 001,592,628 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2014.03.16 22:11:44 | 000,035,067 | ---- | M] () -- C:\Gothic.RPT
[2014.03.16 17:00:01 | 000,000,743 | ---- | M] () -- C:\Users\KomaKuh\Desktop\Ymironn.lnk
[2014.03.05 09:26:18 | 000,063,192 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mwac.sys
[2014.03.05 09:26:08 | 000,088,280 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2014.03.05 09:26:04 | 000,025,816 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2014.04.02 14:30:06 | 000,000,905 | ---- | C] () -- C:\Users\KomaKuh\Desktop\Mausi3.application - Verknüpfung.lnk
[2014.04.02 14:28:08 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.04.02 14:25:32 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2014.04.02 14:25:32 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2014.04.02 13:55:02 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2014.04.02 13:55:01 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2014.04.01 18:14:23 | 000,001,098 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2014.03.16 19:17:22 | 000,035,067 | ---- | C] () -- C:\Gothic.RPT
[2014.03.16 16:37:06 | 000,000,743 | ---- | C] () -- C:\Users\KomaKuh\Desktop\Ymironn.lnk
[2014.02.12 11:04:41 | 000,003,584 | ---- | C] () -- C:\Users\KomaKuh\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2014.01.26 23:12:35 | 000,000,218 | ---- | C] () -- C:\Users\KomaKuh\AppData\Local\recently-used.xbel
[2014.01.01 19:36:22 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2014.01.01 19:13:30 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2013.12.19 19:33:02 | 000,000,145 | ---- | C] () -- C:\Users\KomaKuh\AppData\Roaming\WB.CFG
[2013.12.06 17:44:26 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2013.11.11 19:18:03 | 000,000,600 | ---- | C] () -- C:\Users\KomaKuh\AppData\Local\PUTTY.RND
[2013.11.11 17:18:04 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.11.11 16:31:34 | 000,015,872 | ---- | C] () -- C:\Windows\AsTaskSched.dll
[2013.11.11 16:31:31 | 000,001,746 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.11.11 16:28:22 | 000,165,376 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2013.11.11 16:28:22 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2013.11.11 16:28:21 | 000,810,496 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2013.11.11 16:28:21 | 000,183,808 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2013.11.11 16:28:21 | 000,080,896 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2013.11.11 16:26:25 | 001,592,628 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.10.08 15:39:08 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.10.08 15:39:08 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.10.08 14:56:12 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.10.08 14:56:12 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.04.18 20:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.04.18 20:06:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2013.04.18 20:06:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2013.04.18 20:06:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2013.04.18 20:06:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 04:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 03:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 40 bytes -> C:\ProgramData\MTA San Andreas All:NT
@Alternate Data Stream - 40 bytes -> C:\ProgramData:NT

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 02.04.2014 20:13:03 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\KomaKuh\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,04 Gb Available Physical Memory | 51,10% Memory free
8,00 Gb Paging File | 5,63 Gb Available in Paging File | 70,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 725,47 Gb Free Space | 77,89% Space Free | Partition Type: NTFS
Drive F: | 7,26 Gb Total Space | 0,01 Gb Free Space | 0,08% Space Free | Partition Type: FAT32
 
Computer Name: KOMAKUH-PC | User Name: KomaKuh | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [userfull] -- cmd.exe /c takeown /f "%1" /r /d j && icacls "%1" /grant Benutzer:F /T /C /L (Microsoft Corporation)
Directory [usernormal] -- cmd.exe /c icacls "%1" /reset /T /C /L (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\S-1-5-21-2380258265-3006174749-279724184-1001]
"EnableNotifications" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 4
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{123BC611-7280-469C-926A-36375E023C51}" = rport=445 | protocol=6 | dir=out | app=system | 
"{2321D26D-472D-43B5-8B7A-3767D81B3A60}" = rport=137 | protocol=17 | dir=out | app=system | 
"{2E2FEE7D-10D9-4C42-8E7A-86A5B10BB242}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3308C10C-1958-4F84-8AF9-33C330344195}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{353F8A4A-79ED-4A17-8E31-0F517ECD5312}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3A91A7B9-8D82-4C80-A088-093CBFF16CF6}" = lport=58384 | protocol=17 | dir=in | name=pando media booster | 
"{3EF2E380-920A-4150-AC82-DF9BE48BAFD5}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{57B9813C-CEDC-4876-AA69-BD09575919E4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{59541B7F-4B62-4670-813C-97E9DC89F186}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5ACA6D1F-FD3B-4D40-8B7C-E4FFF8FD6401}" = lport=137 | protocol=17 | dir=in | app=system | 
"{6148403F-E4CC-4285-ADA8-3F02D8D870B0}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{795422A6-82A2-43AA-8D76-8CF8ECBABCE4}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7F308C44-BF89-48AE-96EB-1BE93B50BA8D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{84F33D9F-2B02-47A5-A8FD-7D3009CFBA2C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{91C636D5-4E34-4C65-8355-54B16C2224C8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9B24AA5D-D72F-4324-ABF5-27C56F849D3B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A2726D34-2827-48F6-BBD2-49E6C9C4911C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{ABE50411-0FC0-4B1F-A6AD-70857082DD52}" = lport=58384 | protocol=6 | dir=in | name=pando media booster | 
"{ADF79002-7EC9-4E8F-AF0A-5C51B8CE97AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BF856515-90F4-45D4-9FBC-99657762BEC3}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{BF99DC54-058A-4FEA-8F65-CA9FEFC3DD6C}" = lport=58384 | protocol=6 | dir=in | name=pando media booster | 
"{D09D56C7-EF29-43A5-80C3-AAC92EF559FC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{D3308BE6-5AB7-4A85-A711-C9D7BE6432D9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D6579A1F-A669-49DF-A114-26A8F71D91E9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E8EC7D2E-DDE3-4B11-ACFD-474597F6E2B1}" = lport=58384 | protocol=17 | dir=in | name=pando media booster | 
"{EB80B1FA-1CB8-4C09-8D6B-8FB68B5A6928}" = rport=139 | protocol=6 | dir=out | app=system | 
"{F2EC83F9-45C3-4FB0-92C4-F7A2ECB45815}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05644A68-8E66-4477-B7F8-E21A056AB7E3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{073F862F-B86D-4F6C-84EC-12B951CD55DD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0F3333EB-564E-45DA-9C9A-4181B79B42E5}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{0F6E570C-8D65-4CEB-88B8-6BB424C632B0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{14545E69-3317-4E20-B48A-B59A82D897F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{172A775C-1420-41C4-8696-B59C4A4879F3}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{17E8C5C0-2E8B-45AF-A083-6D004E6308EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\hammerwatch.exe | 
"{1B76E08C-48C9-4F9C-BCE5-DFE5ACD622D5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2305F6CF-D1C0-4B12-B32C-9F614A1361C0}" = protocol=17 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{242AB66A-C631-40F8-AE87-A64B7930CF76}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{268EE28F-AE75-4F42-809C-45E1E6B89281}" = protocol=6 | dir=in | app=c:\users\receful\appdata\roaming\spotify\spotify.exe | 
"{2DEAD4CC-0E48-4AA2-B2AB-031D0FA735D1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\10000000\10000000.exe | 
"{2F1A22C8-9881-4278-AB9A-02B3C91FD277}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{31002B09-DD0D-4DCB-AE27-A02D6ABF2117}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe | 
"{3489CFF0-3F16-4F2F-86E0-1B0DB7C29060}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{36932388-7DBC-4A76-8C5A-A640A7AC0C33}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | 
"{36B76C9B-9F0C-4AD9-AB68-5A79812EE8AF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{3A0E02C1-E6AA-43A2-A937-8E26E218BFA4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{3B7EEBC3-D54D-46B0-BDB3-7F47341FF01A}" = protocol=6 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{3E10EE02-0720-4F7F-B3BC-6637FE1CE0B7}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{3F89260A-AE24-4432-B879-9713A0520A44}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{43F8239A-159C-4766-BC74-7E228BC6B21B}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{44EBE429-3984-4095-93F6-83EE3662CA66}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{45A0002A-60C3-49F1-AF43-B77F17351EBC}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{4BDC25F8-22B4-4D65-B298-9D855CE318A0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{4EB3B81D-C723-43F2-BC61-01675BB0573B}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{52EC4B7A-B390-448C-8282-6C9BF3F8B62A}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\editor\hammereditor.exe | 
"{530FD36F-3E8A-41F0-AF4B-CF706CE19F74}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{543ACA61-7906-4C8D-8044-A2853D9A10C0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5DC143CE-7654-4DC3-A178-0985D2211DB2}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe | 
"{62F12AB0-9177-476F-8B54-F96B9736D82E}" = protocol=17 | dir=in | app=c:\program files (x86)\battle.net\battle.net.exe | 
"{64CAD4B1-9FF1-4E31-B01B-EF7332C0BD4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{64D35019-6E2E-40CA-B42C-A46845D92D9B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe | 
"{68F69380-B5B2-4FA6-93E4-FFE0B565ECBE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"{692B9AE0-46EC-42F1-9B76-6F8DA4A4F561}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{6A2CB3E8-2593-4C6E-80A6-FDD112A50BE2}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2737\agent.exe | 
"{6DA84F03-C563-49FE-B3E5-A92EF37264D4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spectraball\spectraball.exe | 
"{6EBC1B17-2808-4583-B25D-A4031790A11D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe | 
"{6F37618F-A043-487D-B3D0-A4475041AC44}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{6FCC4032-1355-4C77-A130-5CDFEDF27763}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{745A0279-61C8-48BE-9F65-20581C640E84}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2380\agent.exe | 
"{76B94758-0E1C-407A-9C83-4AF9560C49B8}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{773B497E-C736-47EF-802D-F8744328239E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7A3278DD-46EB-4613-9181-325805A3CE91}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe | 
"{7C9596AB-26B5-4E12-93AE-933BA030C1F3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7DE02477-5C65-45D1-8399-DC9B1BC399F9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7EBB09DD-4E7D-4714-AA89-041BDE94C3AA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{83F47E0C-FE16-4313-8219-5A07115133FB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final exam\final_exam.exe | 
"{8D3FBDC2-AB4C-4AC9-9DEB-2C96F33E88DA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe | 
"{8F80A044-4F47-4087-87C3-7A26A5D9B9B1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terraria.exe | 
"{8FDC356D-2BAD-4484-8DB4-87E98330C3BA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9139D2BC-D031-4B08-A3F4-3884AA4D14DA}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{95B384E4-1F1A-49DC-8B81-C34E14D51FF7}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\supercratebox\supercratebox.exe | 
"{97A05DCA-D182-44C1-8EE4-38ED4584C2EF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\spectraball\spectraball.exe | 
"{990C10B8-554B-4478-B020-0F56F61625CE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\rogue legacy\roguelegacy.exe | 
"{9A80CCC8-8EDC-4AF7-9EB6-ADFB69E8932F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe | 
"{A0789EA1-03D9-41F5-93D8-5F7DE0FB9752}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\electronicsuperjoy\electronicsuperjoy.exe | 
"{A1485D23-E8FE-4DB3-9560-863421EBF058}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{A717024E-C9DF-4258-99DE-8B04AEE7CCE6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A9DB2AF9-3A81-4057-8196-79A61A0FA152}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{AE457D62-EF48-46D5-9F84-E73770939E82}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{AF8D90F5-EBF8-46CC-9C1B-C3E51FF0C141}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B05E8976-C2CA-478A-B62B-3AF8BA077F31}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\garrysmod\hl2.exe | 
"{B8CC5A7D-ADAA-446E-BC44-CE8724958E4E}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe | 
"{B8CF4C45-DDAA-4C5E-A1A9-54E1D2609B8A}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2753\agent.exe | 
"{BB5CAE00-59B9-4AC1-9417-F993E30422E0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\killingfloor\system\killingfloor.exe | 
"{BF2D62DA-EDD7-4E1F-96D1-A37F3A2E3D1F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\final exam\final_exam.exe | 
"{C26E9A55-8230-4B44-88FE-6619F7BB3FDC}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{C2984DAD-62EA-4139-884B-33559D2A1B22}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{C2E01FD5-C7D9-46B5-AD15-A53CE11677C6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C348057A-76C8-4EA2-A73B-292326A11A65}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C3832544-6C89-4FAC-A7D3-EBD2961F8701}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\10000000\10000000.exe | 
"{C475EA98-42C8-49CF-98DF-D5F9A8B6AD38}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2581\agent.exe | 
"{C8003B3A-A7F8-45D6-BFD6-37A27B12345E}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\mark_of_the_ninja\bin\game.exe | 
"{CCBA237B-0303-483B-ABA3-01F5D22E2227}" = protocol=6 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{CD57A3F5-92E6-411B-8003-8BBD0BFA1BD1}" = protocol=6 | dir=in | app=c:\users\public\documents\blizzard entertainment\world of warcraft\wow-x.x.x.x-4.0.0.12911-eu-downloader.exe | 
"{D34BDA32-1DE4-46B0-B1A3-8C5002BAB451}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\path of exile\pathofexilesteam.exe | 
"{D4ED9D56-D5E6-4C90-A1CF-56FAA6137768}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.2328\agent.exe | 
"{D55BEF1F-F90C-445A-A049-E2E0F68ED087}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe | 
"{D88235A3-3D1A-40D1-9074-01728F73A826}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D97672EA-4AE9-4314-800D-574069F9E514}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2417\agent.exe | 
"{DC66BC16-D453-4C06-BB7F-54A06E4DB5DC}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DCB32BAE-2278-4EFF-9C51-5E8EC4A3BE16}" = protocol=17 | dir=in | app=c:\program files (x86)\hearthstone\hearthstone.exe | 
"{DCC68D8C-9019-462B-9728-AF485A48D352}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2426\agent.exe | 
"{DFBEDDA0-896F-4C40-A698-563DDCE18050}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\loadout\loadout.exe | 
"{E3848140-CBBF-403B-B168-C3CFBC42C453}" = protocol=17 | dir=in | app=c:\users\receful\appdata\roaming\spotify\spotify.exe | 
"{E58FF873-FEF5-4070-ACD8-15DF8C1E6359}" = dir=in | app=c:\users\komakuh\appdata\local\gcc\controller.exe | 
"{E628905F-C648-4674-88BD-6CEE18118932}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\koareckoning\reckoning.exe | 
"{E64ABAE6-861E-493A-899A-7BBAA3AEDB24}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{EA4A7E52-EF5E-47D7-9A51-5EB5849DD6D6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\counter-strike source\hl2.exe | 
"{EB839A38-86F0-4EA0-A26A-B0DBEEEACAC4}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2417\agent.exe | 
"{EFCE340A-3C36-44CC-AA3D-65EA8CC7A06C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F04FA9F1-401A-4682-82A9-940365753DF0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{F0C58EB9-DCF3-4D29-A133-E0F334E1C17C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\editor\hammereditor.exe | 
"{F5E1BFFB-A591-49BD-9F3F-ECE413BC36B0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\hammerwatch\hammerwatch.exe | 
"{F8A88E17-93B8-4FEF-86CA-27EDD6713A86}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.2717\agent.exe | 
"{F8D4AFE3-F0F0-48CC-9838-81DFB3AD75CE}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2638\agent.exe | 
"{FC9EF6EB-9937-44B7-B82F-39FD9235DAD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FF401AEE-26F8-455A-823D-75267CE1BD26}" = protocol=6 | dir=out | app=system | 
"{FFE6D4EF-0F74-4A4D-81C3-1DB5D5649AB1}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.beta.2514\agent.exe | 
"TCP Query User{54E3560D-7728-4D5F-8638-5E92B3BD4117}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{E52B67A4-ECB0-4234-9D2A-4A9B91528961}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"TCP Query User{F10CDE77-3B98-49A4-BC49-C7DF5FCE31A8}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe | 
"UDP Query User{7C7A69E3-8F3A-4468-8892-412C235A01B9}C:\program files (x86)\lolreplay\lolreplay.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lolreplay\lolreplay.exe | 
"UDP Query User{907FB873-A117-4A4C-B501-748C0A027090}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{B0A733A0-5A9A-4B89-BF7B-D041F3D508C7}C:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront\gamedata\battlefront.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{308051DA-0048-7A07-FE8B-9B6EC119A9E8}" = AMD Catalyst Install Manager
"{44AAA767-F540-F091-4571-ADCBC10B0C92}" = AMD Fuel
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7D2019DF-713F-B6ED-8C87-14363B081FB2}" = AMD Drag and Drop Transcoding
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{A2CB1ACB-94A2-32BA-A15E-7D80319F7589}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.50727
"{AC53FC8B-EE18-3F9C-9B59-60937D0B182C}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.50727
"{AEF57B06-B494-8180-AFC7-05EFB1DB2B64}" = ccc-utility64
"{BD1BCEF8-5CD6-D8ED-7D36-31C2172076EA}" = AMD Media Foundation Decoders
"{C9193CBB-C31A-412A-A074-AD08F0F2CF3D}" = Smart Technology Programming Software 7.0.27.13
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{ED273D26-E354-1A5B-A0D0-CB5258D43BD2}" = AMD Wireless Display v3.0
"{FCC4426F-0296-D30D-729C-E76C8E7252C7}" = AMD Accelerated Video Transcoding
"CCleaner" = CCleaner
"KLiteCodecPack64_is1" = K-Lite Codec Pack (64-bit) v4.5.0
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{046B79EE-7ED3-37A4-621A-FE297EF484C2}" = CCC Help Greek
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0AEC308E-7EB3-47F7-BB59-F2C9C6166B27}" = OpenOffice 4.0.1
"{10CB5DDD-38E1-2EB2-F62C-C1948A99943E}" = AMD Catalyst Control Center
"{1194740D-0DB8-A508-31BA-E722597B4516}" = Catalyst Control Center Graphics Previews Common
"{15134cb0-b767-4960-a911-f2d16ae54797}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FB16E3B-3AFB-46CB-6E83-2F5A0CF4ED16}" = Catalyst Control Center Localization All
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 51
"{2E3A81FB-7952-F8CB-9AD5-50544E2F4838}" = CCC Help Czech
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{4172E797-CE12-AC47-05B7-0E48BDB33E75}" = CCC Help Russian
"{4428AEE6-FA5E-2913-8D12-B410E85E11AA}" = CCC Help Spanish
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4FF1533E-FF2C-A04A-25DD-A8AEC6FA106B}" = CCC Help Chinese Standard
"{517CC397-B22F-4593-8DCB-DE72CC541E9A}" = League of Legends
"{6071CB80-DABC-B10D-F244-7F410FB3B150}" = CCC Help Polish
"{6343B6BA-F97F-B336-9ED8-FFD43776E84D}" = CCC Help Finnish
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}" = Skype™ 6.14
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8136 8168 8169 Ethernet Driver
"{8D3A11D0-D925-FA0F-43F3-242E49975CD2}" = CCC Help Danish
"{8EF39A9F-6A57-9706-86A5-9312D9ED8016}" = CCC Help Portuguese
"{92352C97-C657-DB89-5F3A-E8C3789D9C89}" = CCC Help Chinese Traditional
"{95545E55-3309-1929-FF41-2908A9706742}" = CCC Help Turkish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CA5F712-9CAA-B3CB-02D3-7134DFC8801E}" = CCC Help French
"{A128A816-FD3F-990E-DD80-E1735BD718AE}" = CCC Help Italian
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.06) - Deutsch
"{AFC9ECA9-6A4E-1370-98F3-002B63B5AF8E}" = CCC Help Thai
"{B3491D28-DCF7-0D3E-1B3F-28E6FCDE659F}" = HydraVision
"{B88F2045-CF9A-996C-1670-6F7D65F1D18A}" = CCC Help Norwegian
"{BED96D0C-7743-3CE3-F7DF-A0A4475FBF2F}" = CCC Help Hungarian
"{C3592426-531E-4110-911D-BFECE2CE284B}" = puush
"{C3592426-531E-4110-911D-BFECE2CE284C}" = osu!
"{C79CB9C7-10A4-4814-8402-F574672C2192}" = Star Wars Battlefront
"{CB79256B-C0E0-40C6-8EB7-BDD796203581}" = Catalyst Control Center - Branding
"{D692A0E0-1BBB-4E9C-826E-4254EE330830}_is1" = Cube World version 0.0.1
"{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}" = Microsoft XNA Framework Redistributable 4.0 Refresh
"{E297492A-E114-CAE0-502E-5F36C386DD30}" = CCC Help Dutch
"{E6533A85-ED92-F897-2B68-58AC3BD87F94}" = CCC Help English
"{EBAC163A-588E-1E5A-3CE8-826E9A449244}" = CCC Help Korean
"{ED65BD75-CEF3-C0C2-9E9C-FA567484FF60}" = CCC Help Japanese
"{EEB34D84-92A1-7BE3-6DB7-ABD1C4912D6B}" = Catalyst Control Center InstallProxy
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F1289D68-1C48-930F-51CF-577BDB371252}" = CCC Help Swedish
"{F3F340A5-64EC-AEEC-4BDF-DC537D390BF5}" = CCC Help German
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE8E927E-8099-4C6B-A337-1CAB00E213C7}" = Overwolf
"123 Free Solitaire_is1" = 123 Free Solitaire v10.0
"Adobe Flash Player Plugin" = Adobe Flash Player 12 Plugin
"Battle.net" = Battle.net
"CloneCD" = CloneCD
"Free YouTube Download_is1" = Free YouTube Download version 3.2.30.319
"Game Booster_is1" = Game Booster
"GigaClicks Crawler" = GigaClicks Crawler
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Gothic II - Die Nacht des Raben" = Gothic II - Die Nacht des Raben
"Gothic Multiplayer" = Gothic Multiplayer
"HashCheck Shell Extension" = HashCheck Shell Extension (x86-32)
"Hearthstone" = Hearthstone
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"KLiteCodecPack_is1" = K-Lite Codec Pack 7.0.0 (Full)
"League of Legends 3.0.1" = League of Legends
"LOLReplay" = LOLReplay
"Malwarebytes Anti-Malware_is1" = Malwarebytes Anti-Malware Version 2.00.0.1000
"MTA:SA 1.3" = MTA:SA v1.3.4
"OpenAL" = OpenAL
"PhotoScape" = PhotoScape
"RocketDock_is1" = RocketDock 1.3.5
"Steam App 102500" = Kingdoms of Amalur: Reckoning™
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 1250" = Killing Floor
"Steam App 18300" = Spectraball
"Steam App 208090" = Loadout
"Steam App 212800" = Super Crate Box
"Steam App 214560" = Mark of the Ninja
"Steam App 227580" = 10,000,000
"Steam App 233190" = Final Exam
"Steam App 234160" = Strike Suit Infinity
"Steam App 238960" = Path of Exile
"Steam App 239070" = Hammerwatch
"Steam App 240" = Counter-Strike: Source
"Steam App 241600" = Rogue Legacy
"Steam App 244870" = Electronic Super Joy
"Steam App 4000" = Garry's Mod
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 550" = Left 4 Dead 2
"Steam App 620" = Portal 2
"Steam App 730" = Counter-Strike: Global Offensive
"Super Hexagon_is1" = Super Hexagon
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinRAR archiver" = WinRAR 5.00 (32-bit)
"World of Warcraft" = World of Warcraft
"WPM" = WPM17.8.0.3442
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{56837588-F559-40CF-91D9-D439D405FB28}" = PileFile reminder
"{9AAF2503-6CD5-414A-B5BA-37639B76C91F}" = Oxy
"4729debaf2cd0ca4" = Mausi3
"93bb1775721ec2cc" = Launcher omfg.gg
"www.mondgesaenge.de - G2ADB" = Gothic II Addon-Datenbank
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.04.2014 12:33:16 | Computer Name = KomaKuh-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 01.04.2014 12:35:00 | Computer Name = KomaKuh-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 01.04.2014 13:05:13 | Computer Name = KomaKuh-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\KomaKuh\Downloads\esetsmartinstaller_enu.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.04.2014 14:15:31 | Computer Name = KomaKuh-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.04.2014 15:33:24 | Computer Name = KomaKuh-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LoLLauncher.exe, Version: 2.5.0.425,
 Zeitstempel: 0x5334c623  Name des fehlerhaften Moduls: LoLLauncher.exe, Version: 
2.5.0.425, Zeitstempel: 0x5334c623  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0022c60a
ID
 des fehlerhaften Prozesses: 0xb28  Startzeit der fehlerhaften Anwendung: 0x01cf4ddea7fe6fa3
Pfad
 der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
Pfad
 des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\projects\lol_launcher\releases\0.0.0.205\deploy\LoLLauncher.exe
Berichtskennung:
 7d024142-b9d4-11e3-b976-90e6ba34e272
 
Error - 02.04.2014 07:30:06 | Computer Name = KomaKuh-PC | Source = BstHdAndroidSvc | ID = 0
Description = Der Dienst kann nicht gestartet werden. System.ApplicationException:
 Cannot start service.  Service did not stop gracefully the last time it was run.

   bei BlueStacks.hyperDroid.Service.Service.OnStart(String[] args)     bei System.ServiceProcess.ServiceBase.ServiceQueuedMainCallback(Object
 state)
 
Error - 02.04.2014 07:31:49 | Computer Name = KomaKuh-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2014 08:02:50 | Computer Name = KomaKuh-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 02.04.2014 08:29:57 | Computer Name = KomaKuh-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Mausi3.exe, Version: 1.0.2925.34192,
 Zeitstempel: 0x477e7410  Name des fehlerhaften Moduls: KERNELBASE.dll, Version: 6.1.7601.18229,
 Zeitstempel: 0x51fb1677  Ausnahmecode: 0xc0020001  Fehleroffset: 0x000000000000940d
ID
 des fehlerhaften Prozesses: 0xf98  Startzeit der fehlerhaften Anwendung: 0x01cf4e6f32cb0f4f
Pfad
 der fehlerhaften Anwendung: C:\Users\KomaKuh\AppData\Local\Apps\2.0\4L28KQPD.WKY\5JQD6MWH.54T\maus..tion_f895ba69515cc005_0001.0000_6d7bddd445faee20\Mausi3.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\system32\KERNELBASE.dll  Berichtskennung: 7f9c54ff-ba62-11e3-9cf3-90e6ba34e272
 
Error - 02.04.2014 13:27:13 | Computer Name = KomaKuh-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: League of Legends.exe, Version: 4.4.0.1885,
 Zeitstempel: 0x533a292a  Name des fehlerhaften Moduls: League of Legends.exe, Version:
 4.4.0.1885, Zeitstempel: 0x533a292a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00578890
ID
 des fehlerhaften Prozesses: 0x13ac  Startzeit der fehlerhaften Anwendung: 0x01cf4e95c60b9ecf
Pfad
 der fehlerhaften Anwendung: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League
 of Legends.exe  Pfad des fehlerhaften Moduls: C:\Riot Games\League of Legends\RADS\solutions\lol_game_client_sln\releases\0.0.1.16\deploy\League
 of Legends.exe  Berichtskennung: 0726588d-ba8c-11e3-9cf3-90e6ba34e272
 
[ System Events ]
Error - 28.03.2014 10:31:29 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 29.03.2014 08:56:04 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 30.03.2014 02:39:03 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 30.03.2014 14:46:06 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 31.03.2014 08:40:10 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 31.03.2014 13:14:57 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 01.04.2014 11:56:59 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 01.04.2014 12:33:16 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 02.04.2014 07:30:06 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "BlueStacks Android Service" wurde mit folgendem Fehler
 beendet:   %%1064
 
Error - 02.04.2014 07:40:16 | Computer Name = KomaKuh-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "BlueStacks Log Rotator Service" wurde unerwartet beendet. 
Dies ist bereits 1 Mal passiert.
 
 
< End of report >
         
Hab heut erste Mal PC gestartet, jetzt ist da erstmal Werbung : Ihr Windows in 3 Schritten reparieren. Microsoft Certified. Dürfen die sowas überhaupt in ihre Fake Werbung reinmachen
__________________


Alt 03.04.2014, 18:12   #18
sunjojo
/// Malwareteam
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Ok, in dem OTL Logfile sehe ich auch nichts weltbewegendes, aber mache bitte folgendes:



Schritt 1
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\Program Files (x86)\Common Files\337
Reg: reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56837588-F559-40CF-91D9-D439D405FB28}" /f
Reg: reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{9AAF2503-6CD5-414A-B5BA-37639B76C91F}" /f
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.

Schritt 2
Synchronisierst du Google Chrome mit deinem Konto? Wenn ja, bitte das deaktivieren. Deinstalliere bitte deinen Google Chrome Browser vollständig und installiere diesen wieder.


Tritt das Problem weiterhin auf? Mach bitte einen Screenshot und hänge diesen hier an.

Hast du "DVDVideoSoft" heruntergeladen?
__________________
__________________

Alt 03.04.2014, 18:26   #19
Vime
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Noch eine Frage bevor ich Google Chrome deinstalliere.
Werden meine Lesezeichen gespeichert und beim neuinstallieren wieder verwendet ?
DvDVideoSoft nicht direkt sondern nur Free Youtube Downloader. Möchte nämlich gerne Musik hören ohne meinen Browser, weil ich nur eine 2k Leitung besitze.


Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by KomaKuh at 2014-04-03 19:24:19 Run:1
Running from C:\Users\KomaKuh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\Program Files (x86)\Common Files\337
Reg: reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56837588-F559-40CF-91D9-D439D405FB28}" /f
Reg: reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{9AAF2503-6CD5-414A-B5BA-37639B76C91F}" /f
*****************

C:\Program Files (x86)\Common Files\337 => Moved successfully.

========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{56837588-F559-40CF-91D9-D439D405FB28}" /f =========

Der Vorgang wurde erfolgreich beendet.



========= End of Reg: =========


========= reg delete "HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall{9AAF2503-6CD5-414A-B5BA-37639B76C91F}" /f =========

FEHLER: Der angegebene Registrierungsschlssel bzw. Wert wurde nicht gefunden.


========= End of Reg: =========


==== End of Fixlog ====
         

Alt 03.04.2014, 18:35   #20
sunjojo
/// Malwareteam
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Zitat:
Werden meine Lesezeichen gespeichert und beim neuinstallieren wieder verwendet ?
Ne, deine Lesezeichen werden nicht gespeichert, aber ich hab noch eine Möglichkeit, bevor du Google Chrome deinstallierst. Probiere das mal aus, besteht das Problem weiterhin noch?



Schritt 1
Bitte lade dir zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen können.
  • Starte die zoek.exe mit einem Doppelklick.
  • Achtung: Das folgende Skript wurde nur für diesen speziellen Fall geschrieben und sollte nicht 1:1 auf andere Computer übernommen werden.
  • Kopiere den Text der folgenden Box in das Skriptfenster von zoek:
    Code:
    ATTFilter
    FFdefaults;
    CHRdefaults;
    iedefaults;
    emptyclsid;
    autoclean;
             
  • Nun klicke auf "Run script" und sei geduldig bis das Skript durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich eine Logdatei öffnen (ggf. erst nach einem Neustart). Das Log befindet sich aber auch noch unter c:
  • Bitte poste mir das ZOEK-Log (möglichst in CODE-Tags - #-Symbol im Antwortfenster klicken)

Schritt 2
Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:
ATTFilter
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
C:\Program Files (x86)\DVDVideoSoft
C:\Program Files (x86)\Common Files\DVDVideoSoft
         

Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
  • Starte nun FRST erneut und klicke den Entfernen Button.
  • Das Tool erstellt eine Fixlog.txt.
  • Poste mir deren Inhalt.


__________________
Gruß,

Jonas

Alt 03.04.2014, 18:54   #21
Vime
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Muss dich echt mal loben Jonas, antwortest so schnell und bekommst alles hin, die Startseite ist futsch. Mann eh du hasts drauf

Code:
ATTFilter
Zoek.exe v5.0.0.0 Updated 07-March-2014
Tool run by KomaKuh on 03.04.2014 at 19:40:56,31.
Microsoft Windows 7 eXtreme™ Draconis Edition  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\KomaKuh\Downloads\zoek.exe [Scan all users] [Script inserted] 

==== System Restore Info ======================

03.04.2014 19:42:47 Zoek.exe System Restore Point Created Succesfully.

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\COMMON~1\DVDVideoSoft\bin deleted
C:\windows\SysNative\tasks\Desk 365 RunAsStdUser deleted
"C:\PROGRA~3\Package Cache" deleted

==== Chrome Look ======================

Auto Replay for YouTubeâ„¢ - KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
BTTV - Receful\AppData\Local\Google\Chrome\User Data\Default\Extensions\ajopnjidmegmdimjlfnijceegpefgped
Auto Replay for YouTubeâ„¢ - Receful\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanbnempkjnhadplbfgdaagijdbdbjeb
Auto Refresh Plus - Receful\AppData\Local\Google\Chrome\User Data\Default\Extensions\oilipfekkmncanaajkapbpancpelijih

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{758B870D-DF78-4A6A-9955-DEDDCACF94DC}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{758B870D-DF78-4A6A-9955-DEDDCACF94DC} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Reset Google Chrome ======================

C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Receful\AppData\Local\Google\Chrome\User Data\Default\preferences was reset successfully
C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Receful\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully

==== shortcuts on Users Desktops ======================

C:\Users\KomaKuh\Desktop\Gothic II - Die Nacht des Raben.lnk - C:\Program Files (x86)\JoWooD\Gothic II\UNWISE.EXE /W9 "C:\Program Files (x86)\JoWooD\Gothic II\INSTALL.LOG"
C:\Users\KomaKuh\Desktop\Gothic II Addon-Datenbank.lnk - C:\Program Files (x86)\www.mondgesaenge.de\G2ADB\index.htm 
C:\Users\KomaKuh\Desktop\Mausi3.application - Verknüpfung.lnk -  
C:\Users\KomaKuh\Desktop\osu.lnk -  
C:\Users\KomaKuh\Desktop\Star Wars Battlefront spielen.lnk - C:\Program Files (x86)\LucasArts\Star Wars Battlefront\LaunchBF.exe 
C:\Users\KomaKuh\Desktop\Wow.exe - Verknüpfung.lnk -  
C:\Users\KomaKuh\Desktop\Ymironn.lnk - C:\Gothic II\System\GMPLauncher.exe 
C:\Users\KomaKuh\Desktop\saves FRST\mbam-log-2014-03-30 (20-40-45).txt - Verknüpfung.lnk -  
C:\Users\Receful\Desktop\Eigene Musik - Verknüpfung.lnk -  
C:\Users\Receful\Desktop\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe 
C:\Users\Receful\Desktop\Spotify.lnk - C:\Users\Receful\AppData\Roaming\Spotify\spotify.exe 

==== shortcuts on All Users Desktop ======================

C:\Users\Public\Desktop\Adobe Reader XI.lnk - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe 
C:\Users\Public\Desktop\Battle.net.lnk - C:\Program Files (x86)\Battle.net\Battle.net Launcher.exe 
C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe 
C:\Users\Public\Desktop\MTA San Andreas 1.3.lnk - C:\Program Files (x86)\MTA San Andreas 1.3\Multi Theft Auto.exe 

==== shortcuts in Users Start Menu ======================

C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586

==== shortcuts in All Users Start Menu ======================

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk - C:\Windows\Installer\{AC76BA86-7AD7-1031-7B44-AB0000000001}\SC_Reader.ico 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\AMD Catalyst Control Center.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center\Hilfe.lnk - C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLI.exe Start Help -help
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cube World\Cube World.lnk - C:\Program Files (x86)\Cube World\CubeLauncher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Free YouTube Download.lnk - C:\Program Files (x86)\DVDVideoSoft\Free YouTube Download\FreeYTVDownloader.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Log Report.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\DVSSysReport.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Premium Membership.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\bin\PremiumMembershipOffer.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft\Uninstall.lnk - C:\Program Files (x86)\Common Files\DVDVideoSoft\lib\Uninstall.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://start.qone8.com/?type=sc&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer\Gothic Multiplayer.lnk - C:\Gothic II\System\GMPLauncher.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer\Uninstall.lnk - C:\Gothic II\uninstallgmp.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gothic Multiplayer\Website.lnk - C:\Gothic II\Gothic Multiplayer.url 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab about
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe -tab update
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk - C:\Program Files (x86)\Java\jre7\bin\javacpl.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.lnk -  
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Malwarebytes Anti-Malware entfernen.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \unins000.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \ Malwarebytes Anti-Malware .lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \mbam.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ Malwarebytes Anti-Malware \Tools\Malwarebytes Anti-Malware Chameleon.lnk - C:\Program Files (x86)\ Malwarebytes Anti-Malware \Chameleon\Windows\chameleon.chm 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype\Skype.lnk - C:\Program Files (x86)\Skype\Phone\Skype.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net\GTA San Andreas\Uninstall(Desert Eagle)89977-desert-eagle-hd-gtasa.lnk - C:\Program Files (x86)\Rockstar Games\GTA SAN ANDREAS\www.GameModding.net\Uninstall(Desert Eagle)89977-desert-eagle-hd-gtasa.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net\GTA San Andreas\Uninstall(M4)120535-avtorifle-acw-r-gtasa.lnk - C:\Program Files (x86)\Rockstar Games\GTA SAN ANDREAS\www.GameModding.net\Uninstall(M4)120535-avtorifle-acw-r-gtasa.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net\GTA San Andreas\Uninstall(MP5)15428-ump-45-v-2.0-gtasa.lnk - C:\Program Files (x86)\Rockstar Games\GTA SAN ANDREAS\www.GameModding.net\Uninstall(MP5)15428-ump-45-v-2.0-gtasa.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net\GTA San Andreas\Uninstall(Rifle)120744-m1-garand-gtasa.lnk - C:\Program Files (x86)\Rockstar Games\GTA SAN ANDREAS\www.GameModding.net\Uninstall(Rifle)120744-m1-garand-gtasa.exe 
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\www.GameModding.net\GTA San Andreas\Uninstall(Sniper Rifle)15657-svu-gtasa.lnk - C:\Program Files (x86)\Rockstar Games\GTA SAN ANDREAS\www.GameModding.net\Uninstall(Sniper Rifle)15657-svu-gtasa.exe 

==== shortcuts in Quick Launch ======================

C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://start.qone8.com/?type=sc&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://start.qone8.com/?type=sc&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies (Lite).lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe /lite
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Samsung Kies.lnk - C:\Program Files (x86)\Samsung\Kies\KiesAgent.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://start.qone8.com/?type=sc&ts=1396286207&from=mp3&uid=WDCXWD10EZEX-60ZF5A0_WD-WMC1S484558645586
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\lol.launcher.lnk - C:\Riot Games\League of Legends\lol.launcher.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Neues Textdokument 9F7P-8GGK-R4SU-4A7Z.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\OpenOffice.lnk - C:\Program Files (x86)\OpenOffice 4\program\soffice.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\sfBot.lnk - C:\Users\KomaKuh\Desktop\SFBot\sfBot.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Silkroad Online Launcher.lnk - C:\Program Files (x86)\DuckRoad-80-Valentus\silkroad.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Wow.exe - Verknüpfung.lnk -  
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk - C:\Program Files (x86)\PhotoScape\PhotoScape.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -  
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -  
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\MTA San Andreas 1.3.lnk - C:\Program Files (x86)\MTA San Andreas 1.3\Multi Theft Auto.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Play League of Legends.lnk - C:\Riot Games\League of Legends\lol.launcher.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Steam.lnk - C:\Program Files (x86)\Steam\Steam.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\TeamSpeak 3 Client.lnk - C:\Program Files (x86)\TeamSpeak 3 Client\ts3client_win64.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\teeworlds.lnk - C:\Users\Receful\Documents\tw\teeworlds.exe 
C:\Users\Receful\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Windows Explorer.lnk - C:\Windows\explorer.exe 

==== shortcuts After Repair ======================

C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe -extoff
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk - C:\Program Files (x86)\Internet Explorer\iexplore.exe 
C:\Users\KomaKuh\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe 

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BlueStacks Agent deleted successfully
HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KiesAirMessage deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\KomaKuh\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\KomaKuh\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\Receful\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=132 folders=37 28009854 bytes)

==== Empty Temp Folders ======================

C:\Users\Default\AppData\Local\Temp emptied successfully
C:\Users\KomaKuh\AppData\Local\Temp will be emptied at reboot
C:\Users\Receful\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\networkservice\AppData\Local\Temp emptied successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\Temp emptied successfully
C:\Windows\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\KomaKuh\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on 03.04.2014 at 19:50:32,78 ======================
         
Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 13-03-2014
Ran by KomaKuh at 2014-04-03 19:53:05 Run:2
Running from C:\Users\KomaKuh\Desktop
Boot Mode: Normal
==============================================

Content of fixlist:
*****************
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft
C:\Program Files (x86)\DVDVideoSoft
C:\Program Files (x86)\Common Files\DVDVideoSoft
*****************

C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft => Moved successfully.
C:\Users\KomaKuh\AppData\Roaming\DVDVideoSoft => Moved successfully.
C:\Program Files (x86)\DVDVideoSoft => Moved successfully.
C:\Program Files (x86)\Common Files\DVDVideoSoft => Moved successfully.

==== End of Fixlog ====
         

Alt 03.04.2014, 19:49   #22
sunjojo
/// Malwareteam
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Zitat:
Muss dich echt mal loben Jonas, antwortest so schnell und bekommst alles hin, die Startseite ist futsch. Mann eh du hasts drauf
Danke für dein Lob, aber den Tipp mit Zoek habe ich von einem Kollegen bekommen . Ist die Webung in allen Browsern verschwunden?

Hast du noch weitere Fragen?
__________________
Gruß,

Jonas

Alt 03.04.2014, 20:00   #23
Vime
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Jup ist überall weg, bin dir überaus dankbar
Auch wenn der Support hier perfekt ist, hoffe ich die nächste Zeit nicht hier zu landen
Sind auch keine weiteren Fragen mehr vorhanden.

Mit freundlichen Grüßen,
virusfreier Vime

Alt 03.04.2014, 20:03   #24
sunjojo
/// Malwareteam
 
Werbevirus Oxy - Standard

Werbevirus Oxy



Hallo Vime,

schön, dass wir dir helfen konnten .

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht, damit erhalte ich keine Benachrichtungen über neue Antworten in diesem Thread. Solltest Du das Thema erneut brauchen, schicke mir bitte eine private Nachricht.

Jeder Andere bitte hier klicken und einen eigenen Thread erstellen.
__________________
Gruß,

Jonas

Antwort

Themen zu Werbevirus Oxy
administrator, anti-malware, bräuchte, durchlauf, einstellungen, entdeck, entferne, entfernen, entfernt, erweiterung, funktionen, gen, google, hoffe, limited, malwarebytes, programme, programme und funktionen, schließe, seite, starte, startseite, virus, warscheinlich, werbevirus, öffnen, öffnet



Ähnliche Themen: Werbevirus Oxy


  1. Werbevirus auf Computer und Handy
    Plagegeister aller Art und deren Bekämpfung - 24.08.2015 (5)
  2. Werbevirus-UnisAlles
    Alles rund um Windows - 01.01.2015 (5)
  3. Windows 7 - Werbevirus
    Log-Analyse und Auswertung - 02.09.2014 (19)
  4. Windows 8: Werbevirus-Befall trotz Antivirenprogramm,Malwarebytes nicht installierbar
    Plagegeister aller Art und deren Bekämpfung - 04.08.2014 (16)
  5. Werbevirus benötige hilfe
    Plagegeister aller Art und deren Bekämpfung - 16.02.2014 (1)
  6. Werbevirus (u.a. Vendo, ..., ...) seit der Installation von JDownloader
    Plagegeister aller Art und deren Bekämpfung - 30.08.2013 (6)
  7. Werbevirus - Log erstellt
    Log-Analyse und Auswertung - 11.01.2013 (17)
  8. Werbevirus und Windows 7 Sicherheitscenter deaktiviert!
    Plagegeister aller Art und deren Bekämpfung - 28.07.2011 (19)

Zum Thema Werbevirus Oxy - Zitat: Auf der Seite passiert nichts bis auf "Werbung", und wollte es ehrlich gesagt nich ausprobieren irgendwo drauf zu drücken, immer direkt neuen Tab gestartet. Hartnäckig das Teil. Mach mal - Werbevirus Oxy...
Archiv
Du betrachtest: Werbevirus Oxy auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.