Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   AKM Virus 50,- Paycard (https://www.trojaner-board.de/124481-akm-virus-50-paycard.html)

KriegerDL 21.09.2012 21:35
AKM Virus 50,- Paycard
 
Hallo !

Mein Junior hat es geschafft :-)

Ich selbst bin seit Jahrzenten fit am PC und hatte trotz KEINEM Schutz noch nie ein Problem....

Nun steh ich da und auf seinem Rechner geht nix mehr, zum Start kommt nur der Weisse Bildschirm AKM 50,- zahlen .....

Ich habe laut den Empfehlungen Hier mit OTL Bootdisk gebootet...
Leider ist es eine AHACI Installation und ich hatte erstmal bluescreen...

Es SOLLT nur legale Software drauf sein ....

Nun hab ich den Scan gemacht:

Kann mir bitte jemand mit dem Tool helfen, was ich jetzt tun kann um wieder ins system zu kommen, dort weiss ich weiter :-)


OTL Logfile:
Code:
OTL logfile created on: 9/22/2012 6:28:07 AM - Run
OTLPE by OldTimer - Version 3.1.48.0    Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = E: | %SystemRoot% = E:\Windows | %ProgramFiles% = E:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 967.22 Mb Total Space | 70.45 Mb Free Space | 7.28% Space Free | Partition Type: FAT
Drive E: | 119.14 Gb Total Space | 79.34 Gb Free Space | 66.60% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012/06/11 13:19:14 | 000,239,616 | ---- | M] (AMD) [Auto] -- E:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012/02/02 16:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto] -- E:\Program Files\Intel\iCLS Client\HeciServer.exe -- (Intel(R) Capability Licensing Service Interface) Intel(R)
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/09/19 11:16:34 | 000,076,888 | ---- | M] () [Auto] -- E:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/09/19 10:09:33 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/09/15 11:09:53 | 004,537,664 | ---- | M] () [Auto] -- E:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll -- (Akamai)
SRV - [2012/09/14 11:36:30 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand] -- E:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/13 07:33:30 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto] -- E:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012/08/08 14:57:43 | 001,695,776 | ---- | M] () [Auto] -- E:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe -- (PC Performer Manager)
SRV - [2012/07/21 03:46:14 | 000,830,048 | ---- | M] () [Auto] -- E:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe -- (vToolbarUpdater12.1.3)
SRV - [2012/07/13 20:13:54 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- E:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/13 07:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto] -- E:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/06/27 06:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto] -- E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/06/11 10:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand] -- E:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/06/11 10:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto] -- E:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.EXE -- (BBSvc)
SRV - [2012/06/05 03:39:42 | 000,289,544 | ---- | M] () [Auto] -- E:\Program Files (x86)\PC Beschleunigen\PCSUService.exe -- (PCSUService)
SRV - [2012/04/10 03:48:12 | 001,473,664 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- E:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe -- (AsusFanControlService)
SRV - [2012/04/04 01:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto] -- E:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/02/17 08:26:00 | 000,149,120 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- E:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2012/02/07 11:53:34 | 000,363,800 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2012/02/07 11:53:32 | 000,277,784 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2012/02/07 11:52:04 | 000,161,560 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe -- (jhi_service) Intel(R)
SRV - [2012/02/02 11:56:34 | 000,951,936 | ---- | M] (ASUSTeK Computer Inc.) [Auto] -- E:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe -- (asHmComSvc)
SRV - [2012/02/01 10:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto] -- E:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011/10/29 03:59:26 | 000,918,448 | ---- | M] () [Auto] -- E:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe -- (asComSvc)
SRV - [2011/06/17 13:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand] -- E:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011/05/27 05:07:36 | 000,160,768 | ---- | M] (Intel Corporation) [On_Demand] -- E:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) Intel(R) Integrated Clock Controller Service - Intel(R)
SRV - [2010/03/18 07:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- E:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/02/19 07:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- E:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/08/03 12:24:03 | 000,560,184 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- E:\Windows\System32\Drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012/07/21 03:46:14 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System] -- E:\Windows\System32\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2012/06/11 14:59:38 | 010,248,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012/06/11 12:26:14 | 000,367,616 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012/03/26 19:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iusb3xhc.sys -- (iusb3xhc) Intel(R)
DRV:64bit: - [2012/03/26 19:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\iusb3hub.sys -- (iusb3hub) Intel(R)
DRV:64bit: - [2012/03/26 19:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\iusb3hcs.sys -- (iusb3hcs) Intel(R)
DRV:64bit: - [2012/02/23 08:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- E:\Windows\System32\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012/02/03 15:01:20 | 000,677,480 | ---- | M] (Realtek                                            ) [Kernel | On_Demand] -- E:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/11/09 19:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011/11/02 21:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot] -- E:\Windows\System32\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011/08/12 12:13:36 | 000,032,360 | ---- | M] (NT Kernel Resources) [Kernel | System] -- E:\Windows\System32\drivers\ndisrd.sys -- (ndisrd)
DRV:64bit: - [2010/11/20 23:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 23:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/08/17 19:28:32 | 000,026,136 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\ICCWDT.sys -- (ICCWDT) Intel(R) Watchdog Timer Driver (Intel(R) WDT)
DRV:64bit: - [2010/01/04 21:23:20 | 001,847,296 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\athurx.sys -- (athur)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- E:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- E:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/03/18 10:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- E:\Windows\System32\drivers\hamachi.sys -- (hamachi)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={C2F56F8A-40D0-4AC9-B0BF-AA40932A7EE9}&mid=4b550233c51a47d0af9ec1f60e974501-eec03004b6a4821d172d3ffe41973a5534b0fa28&lang=de&ds=od011&pr=sa&d=2012-07-21 09:46:14&v=12.1.0.20&sap=hp
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 F6 9B 4F F5 65 CD 01  [binary data]
IE - HKU\KreanPlay_ON_E\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - Reg Error: Key error. File not found
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\KreanPlay_ON_E\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\System32\Macromed\Flash\NPSWF64_11_4_402_278.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: E:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: E:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: E:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: E:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: E:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE:  File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: E:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: E:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: E:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: E:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: E:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: E:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: E:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.20\ [2012/07/21 03:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/08 14:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\specialsavings@superfish.com [2012/08/08 14:57:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012/08/08 14:57:43 | 000,000,000 | ---D | M]
 
[2012/07/29 14:38:38 | 000,000,000 | ---D | M] (No name found) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Extensions
[2012/08/08 14:57:24 | 000,000,000 | ---D | M] (No name found) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Firefox\C\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions
[2012/08/08 14:57:24 | 000,000,000 | ---D | M] (PriceGong) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Firefox\C\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012/09/20 12:50:18 | 000,000,000 | ---D | M] (No name found) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions
[2012/09/19 10:46:35 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\battlefieldplay4free@ea.com
[2012/09/09 07:59:52 | 000,000,000 | ---D | M] ("Savings Sidekick") -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\crossriderapp5060@crossrider.com
[2012/09/20 12:50:18 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\helperbar@helperbar.com
[2012/08/08 14:57:25 | 000,000,000 | ---D | M] (SpecialSavings) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\specialsavings@superfish.com
[2012/09/20 12:50:18 | 000,000,000 | ---D | M] (No name found) -- E:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\staged
[2012/07/29 14:38:17 | 000,000,000 | ---D | M] (No name found) -- E:\Program Files (x86)\Mozilla Firefox\extensions
[2012/09/16 03:23:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- E:\Program Files (x86)\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/07/13 20:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- E:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/07/13 20:45:08 | 000,001,392 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/21 03:46:14 | 000,003,752 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/07/13 20:45:08 | 000,002,252 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/07/13 20:45:08 | 000,001,153 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/07/13 20:45:08 | 000,006,805 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/13 20:45:08 | 000,001,178 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/13 20:45:07 | 000,001,105 | ---- | M] () -- E:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - E:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - E:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - E:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - E:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - E:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - E:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - E:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - E:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - E:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - E:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] E:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] E:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] E:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] E:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] E:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] E:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] E:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] E:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task]  File not found
O4 - HKLM..\Run: [StartCCC] E:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] E:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] E:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] E:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\KreanPlay_ON_E..\Run: [AdobeBridge]  File not found
O4 - HKU\KreanPlay_ON_E..\Run: [Akamai NetSession Interface] E:\Users\KreanPlay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\KreanPlay_ON_E..\Run: [Browser Infrastructure Helper] E:\Users\KreanPlay\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKU\KreanPlay_ON_E..\Run: [ccleaner] E:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\KreanPlay_ON_E..\Run: [EA Core]  File not found
O4 - HKU\KreanPlay_ON_E..\Run: [PCSpeedUp] E:\Program Files (x86)\PC Beschleunigen\PCSUNotifier.exe ()
O4 - HKU\KreanPlay_ON_E..\Run: [Steam]  File not found
O4 - HKU\LocalService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_E..\Run: [Sidebar] E:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_E..\RunOnce: [mctadmin]  File not found
O4 - Startup: E:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - E:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - E:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) - E:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - E:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - E:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\KreanPlay_ON_E Winlogon: Shell - (C:\Users\KreanPlay\AppData\Roaming\1.exe) - E:\Users\KreanPlay\AppData\Roaming\1.exe ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{f8d1ae4e-d1e6-11e1-9b3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8d1ae4e-d1e6-11e1-9b3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PopCDRun.exe
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/22 00:42:42 | 000,000,000 | ---D | C] -- E:\_OTL
[2012/09/19 11:11:30 | 000,000,000 | ---D | C] -- E:\Users\KreanPlay\AppData\Local\PunkBuster
[2012/09/19 11:09:31 | 000,000,000 | ---D | C] -- E:\Users\KreanPlay\Documents\Battlefield Play4Free
[2012/09/19 11:08:50 | 000,000,000 | ---D | C] -- E:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2012/09/19 10:46:54 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\EA Games
[2012/09/16 02:52:48 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012/09/16 02:52:47 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\RocketDock
[2012/09/15 11:22:05 | 000,000,000 | ---D | C] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012/09/15 11:21:34 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\alaplaya
[2012/09/15 11:10:40 | 000,000,000 | ---D | C] -- E:\Users\KreanPlay\AppData\Local\Akamai
[2012/09/15 11:09:50 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Common Files\Akamai
[2012/09/14 12:32:14 | 000,056,208 | ---- | C] (Rovi Corporation) -- E:\Windows\System32\drivers\PxHlpa64.sys
[2012/09/14 12:32:14 | 000,010,224 | ---- | C] (Sonic Solutions) -- E:\Windows\System32\drivers\cdralw2k.sys
[2012/09/14 12:32:14 | 000,010,224 | ---- | C] (Sonic Solutions) -- E:\Windows\System32\drivers\cdr4_xp.sys
[2012/09/14 12:32:14 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Common Files\Sonic Shared
[2012/09/14 12:32:14 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\Common Files\PX Storage Engine
[2012/09/14 12:32:10 | 000,000,000 | ---D | C] -- E:\Program Files (x86)\My Company Name
[2012/09/12 07:55:50 | 000,574,464 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\d3d10level9.dll
[2012/09/12 07:55:50 | 000,490,496 | ---- | C] (Microsoft Corporation) -- E:\Windows\SysWow64\d3d10level9.dll
[2012/09/12 07:55:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\netio.sys
[2012/09/12 07:55:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\FWPKCLNT.SYS
[2012/09/12 07:55:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- E:\Windows\System32\drivers\RNDISMP.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/21 18:49:36 | 000,067,584 | --S- | M] () -- E:\Windows\bootstat.dat
[2012/09/21 18:49:10 | 001,048,576 | ---- | M] () -- E:\Windows\PE_Rom.dll
[2012/09/21 18:48:37 | 3182,702,592 | -HS- | M] () -- E:\hiberfil.sys
[2012/09/21 12:03:50 | 000,696,620 | ---- | M] () -- E:\Windows\System32\perfh007.dat
[2012/09/21 12:03:50 | 000,651,938 | ---- | M] () -- E:\Windows\System32\perfh009.dat
[2012/09/21 12:03:50 | 000,147,916 | ---- | M] () -- E:\Windows\System32\perfc007.dat
[2012/09/21 12:03:50 | 000,120,870 | ---- | M] () -- E:\Windows\System32\perfc009.dat
[2012/09/20 12:51:23 | 012,481,704 | ---- | M] () -- E:\Windows\System32\FNTCACHE.DAT
[2012/09/20 12:50:22 | 000,000,665 | ---- | M] () -- E:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012/09/20 12:50:17 | 000,391,219 | ---- | M] () -- E:\Users\KreanPlay\AppData\Roaming\1.exe
[2012/09/20 12:44:03 | 000,001,099 | ---- | M] () -- E:\Windows\MB.idx
[2012/09/20 12:41:59 | 000,000,551 | ---- | M] () -- E:\Windows\Path.idx
[2012/09/20 12:29:00 | 000,000,884 | ---- | M] () -- E:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/20 12:27:01 | 000,001,136 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000UA.job
[2012/09/20 12:27:00 | 000,001,084 | ---- | M] () -- E:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000Core.job
[2012/09/20 11:41:20 | 000,021,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 11:41:20 | 000,021,888 | -H-- | M] () -- E:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/20 11:36:40 | 000,001,087 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/09/20 11:36:31 | 000,001,219 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/09/20 11:36:22 | 000,000,784 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6 (64bit).lnk
[2012/09/20 11:36:15 | 000,001,181 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/09/20 11:34:49 | 000,000,859 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Extension Manager CS6.lnk
[2012/09/20 11:34:48 | 000,001,531 | ---- | M] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS6.lnk
[2012/09/19 11:16:34 | 000,076,888 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2012/09/19 11:16:09 | 000,282,104 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/19 11:16:09 | 000,282,104 | ---- | M] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2012/09/19 10:09:33 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerApp.exe
[2012/09/19 10:09:33 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- E:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/09/18 09:29:54 | 000,000,368 | ---- | M] () -- E:\Windows\tasks\PC SpeedUp Service Deactivator.job
[2012/09/16 02:52:48 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012/09/15 11:22:18 | 000,001,818 | ---- | M] () -- E:\Users\Public\Desktop\S4League.lnk
[2012/09/15 11:22:05 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012/09/14 12:33:35 | 000,000,000 | ---D | M] -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
 
========== Files Created - No Company Name ==========
 
[2012/09/20 12:50:22 | 000,000,665 | ---- | C] () -- E:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk
[2012/09/20 12:50:17 | 000,391,219 | ---- | C] () -- E:\Users\KreanPlay\AppData\Roaming\1.exe
[2012/09/20 11:36:40 | 000,001,087 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012/09/20 11:36:31 | 000,001,219 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012/09/20 11:36:15 | 000,001,181 | ---- | C] () -- E:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012/09/19 11:12:03 | 000,282,104 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.xtr
[2012/09/19 11:08:53 | 000,282,104 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrB.exe
[2012/09/19 11:08:52 | 000,076,888 | ---- | C] () -- E:\Windows\SysWow64\PnkBstrA.exe
[2012/09/15 11:22:18 | 000,001,818 | ---- | C] () -- E:\Users\Public\Desktop\S4League.lnk
[2012/08/20 10:09:54 | 003,596,288 | ---- | C] () -- E:\Windows\SysWow64\qt-dx331.dll
[2012/08/20 10:09:54 | 000,811,008 | ---- | C] () -- E:\Windows\SysWow64\xvidcore.dll
[2012/08/20 10:09:54 | 000,198,656 | ---- | C] () -- E:\Windows\SysWow64\xvidvfw.dll
[2012/08/14 03:10:19 | 000,000,056 | RHS- | C] () -- E:\Windows\SysWow64\DC7F58F417.sys
[2012/08/14 03:10:15 | 000,000,952 | -HS- | C] () -- E:\Windows\SysWow64\KGyGaAvL.sys
[2012/07/20 07:39:47 | 000,005,120 | ---- | C] () -- E:\Users\KreanPlay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/07/20 06:29:23 | 001,589,442 | ---- | C] () -- E:\Windows\SysWow64\PerfStringBackup.INI
[2012/07/19 17:58:44 | 004,962,240 | ---- | C] () -- E:\Windows\PE_File.dll
[2012/07/19 17:55:04 | 001,048,576 | ---- | C] () -- E:\Windows\PE_Rom.dll
[2012/07/19 17:52:44 | 000,014,464 | ---- | C] () -- E:\Windows\SysWow64\drivers\AsUpIO.sys
[2012/07/19 17:52:08 | 000,013,440 | ---- | C] () -- E:\Windows\SysWow64\drivers\AsIO.sys
[2012/07/19 17:52:08 | 000,011,832 | ---- | C] () -- E:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012/07/19 17:52:08 | 000,010,216 | ---- | C] () -- E:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012/07/19 17:46:50 | 000,000,000 | ---- | C] () -- E:\Windows\ativpsrm.bin
[2012/07/19 17:45:21 | 000,003,917 | ---- | C] () -- E:\Windows\SysWow64\atipblag.dat
[2012/07/19 16:26:36 | 000,001,769 | ---- | C] () -- E:\Windows\Language_trs.ini
[2012/07/19 16:26:29 | 000,039,559 | ---- | C] () -- E:\Windows\Ascd_tmp.ini
[2012/06/11 12:50:16 | 000,204,952 | ---- | C] () -- E:\Windows\SysWow64\ativvsvl.dat
[2012/06/11 12:50:16 | 000,157,144 | ---- | C] () -- E:\Windows\SysWow64\ativvsva.dat
[2012/05/10 10:35:16 | 000,029,184 | ---- | C] () -- E:\Windows\SysWow64\kdbsdk32.dll
[2012/02/02 16:08:26 | 000,001,536 | ---- | C] () -- E:\Windows\SysWow64\IusEventLog.dll
[2011/09/28 11:44:14 | 000,179,271 | ---- | C] () -- E:\Windows\SysWow64\xlive.dll.cat
[2010/11/20 23:24:49 | 000,252,928 | ---- | C] () -- E:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- E:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- E:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- E:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- E:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- E:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- E:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- E:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- E:\Windows\SysWow64\mlang.dat
[2009/04/02 08:30:14 | 000,010,296 | ---- | C] () -- E:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2005/08/29 18:00:00 | 000,781,312 | ---- | C] () -- E:\Windows\SysWow64\RGSS102J.dll
[2005/08/29 18:00:00 | 000,778,752 | ---- | C] () -- E:\Windows\SysWow64\RGSS102E.dll
[2005/08/29 18:00:00 | 000,771,584 | ---- | C] () -- E:\Windows\SysWow64\RGSS100J.dll
 
========== LOP Check ==========
 
[2012/07/19 17:51:02 | 000,000,000 | ---D | M] -- E:\ProgramData\AMD
[2012/07/19 16:21:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Application Data
[2012/07/19 17:52:10 | 000,000,000 | ---D | M] -- E:\ProgramData\ASUS
[2012/07/19 17:54:47 | 000,000,000 | ---D | M] -- E:\ProgramData\ASUS OC Profiles
[2012/07/19 17:54:44 | 000,000,000 | ---D | M] -- E:\ProgramData\ASUS PowerControl Profiles
[2012/07/21 03:46:17 | 000,000,000 | ---D | M] -- E:\ProgramData\AVG Secure Search
[2012/07/21 03:46:00 | 000,000,000 | -H-D | M] -- E:\ProgramData\Common Files
[2012/08/03 12:29:13 | 000,000,000 | ---D | M] -- E:\ProgramData\DAEMON Tools Lite
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Documents
[2012/07/19 16:21:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Dokumente
[2012/08/03 13:27:16 | 000,000,000 | ---D | M] -- E:\ProgramData\Electronic Arts
[2012/07/19 16:21:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Favorites
[2012/08/16 07:31:59 | 000,000,000 | ---D | M] -- E:\ProgramData\Hi-Rez Studios
[2012/08/08 14:57:56 | 000,000,000 | ---D | M] -- E:\ProgramData\IBUpdaterService
[2012/08/08 06:22:21 | 000,000,000 | ---D | M] -- E:\ProgramData\PACE Anti-Piracy
[2012/08/08 14:57:43 | 000,000,000 | ---D | M] -- E:\ProgramData\PC Performer Manager
[2012/07/29 10:41:08 | 000,000,000 | ---D | M] -- E:\ProgramData\PMB Files
[2012/08/08 05:35:05 | 000,000,000 | ---D | M] -- E:\ProgramData\PopCap Games
[2012/08/13 06:36:39 | 000,000,000 | ---D | M] -- E:\ProgramData\regid.1986-12.com.adobe
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Start Menu
[2012/07/19 16:21:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Startmenü
[2012/07/21 05:30:51 | 000,000,000 | ---D | M] -- E:\ProgramData\TechSmith
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- E:\ProgramData\Templates
[2012/07/19 17:35:22 | 000,000,000 | ---D | M] -- E:\ProgramData\TP-LINK
[2012/07/19 16:21:02 | 000,000,000 | -HSD | M] -- E:\ProgramData\Vorlagen
[2012/09/18 09:29:54 | 000,000,368 | ---- | M] () -- E:\Windows\Tasks\PC SpeedUp Service Deactivator.job
[2009/07/14 01:08:49 | 000,030,870 | ---- | M] () -- E:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1244 bytes -> E:\Wintemp:iwg54f3osEWs8NJVq12
@Alternate Data Stream - 1185 bytes -> E:\Users\KreanPlay\AppData\Local:xYPO4pfARrwr38j6b1lcTOO
@Alternate Data Stream - 1169 bytes -> E:\Users\KreanPlay\AppData\Local\E81GlaSED3Y:WMiH9CWZVAFVDcUQIrbLwdlI
< End of report >
--- --- ---


kann mir hier irgendjemand helfen ?

markusg 21.09.2012 22:46
hi
auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort
rein:
Code:
:OTL
O20 - HKU\KreanPlay_ON_E Winlogon: Shell - (C:\Users\KreanPlay\AppData\Roaming\1.exe) - E:\Users\KreanPlay\AppData\Roaming\1.exe ()
O4 - Startup: E:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk ()
:Files
C:\Users\KreanPlay\AppData\Roaming\1.exe
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]


dieses speicherst du auf nem usb stick als fix.txt
nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist.
• Klicke nun bitte auf den Fix Button.
es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick.
wenn dies nicht funktioniert, bitte den fix manuell eintragen.
dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen,
log posten bitte.

falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden

Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang
in den Thread posten!



Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + E Taste.
  • Öffne dein Systemlaufwerk ( meistens C: )
  • Suche nun
    folgenden Ordner: _OTL und öffne diesen.
  • Mache einen Rechtsklick auf den Ordner Movedfiles --> Senden an --> Zip-Komprimierter Ordner

  • Dies wird eine Movedfiles.zip Datei in _OTL erstellen
  • Lade diese bitte in unseren Uploadchannel
    hoch. ( Durchsuchen --> C:\_OTL\Movedfiles.zip )
Teile mir mit ob der Upload problemlos geklappt hat. Danke im voraus :)

KriegerDL 22.09.2012 07:34
Guten Morgen!

Ich hätte alles so vorbereitet....

Leider finde ich auch in der Suche den Post zum anhacken nicht... :heulen:
Suchbegriff "OTLPENet.exe"

Kann Ihn wer hier nochmal linken damit ich die Haken trichtig setzte...

Danke !


#Edit1#
.... und es irritiert mich ein wenig das C:/ Verzeichnis in dem Fix.txt
Das System ist beim CD boot ja jetzt auf E: oder....



#Edit2#
o.k. habs anders gefunden, hier der Link für mich und alle die in suchen:
http://www.trojaner-board.de/85104-o...-oldtimer.html

... So mit etwas "selbernachdenken" hab ichs geschafft und bin am "infizierten" Rechner online....

Ich musste die Laufwerksbuchstaben doch anpassen.. :-)
und AHCI ein und ausschalten war auch kein Fehler..
Anbei die beiden Scans..

Zitat:
Malwarebytes Anti-Malware (Test) 1.65.0.1400
www.malwarebytes.org

Datenbank Version: v2012.09.22.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
KreanPlay :: KREANPLAY-PC [Administrator]

Schutz: Aktiviert

22.09.2012 18:37:38
mbam-log-2012-09-22 (18-39-54).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207131
Laufzeit: 42 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 8
HKCR\CLSID\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044504460} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055505560} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0005060.BHO.1 (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160} (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\INSTALLEDBROWSEREXTENSIONS\215 APPS (PUP.CrossFire.SA) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell (Hijack.Shell.Gen) -> Daten: C:\Users\KreanPlay\AppData\Roaming\1.exe -> Keine Aktion durchgeführt.
HKCU\Software\InstalledBrowserExtensions\215 Apps|5060 (PUP.CrossFire.SA) -> Daten: Savings Sidekick -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.

(Ende)
OTL Logfile:
Code:
OTL logfile created on: 22.09.2012 18:43:39 - Run 1
OTL by OldTimer - Version 3.2.65.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 48,75% Memory free
7,90 Gb Paging File | 5,27 Gb Available in Paging File | 66,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 79,10 Gb Free Space | 66,39% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 629,63 Gb Free Space | 67,59% Space Free | Partition Type: NTFS
 
Computer Name: KREANPLAY-PC | User Name: KreanPlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Users\KreanPlay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe ()
PRC - D:\90 Installiertes\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - D:\90 Installiertes\Steam\bin\libcef.dll ()
MOD - D:\90 Installiertes\Steam\bin\avcodec-53.dll ()
MOD - D:\90 Installiertes\Steam\bin\chromehtml.dll ()
MOD - D:\90 Installiertes\Steam\bin\avformat-53.dll ()
MOD - D:\90 Installiertes\Steam\bin\avutil-51.dll ()
MOD - c:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.dll ()
MOD - C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\SiteSafety.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\de\Smartbar.GUI.MainClient.resources.dll ()
MOD - C:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_14.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll ()
MOD - C:\Program Files (x86)\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (HiPatchService) -- D:\90 Installiertes\HiPatchService.exe (Hi-Rez Studios)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe ()
SRV - (vToolbarUpdater12.1.3) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.1.3\ToolbarUpdater.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (ndisrd) -- C:\Windows\SysNative\drivers\ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={C2F56F8A-40D0-4AC9-B0BF-AA40932A7EE9}&mid=4b550233c51a47d0af9ec1f60e974501-eec03004b6a4821d172d3ffe41973a5534b0fa28&lang=de&ds=od011&pr=sa&d=2012-07-21 09:46:14&v=12.1.0.20&sap=hp
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 F6 9B 4F F5 65 CD 01  [binary data]
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C2F56F8A-40D0-4AC9-B0BF-AA40932A7EE9}&mid=4b550233c51a47d0af9ec1f60e974501-eec03004b6a4821d172d3ffe41973a5534b0fa28&lang=de&ds=od011&pr=sa&d=2012-07-21 09:46:14&v=12.1.0.20&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.1.3\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.1.0.20\ [2012.07.21 09:46:17 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.08 20:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\specialsavings@superfish.com [2012.08.08 20:57:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.08 20:57:43 | 000,000,000 | ---D | M]
 
[2012.07.29 20:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Extensions
[2012.08.08 20:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Firefox\C\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions
[2012.08.08 20:57:24 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Firefox\C\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.09.22 18:26:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions
[2012.09.19 16:46:35 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\battlefieldplay4free@ea.com
[2012.09.09 13:59:52 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\crossriderapp5060@crossrider.com
[2012.09.22 18:26:22 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\helperbar@helperbar.com
[2012.08.08 20:57:25 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\specialsavings@superfish.com
[2012.07.29 20:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.16 09:23:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.21 09:46:14 | 000,003,752 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.1.0.20\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\90 Installiertes\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [Akamai NetSession Interface] C:\Users\KreanPlay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [Browser Infrastructure Helper] C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [Steam] D:\90 Installiertes\Steam\steam.exe (Valve Corporation)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A45E8888-59CE-468F-A607-F0A707E39CFA}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0A5D923-0469-46BF-B156-42EC7C8D7E99}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB9DAABB-D179-4CF8-B878-171278BFE448}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.1.3\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) - c:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000 Winlogon: Shell - (C:\Users\KreanPlay\AppData\Roaming\1.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f8d1ae4e-d1e6-11e1-9b3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8d1ae4e-d1e6-11e1-9b3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PopCDRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 00:21:42 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.09.22 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.22 18:33:32 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.22 18:33:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.22 18:33:30 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.22 18:33:30 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.22 18:31:13 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\Malwarebytes
[2012.09.22 18:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.22 18:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.22 18:30:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.22 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.22 06:42:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.19 17:11:30 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\PunkBuster
[2012.09.19 17:08:50 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.09.19 16:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.09.16 08:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012.09.16 08:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2012.09.15 17:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012.09.15 17:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2012.09.15 17:10:40 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\Akamai
[2012.09.15 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012.09.14 18:32:14 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012.09.14 18:32:14 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdralw2k.sys
[2012.09.14 18:32:14 | 000,010,224 | ---- | C] (Sonic Solutions) -- C:\Windows\SysNative\drivers\cdr4_xp.sys
[2012.09.14 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.09.14 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.09.14 18:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.09.12 13:55:50 | 000,574,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll
[2012.09.12 13:55:50 | 000,376,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\netio.sys
[2012.09.12 13:55:50 | 000,288,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS
[2012.09.12 13:55:50 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.22 18:33:47 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.22 18:33:47 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.22 18:33:47 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.22 18:33:47 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.22 18:33:47 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.22 18:33:29 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2012.09.22 18:33:29 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2012.09.22 18:33:29 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2012.09.22 18:33:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2012.09.22 18:33:29 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2012.09.22 18:33:29 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2012.09.22 18:32:33 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 18:32:33 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.22 18:31:04 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2012.09.22 18:30:50 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.22 18:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.22 18:27:03 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000UA.job
[2012.09.22 18:27:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000Core.job
[2012.09.22 18:26:00 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2012.09.22 18:25:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.22 18:25:23 | 3182,702,592 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.20 18:51:23 | 012,481,704 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.20 18:44:03 | 000,001,099 | ---- | M] () -- C:\Windows\MB.idx
[2012.09.19 17:16:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.19 17:16:09 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.19 17:16:09 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.19 16:09:33 | 000,696,240 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.09.19 16:09:33 | 000,073,136 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.09.15 17:22:18 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.09.22 18:30:50 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.20 17:36:40 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012.09.20 17:36:31 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.09.20 17:36:15 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.09.19 17:12:03 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.19 17:08:53 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.19 17:08:52 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.15 17:22:18 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2012.08.20 16:09:54 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012.08.20 16:09:54 | 000,811,008 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.20 16:09:54 | 000,198,656 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.14 09:10:19 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\DC7F58F417.sys
[2012.08.14 09:10:15 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.07.20 13:39:47 | 000,005,120 | ---- | C] () -- C:\Users\KreanPlay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.20 12:29:23 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.19 23:58:44 | 004,962,240 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.07.19 23:55:04 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.07.19 23:52:44 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012.07.19 23:52:08 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.07.19 23:52:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.07.19 23:52:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.07.19 23:46:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.19 23:45:21 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.19 22:26:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.07.19 22:26:29 | 000,039,559 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2012.07.30 12:31:10 | 000,001,458 | ---- | M] () -- C:\Users\KreanPlay\AppData\Roaming\.minecraft\bin\l.class
[2012.07.30 12:31:10 | 000,003,265 | ---- | M] () -- C:\Users\KreanPlay\AppData\Roaming\.minecraft\bin\n.class
[2012.07.30 12:31:10 | 000,002,219 | ---- | M] () -- C:\Users\KreanPlay\AppData\Roaming\.minecraft\bin\u.class
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.08.20 19:32:59 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\.minecraft
[2012.07.19 21:32:47 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\.Nitrous
[2012.07.20 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Blender Foundation
[2012.07.23 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.04 08:01:56 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\DAEMON Tools Lite
[2012.08.17 07:12:38 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\FileZilla
[2012.08.18 18:01:31 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Image-Line
[2012.08.23 09:33:10 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\MAXON
[2012.08.16 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Notepad++
[2012.08.18 11:29:23 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\OpenCandy
[2012.08.08 12:22:21 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\PACE Anti-Piracy
[2012.08.08 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\PDAppFlex
[2012.07.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\pdfforge
[2012.08.03 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1244 bytes -> C:\Wintemp:iwg54f3osEWs8NJVq12
@Alternate Data Stream - 1169 bytes -> C:\Users\KreanPlay\AppData\Local\E81GlaSED3Y:WMiH9CWZVAFVDcUQIrbLwdlI

< End of report >
--- --- ---


OTL Logfile:
Code:
OTL Extras logfile created on: 22.09.2012 18:43:39 - Run 1
OTL by OldTimer - Version 3.2.65.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 1,93 Gb Available Physical Memory | 48,75% Memory free
7,90 Gb Paging File | 5,27 Gb Available in Paging File | 66,62% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 79,10 Gb Free Space | 66,39% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 629,63 Gb Free Space | 67,59% Space Free | Partition Type: NTFS
 
Computer Name: KREANPLAY-PC | User Name: KreanPlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\90 Installiertes\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- D:\90 Installiertes\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06637733-1386-405D-B24A-015A9FFF695D}" = protocol=6 | dir=in | app=c:\users\kreanplay\appdata\local\akamai\netsession_win.exe |
"{080C0AA7-18FC-471A-864C-1C83B6AC3E49}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{0910C3EA-5EE5-4014-BE4D-2B30597B0887}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{132D25CE-79AD-4C01-85F1-9F71AD58B1C3}" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\common\magicka\magicka.exe |
"{18FAF704-B1FA-4EB2-9E7D-FA2D0BF75A8F}" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"{192F4479-C06C-479D-97CD-44F38C5A6E38}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"{1F18A528-F542-447F-A48E-37AFD5B0D07C}" = protocol=17 | dir=in | app=d:\90 installiertes\utorrent\utorrent.exe |
"{21C399F6-FA8D-4BF4-8B7C-43660C93CBA3}" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"{2397C087-773D-4EB5-A5C2-A1BE32656A80}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{25155C44-60AF-4A31-AE9D-A660C01B3E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{25A1FE9C-CB28-4A68-9128-DC44969D4912}" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\garrysmod\hl2.exe |
"{26877BF5-EA44-4474-9861-9B566A328E26}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{28687F82-377E-4EF3-B17B-425704732C43}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"{3527B98D-FE3B-454B-9FD8-DEC3A41F7606}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{39E10EFA-9317-4D83-B684-41CA8C3B8C01}" = protocol=6 | dir=in | app=c:\ace of spades\server.exe |
"{458DCFDF-2A7D-4017-BA49-7C9D85B3C4E6}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\portal 2\portal2.exe |
"{4804861A-54C6-4A12-B3EF-CCFD537D830E}" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\common\microsoft flight\flight.exe |
"{56266D85-8065-4B44-A368-069F335667CA}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{571774E1-CC9D-4F3A-8E21-549E81BCA0AA}" = protocol=6 | dir=in | app=d:\90 installiertes\hirezgames\tribes\binaries\win32\tribesascend.exe |
"{63A960D5-B03F-458C-A02C-7E1B09220CD7}" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\common\portal 2\portal2.exe |
"{6633B6C6-56EF-4A7B-AA33-E6F419E3AC8F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{6AAFB0C7-FF7B-4067-97C4-2C49BBD80CBF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6FEE7D57-5630-40F6-8BA4-8AE4216C7103}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{7140D9CF-39C2-4363-AD6C-09701BF5003D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"{7EC6AF78-1035-4899-8A03-D3044524A4F1}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"{83525D7E-3003-41E0-AE1A-AC77CE71575C}" = protocol=17 | dir=in | app=d:\90 installiertes\hirezgames\tribes\binaries\win32\tribesascend.exe |
"{9057AB24-F6E9-427D-BACB-81D6B2A64711}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{96B9314D-9912-4DDA-92D6-AFDB588BC9BC}" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\common\microsoft flight\flight.exe |
"{975D9FCF-68C7-42D3-8735-97E490FC4FCE}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{A1228D98-665B-4565-B621-FD1749406E77}" = protocol=17 | dir=in | app=c:\users\kreanplay\appdata\local\akamai\netsession_win.exe |
"{A4263BAA-66CF-4E16-B927-8668D01499A9}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{A63FE609-B402-4C2D-9241-7516E6B9D96C}" = protocol=6 | dir=in | app=d:\90 installiertes\utorrent\utorrent.exe |
"{A8671FAE-666E-49A0-B31F-6F59724F4624}" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\garrysmod\hl2.exe |
"{B09E8BAB-9965-465A-A7C8-1914486545F7}" = protocol=17 | dir=in | app=c:\ace of spades\server.exe |
"{B41EB989-B84B-4FDF-BB8E-9C49C004C03E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{BB757BB7-5B2A-4399-93D6-A95E93F4F739}" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\common\portal 2\portal2.exe |
"{BCA3B567-6811-449E-A4FE-2DC94D254C53}" = dir=in | app=d:\90 installiertes\war inc battlezone\warinc.exe |
"{BE0EDAA6-E7A7-4E02-95A5-98051917DA6D}" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{CB61C29E-C269-429C-BC5C-8D94A37C5D4C}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{D3EDAC69-6732-4ED5-AE12-81243074CDD3}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"{D70A40DA-2D8D-4D92-9CEB-D6881DBD1DE5}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{DB7B0C9E-C066-4BCE-813F-4D84375D2062}" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"{DF0F5413-AA19-427F-8180-4D87ED1D27CD}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F14FA12B-77B7-4DA7-8C62-7DE5C62379C0}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\magicka\magicka.exe |
"{F3290B0F-575F-4191-87ED-0D2B46B4BE42}" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\common\magicka\magicka.exe |
"{F4C9962C-F00D-42CA-BA34-F85392A3DEAA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\the binding of isaac\isaac.exe |
"TCP Query User{0EDFC19F-FE56-415A-B6D1-0C2BADE0E03D}D:\90 installiertes\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=6 | dir=in | app=d:\90 installiertes\hirezgames\tribes\binaries\win32\tribesascend.exe |
"TCP Query User{4B2DA0CB-9698-4459-968D-C12C48062B83}D:\90 installiertes\steam\steamapps\werti2000\garrysmod\hl2.exe" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\garrysmod\hl2.exe |
"TCP Query User{4B7860E8-0E55-4617-BE45-FD87D6EAF1AE}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{535B9FC4-3C82-4343-B1A1-6D40877FCB6A}C:\ace of spades\server.exe" = protocol=6 | dir=in | app=c:\ace of spades\server.exe |
"TCP Query User{A90381A6-3C6F-4D18-8B95-B2E249A1D188}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{ADBC2DB9-A082-4FED-BBFA-B942DC41A142}D:\90 installiertes\steam\steamapps\werti2000\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"TCP Query User{AFBC8E4D-8BAF-49C2-9D48-941401172252}D:\90 installiertes\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=d:\90 installiertes\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{BAA701B6-8502-4387-9EDF-A721DC4E020F}C:\program files (x86)\steam\steamapps\werti2000\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"TCP Query User{C6D934E6-7760-4079-959E-157004A0BB13}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"TCP Query User{EEF7A268-ECC7-4981-8EED-69EF193D9152}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
"UDP Query User{168904B0-739A-4CA2-9AD2-5D419BD0F100}D:\90 installiertes\steam\steamapps\werti2000\garrysmod\hl2.exe" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\garrysmod\hl2.exe |
"UDP Query User{49337EFD-A528-4C9A-9B7A-5A5EE3750520}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{7F21AE43-1BBC-4426-80FB-0068D645D7F8}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{948D0883-2B9A-4A50-8A53-7266FF519AC9}D:\90 installiertes\hirezgames\tribes\binaries\win32\tribesascend.exe" = protocol=17 | dir=in | app=d:\90 installiertes\hirezgames\tribes\binaries\win32\tribesascend.exe |
"UDP Query User{A27E6C11-06E4-4173-868D-D28317CD8B2E}D:\90 installiertes\steam\steamapps\werti2000\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"UDP Query User{BC8309F1-833A-447F-81E9-375AAE6C0A38}C:\program files (x86)\steam\steamapps\werti2000\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\werti2000\team fortress 2\hl2.exe |
"UDP Query User{C8142A15-14AB-4C61-B4D3-5BF84C96CD96}C:\ace of spades\server.exe" = protocol=17 | dir=in | app=c:\ace of spades\server.exe |
"UDP Query User{E719217A-DDD4-48B2-ADBA-37A09CD575A9}D:\90 installiertes\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=d:\90 installiertes\steam\steamapps\common\terraria\terrariaserver.exe |
"UDP Query User{E98EC31E-FC4A-46C3-BB90-A43786F5E048}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{FA19CE67-C640-4051-BB74-1E6A121D1254}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0CB2E2BC-A312-5821-C5C7-A295A1BEFD08}" = AMD Catalyst Install Manager
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1E9FC118-651D-4934-97BE-E53CAE5C7D45}" = Microsoft_VC80_MFCLOC_x86_x64
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{42A2440F-7A5D-6956-3EF0-815814399EAA}" = AMD Accelerated Video Transcoding
"{4569AD91-47F4-4D9E-8FC9-717EC32D7AE1}" = Microsoft_VC80_CRT_x86_x64
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E021D2A-16ED-4FFF-87CB-774F4F62A1A1}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{572788F2-0AB7-FA0E-6E91-B98044F4B7E6}" = AMD Media Foundation Decoders
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8557397C-A42D-486F-97B3-A2CBC2372593}" = Microsoft_VC90_ATL_x86_x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{925D058B-564A-443A-B4B2-7E90C6432E55}" = Microsoft_VC80_ATL_x86_x64
"{92A3CA0D-55CD-4C5D-BA95-5C2600C20F26}" = Microsoft_VC90_CRT_x86_x64
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{A472B9E4-0AFF-4F7B-B25D-F64F8E928AAB}" = Microsoft_VC90_MFC_x86_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C8C1BAD5-54E6-4146-AD07-3A8AD36569C3}" = Microsoft_VC80_MFC_x86_x64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"CCleaner" = CCleaner
"Codec_is1" = Codec 8.4
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{10174305-FFC7-4F27-8AB5-0E7768CCA5EF}" = Linkury Smartbar
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{14DDF23F-414A-46DB-4762-56569080292C}" = CCC Help Russian
"{15D2D75C-9CB2-4efd-BAD7-B9B4CB4BC693}" = PC Performer Manager
"{15FEDA5F-141C-4127-8D7E-B962D1742728}" = Adobe Photoshop CS5
"{185F9795-9663-4F13-9EF9-307A282ADB5A}" = ph
"{19BFDA5D-1FE2-4F25-97F9-1A79DD04EE20}" = Microsoft XNA Framework Redistributable 3.1
"{1AE46C09-2AB8-4EE5-88FB-08CD0FF7F2DF}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21D6A73A-48E6-2195-C408-2158273A914E}" = Catalyst Control Center Localization All
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2596DB11-997F-FC5B-F5C2-737623D9D8B6}" = Catalyst Control Center
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{28904D9A-13A6-ECA2-48D8-21542759D998}" = CCC Help Polish
"{2A075BB4-E976-4278-BF3F-E5C6945D84C0}" = bl
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2C08D7E7-9EE1-4A08-AFE0-745F02DCD6A4}_is1" = Pokemon Online 2.0.05d
"{2C8BBDA6-79A7-B2DE-3E5B-287E7F667C67}" = CCC Help Danish
"{2E119961-E99B-C147-9AC3-A93683172DC1}" = CCC Help Swedish
"{2E3128E8-6CD1-4D81-91C5-218EF989F2CB}" = S4 League_EU
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3524297F-158C-F964-F1AD-B0BC4314DE44}" = HydraVision
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF010}" = Tribes Ascend
"{3C87E0FF-BC0A-4F5E-951B-68DC3F8DF1FC}" = Hi-Rez Studios Authenticate and Update Service
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{44ED90A1-453B-5C9A-D9ED-80D8AB0258B8}" = CCC Help Thai
"{45E00595-897E-64B6-28F9-5D0927EBA4A5}" = CCC Help Chinese Standard
"{46DE5F4E-BA8B-AC9E-0EED-05B7D93AD215}" = CCC Help Spanish
"{4817D846-700B-474E-A31B-80892B3E92E3}" = Adobe After Effects CS6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{5A9FE525-8B8F-4701-A937-7F6745A4E9C7}" = RGSS-RTP Standard
"{5B04E832-4530-B8FF-F742-8BE25ADD43BD}" = CCC Help German
"{5D58EACA-0317-4CFF-9E13-53CCD525DE32}" = Catalyst Control Center InstallProxy
"{5ED93D68-5EAA-9343-9B74-B1E276217264}" = CCC Help Dutch
"{6037B8AD-7D5B-4D50-9BCA-A586C44EEF34}" = Ace of Spades
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6D185295-DE89-9C39-18E6-310C148836EB}" = CCC Help Chinese Traditional
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7176B973-6011-43C1-AEBC-2D73FE7C6982}" = Adobe Premiere Pro CS6
"{71A8F958-D272-E262-7C9A-7B8F713EE0C3}" = CCC Help French
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7391ABC8-0EA4-3798-ACE3-96B8C8D84EA8}" = Google Talk Plugin
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{7513D3F0-55BC-273C-7A53-488394EDBFCC}" = CCC Help Italian
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{79AA9BFA-F962-A1E9-71CE-D0887A92444C}" = CCC Help Portuguese
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK Wireless Client Utility
"{7ACEF1BF-9306-5AD7-5F30-ECE72A81E924}" = CCC Help Finnish
"{7D9D8134-9FA3-4FFF-ADA1-BF609F29997A}_is1" = Cinema 4D version R12
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{975F2150-DC2B-43F9-B41A-1C1046C68CD1}_is1" = Army Rage version 1.0.272
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B34CAC6-738F-4A20-B428-A115C3E3474C}" = RPGXP
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1EC871-05B9-03B7-96F6-9BD5C0D8F41D}" = Catalyst Control Center Graphics Previews Common
"{9E4F0E65-209E-4713-8BE2-7F8802BB3987}_is1" = War Inc Battlezone version 1.0.0
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF37176A-78CA-545B-34EF-8B6A21514DD1}" = Adobe Help Manager
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C4129D57-5C83-3BF0-A11A-3798C008C6C7}" = CCC Help Greek
"{D0BC4101-6C30-ECFF-F693-63408134F29B}" = CCC Help Czech
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D2402DAD-B180-A4A0-261D-4A8933BFBFEE}" = CCC Help Japanese
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA7E8D81-2B14-415B-8FC5-02CE4CF9F839}" = CCC Help Hungarian
"{DB3FBD3C-A061-34C9-0A2B-6CCDD8C96640}" = CCC Help Turkish
"{DE042823-C359-4B87-B66B-308057E8B6AF}" = Camtasia Studio 7
"{DE3A9DC5-9A5D-6485-9662-347162C7E4CA}" = Adobe Media Player
"{E086E914-2928-48F9-364B-0C715DFF6A45}" = CCC Help Korean
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E8F30BD6-ABAB-C24E-E9A7-BF67EB96152C}" = CCC Help Norwegian
"{E9A5B6CD-7ABB-F295-2E11-F25BC322FF80}" = CCC Help English
"{EA5F34F3-3911-B4DB-63CA-1E44B2AB13A1}" = Adobe Download Assistant
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface
"appbario8 Toolbar" = appbario8 Toolbar
"ASIO4ALL" = ASIO4ALL
"AVG Secure Search" = AVG Security Toolbar
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Help Manager
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Dxtory2.0_is1" = Dxtory 2.0.108
"FileZilla Client" = FileZilla Client 3.5.3
"FL Studio 10" = FL Studio 10
"Fraps" = Fraps (remove only)
"IL Download Manager" = IL Download Manager
"IL Shared Libraries" = IL Shared Libraries
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"PriceGong" = PriceGong 2.6.4
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Savings Sidekick" = Savings Sidekick
"SpecialSavings" = SpecialSavings
"Steam App 105600" = Terraria
"Steam App 113200" = The Binding of Isaac
"Steam App 203850" = Microsoft Flight
"Steam App 4000" = Garry's Mod
"Steam App 40800" = Super Meat Boy
"Steam App 42910" = Magicka
"Steam App 440" = Team Fortress 2
"Steam App 620" = Portal 2
"Steam App 644" = Portal 2 Publishing Tool
"uTorrent" = µTorrent
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 17.09.2012 10:29:00 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.09.2012 08:19:22 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.09.2012 09:28:44 | Computer Name = KreanPlay-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "d:\Desktop\Desktop\No$GBA\DelZip179.dll".
 Fehler in Manifest- oder Richtliniendatei "d:\Desktop\Desktop\No$GBA\DelZip179.dll"
 in Zeile 8.  Der Wert "*" des "language"-Attributs im assemblyIdentity-Element ist
 ungültig.
 
Error - 19.09.2012 10:09:48 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.09.2012 11:32:09 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.09.2012 12:53:04 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.09.2012 12:00:54 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.09.2012 12:06:22 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.09.2012 15:34:29 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.09.2012 12:27:19 | Computer Name = KreanPlay-PC | Source = WinMgmt | ID = 10
Description =
 
[ System Events ]
Error - 20.09.2012 11:30:18 | Computer Name = KreanPlay-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 20.09.2012 11:35:42 | Computer Name = KreanPlay-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 20.09.2012 12:51:13 | Computer Name = KreanPlay-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden.    Modulpfad:
 C:\Windows\system32\athExt.dll  Fehlercode: 126 
 
Error - 20.09.2012 12:55:16 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?09.?2012 um 18:53:08 unerwartet heruntergefahren.
 
Error - 21.09.2012 11:57:28 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?20.?09.?2012 um 18:55:16 unerwartet heruntergefahren.
 
Error - 21.09.2012 11:59:03 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?09.?2012 um 17:57:28 unerwartet heruntergefahren.
 
Error - 21.09.2012 12:04:31 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?09.?2012 um 18:03:57 unerwartet heruntergefahren.
 
Error - 21.09.2012 15:32:38 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?21.?09.?2012 um 18:17:25 unerwartet heruntergefahren.
 
Error - 22.09.2012 00:48:11 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?09.?2012 um 00:48:42 unerwartet heruntergefahren.
 
Error - 22.09.2012 12:25:28 | Computer Name = KreanPlay-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?22.?09.?2012 um 06:49:05 unerwartet heruntergefahren.
 
 
< End of report >
--- --- ---



... so und nun die Experten :-)
DANKE !

..irgendwelche Ideen dazu ?

so, sollten alle Daten bereit sein...

Wie gehts weiter ?

BitteDanke !

markusg 22.09.2012 18:01
lies bite noch mal was oben steht, du sollst den otl fix ausführen und dann den upload machen, danke.

KriegerDL 22.09.2012 19:47
genau das habe ich ja gemacht ?? :heulen:
Zitat:
Zitat von markusg (Beitrag 921435)
lies bite noch mal was oben steht, du sollst den otl fix ausführen und dann den upload machen, danke.
So, habe es einfach nochmal gemacht kann ja nicht schaden
Zitat:
All processes killed
========== OTL ==========
Registry key HKEY_USERS\KreanPlay_ON_E\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon not found.
File E:\Users\KreanPlay\AppData\Roaming\1.exe not found.
File E:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ja.lnk not found.
========== FILES ==========
File\Folder C:\Users\KreanPlay\AppData\Roaming\1.exe not found.
========== COMMANDS ==========

[EMPTYFLASH]

User: All Users

User: Default
->Flash cache emptied: 56504 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: KreanPlay
->Flash cache emptied: 57878 bytes

User: Public

Total Flash Files Cleaned = 0,00 mb


[EMPTYTEMP]

User: All Users

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: KreanPlay
->Temp folder emptied: 50981 bytes
->Temporary Internet Files folder emptied: 1947647 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Public

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5112 bytes
Session Manager Temp folder emptied: 4193761 bytes
Session Manager Tmp folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6,00 mb


OTL by OldTimer - Version 3.2.65.1 log created on 09222012_205550

Files\Folders moved on Reboot...
C:\Wintemp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
Aktueller Scan von heute.
OTL Logfile:
Code:
OTL logfile created on: 23.09.2012 16:26:16 - Run 2
OTL by OldTimer - Version 3.2.65.1    Folder = D:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,95 Gb Total Physical Memory | 2,31 Gb Available Physical Memory | 58,42% Memory free
7,90 Gb Paging File | 5,43 Gb Available in Paging File | 68,75% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 77,08 Gb Free Space | 64,69% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 640,24 Gb Free Space | 68,73% Space Free | Partition Type: NTFS
 
Computer Name: KREANPLAY-PC | User Name: KreanPlay | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
PRC - D:\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_278.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
PRC - C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
PRC - C:\Users\KreanPlay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe ()
PRC - D:\90 Installiertes\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\PowerControlHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetSvcHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\NetiCtrlTray.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\12.2.6\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\SiteSafety.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
MOD - D:\90 Installiertes\Steam\bin\libcef.dll ()
MOD - D:\90 Installiertes\Steam\bin\avcodec-53.dll ()
MOD - D:\90 Installiertes\Steam\bin\chromehtml.dll ()
MOD - D:\90 Installiertes\Steam\bin\avformat-53.dll ()
MOD - D:\90 Installiertes\Steam\bin\avutil-51.dll ()
MOD - c:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.dll ()
MOD - C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe ()
MOD - C:\Windows\assembly\GAC\Microsoft.mshtml\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.mshtml.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data.SQLite\1.0.66.0__db937bc2d44ff139\System.Data.SQLite.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\Interop.SHDocVw\1.1.0.0__84542ff99aed6a4d\Interop.SHDocVw.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\CustomMarshalers\626d0ac2f4ada682d7ca6c4ebf821469\CustomMarshalers.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\0ac5296285b1a74de78ded1c844cfb60\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web.Services\761fd1afc17f11bf6d49c3a7d16465ca\System.Web.Services.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8ab16b2721684612a1c9053401797082\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.Utilities.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.SocialNetsSharer.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.SideBySide.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.ProcessDownMonitor.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.HistoryAndStatsWrapper.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.FilesManager.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Resources.AutomaticUpdates.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Personalization.Common.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Personalization.BusinessLogic.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Utilities.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Plugins.InternetExplorerLocalPlugin.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.Core.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.EventManager.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.Infrastructure.BusinessEntities.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.Multimedia.Loader.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.MainClient.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.Controls.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Smartbar.GUI.Docking.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\MACTrackBarLib.dll ()
MOD - C:\Users\KreanPlay\AppData\Local\Smartbar\Application\de\Smartbar.GUI.MainClient.resources.dll ()
MOD - C:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\helperbar@helperbar.com\components\SmartbarFireFoxRemotePlugin_14.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\Network iControl.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\gep.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\func.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\PEInfo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll ()
MOD - C:\Windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Network iControl\NetSvcHelp\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\AsIdxParser.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\USB BIOS Flashback\Aszip.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()
MOD - C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.exe ()
MOD - C:\Program Files (x86)\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (vToolbarUpdater12.2.6) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll ()
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (RichVideo64) -- C:\Programme\CyberLink\Shared files\RichVideo64.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (ST2012_Svc) -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe (Crawler.com)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (HiPatchService) -- D:\90 Installiertes\HiPatchService.exe (Hi-Rez Studios)
SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.)
SRV - (PC Performer Manager) -- C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AsusFanControlService) -- C:\Program Files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe (ASUSTeK Computer Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.)
SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (sp_rsdrv2) -- C:\Windows\SysNative\drivers\stflt.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Rovi Corporation)
DRV:64bit: - (ndisrd) -- C:\Windows\SysNative\drivers\ndisrd.sys (NT Kernel Resources)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT3227980
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://isearch.avg.com/?cid={C2F56F8A-40D0-4AC9-B0BF-AA40932A7EE9}&mid=4b550233c51a47d0af9ec1f60e974501-eec03004b6a4821d172d3ffe41973a5534b0fa28&lang=de&ds=od011&pr=sa&d=2012-07-21 09:46:14&v=12.1.0.20&sap=hp
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 80 F6 9B 4F F5 65 CD 01  [binary data]
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\URLSearchHook: {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={A65ABCC9-9A87-401F-B4B2-24CE75AF61F4}&mid=4b550233c51a47d0af9ec1f60e974501-eec03004b6a4821d172d3ffe41973a5534b0fa28&lang=de&ds=AVG&pr=fr&d=2012-09-23 10:24:38&v=12.2.5.34&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1864943427-391754695-4144144592-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\12.2.5.34\ [2012.09.23 10:24:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.08.08 20:56:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\specialsavings@superfish.com: C:\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\specialsavings@superfish.com [2012.08.08 20:57:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\FirefoxExtension [2012.08.08 20:57:43 | 000,000,000 | ---D | M]
 
[2012.07.29 20:38:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Extensions
[2012.08.08 20:57:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Firefox\C\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions
[2012.08.08 20:57:24 | 000,000,000 | ---D | M] (PriceGong) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Firefox\C\Users\KreanPlay\AppData\Roaming\Mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\{8A9386B4-E958-4c4c-ADF4-8F26DB3E4829}
[2012.09.23 16:24:51 | 000,000,000 | ---D | M] (No name found) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions
[2012.09.19 16:46:35 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\battlefieldplay4free@ea.com
[2012.09.09 13:59:52 | 000,000,000 | ---D | M] ("Savings Sidekick") -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\crossriderapp5060@crossrider.com
[2012.09.23 16:24:51 | 000,000,000 | ---D | M] ("Linkury Smartbar") -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\helperbar@helperbar.com
[2012.08.08 20:57:25 | 000,000,000 | ---D | M] (SpecialSavings) -- C:\Users\KreanPlay\AppData\Roaming\mozilla\Profiles\uqp8ve0c.KreanPlay\extensions\specialsavings@superfish.com
[2012.07.29 20:38:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.16 09:23:08 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.07.14 02:15:45 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.23 10:24:37 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.07.14 02:45:08 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Talk Plugin (Enabled) = C:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll
CHR - plugin: Google Talk Plugin Video Accelerator (Enabled) = C:\Users\KreanPlay\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = D:\90 Installiertes\plugins\npqtplugin7.dll
CHR - plugin: AVG SiteSafety plugin (Enabled) = C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\12.2.6\\npsitesafety.dll
CHR - plugin: Google Update (Enabled) = C:\Users\KreanPlay\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll
CHR - plugin: Intel\u00AE Identity Protection Technology (Enabled) = C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll
CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: PriceGong = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\bkomkajifikmkfnjgphkjcfeepbnojok\5.6.5_0\
CHR - Extension: YouTube = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Savings Sidekick = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo\1.20.34_0\crossrider
CHR - Extension: Savings Sidekick = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhdepfaagokllfmhfbcfmocaeigmoebo\1.20.34_0\
CHR - Extension: AVG Secure Search = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.34_0\
CHR - Extension: Google Mail = C:\Users\KreanPlay\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (appbario8 Toolbar) - {0cc09160-108c-4759-bab1-5c12c216e005} - C:\Program Files (x86)\appbario8\prxtbappb.dll (Conduit Ltd.)
O2 - BHO: (Savings Sidekick) - {11111111-1111-1111-1111-110011501160} - C:\Program Files (x86)\Savings Sidekick\Savings Sidekick.dll (215 Apps)
O2 - BHO: (Shopping Assistant Plugin) - {1631550F-191D-4826-B069-D9439253D926} - C:\Program Files (x86)\PriceGong\2.6.4\PriceGongIE.dll (PriceGong)
O2 - BHO: (SpecialSavings) - {74F475FA-6C75-43BD-AAB9-ECDA6184F600} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com)
O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [QuickTime Task] D:\90 Installiertes\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [ROC_ROC_NT] C:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [Akamai NetSession Interface] C:\Users\KreanPlay\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [Browser Infrastructure Helper] C:\Users\KreanPlay\AppData\Local\Smartbar\Application\Linkury.exe (Smartbar)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [ccleaner] C:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000..\Run: [Steam] D:\90 Installiertes\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: SpecialSavings - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - C:\Program Files (x86)\SpecialSavings\SpecialSavingsSinged.dll (SpecialSavings)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D0A5D923-0469-46BF-B156-42EC7C8D7E99}: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EB9DAABB-D179-4CF8-B878-171278BFE448}: DhcpNameServer = 10.0.0.138
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll ()
O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll) - c:\ProgramData\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKU\S-1-5-21-1864943427-391754695-4144144592-1000 Winlogon: Shell - (C:\Users\KreanPlay\AppData\Roaming\1.exe) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{f8d1ae4e-d1e6-11e1-9b3e-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{f8d1ae4e-d1e6-11e1-9b3e-806e6f6e6963}\Shell\AutoRun\command - "" = E:\PopCDRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2013\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.09.23 13:43:39 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\Application Data
[2012.09.23 11:25:03 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\CyberLink
[2012.09.23 11:24:48 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 11
[2012.09.23 11:24:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Cyberlink
[2012.09.23 11:23:20 | 000,000,000 | ---D | C] -- C:\Program Files\CyberLink
[2012.09.23 11:22:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012.09.23 11:22:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google
[2012.09.23 11:21:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Temp
[2012.09.23 11:21:54 | 000,000,000 | ---D | C] -- C:\ProgramData\install_clap
[2012.09.23 11:06:05 | 000,000,000 | ---D | C] -- C:\ProgramData\CyberLink
[2012.09.23 10:40:25 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.09.23 10:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012
[2012.09.23 10:40:25 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\Spyware Terminator
[2012.09.23 10:40:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator
[2012.09.23 10:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator
[2012.09.23 10:25:22 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\AVG2013
[2012.09.23 10:24:46 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\AVG Secure Search
[2012.09.23 10:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.09.23 10:24:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.09.23 10:24:38 | 000,031,080 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.09.23 10:24:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.09.23 10:24:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.09.23 10:23:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.09.23 10:23:51 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.09.23 10:16:41 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\Avg2013
[2012.09.23 10:11:21 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\TuneUp Software
[2012.09.23 10:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2012.09.23 10:07:44 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\MFAData
[2012.09.23 10:07:44 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.09.23 00:21:42 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2012.09.22 18:33:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.09.22 18:31:13 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\Malwarebytes
[2012.09.22 18:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.09.22 18:30:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.09.22 18:30:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.09.22 18:30:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.09.22 06:42:42 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.09.19 17:11:30 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\PunkBuster
[2012.09.19 17:08:50 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EA Games
[2012.09.19 16:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2012.09.17 18:58:54 | 000,056,672 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012.09.16 08:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RocketDock
[2012.09.16 08:52:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RocketDock
[2012.09.15 17:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\alaplaya
[2012.09.15 17:21:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\alaplaya
[2012.09.15 17:10:40 | 000,000,000 | ---D | C] -- C:\Users\KreanPlay\AppData\Local\Akamai
[2012.09.15 17:09:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Akamai
[2012.09.14 18:32:14 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012.09.14 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.09.14 18:32:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.09.14 18:32:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.09.14 05:34:34 | 000,105,312 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012.09.12 11:47:20 | 000,199,520 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012.09.12 11:47:02 | 000,175,968 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.23 16:27:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000UA.job
[2012.09.23 16:17:54 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.09.23 16:17:54 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.09.23 16:17:54 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.09.23 16:17:54 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.09.23 16:17:54 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.09.23 16:16:37 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 16:16:37 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.09.23 16:15:09 | 000,000,000 | ---- | M] () -- C:\Windows\Path.idx
[2012.09.23 16:10:06 | 001,048,576 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2012.09.23 16:09:54 | 012,482,072 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.09.23 16:09:42 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.23 16:09:21 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.09.23 16:09:17 | 3182,690,304 | -HS- | M] () -- C:\hiberfil.sys
[2012.09.23 13:33:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.23 13:29:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.09.23 13:26:38 | 000,001,099 | ---- | M] () -- C:\Windows\MB.idx
[2012.09.23 13:12:10 | 000,000,952 | -HS- | M] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.09.23 13:12:10 | 000,000,056 | RHS- | M] () -- C:\Windows\SysWow64\DC7F58F417.sys
[2012.09.23 11:37:20 | 000,002,352 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.23 10:40:25 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys
[2012.09.23 10:40:25 | 000,001,050 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.09.23 10:24:45 | 000,000,993 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.09.23 10:24:38 | 000,031,080 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2012.09.22 18:30:50 | 000,001,121 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.22 18:27:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000Core.job
[2012.09.19 17:16:34 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.19 17:16:09 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.19 17:16:09 | 000,282,104 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.17 18:58:54 | 000,056,672 | ---- | M] (AVG Technologies CZ, s.r.o. ) -- C:\Windows\SysNative\drivers\avgidsha.sys
[2012.09.15 17:22:18 | 000,001,818 | ---- | M] () -- C:\Users\Public\Desktop\S4League.lnk
[2012.09.14 05:34:34 | 000,105,312 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgmfx64.sys
[2012.09.12 11:47:20 | 000,199,520 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgtdia.sys
[2012.09.12 11:47:02 | 000,175,968 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Windows\SysNative\drivers\avgldx64.sys
[2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
 
========== Files Created - No Company Name ==========
 
[2012.09.23 11:22:58 | 000,002,352 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012.09.23 11:22:36 | 000,001,116 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.09.23 11:22:36 | 000,001,112 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.09.23 10:40:25 | 000,001,050 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk
[2012.09.23 10:24:45 | 000,000,993 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.09.22 18:30:50 | 000,001,121 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2012.09.20 17:36:40 | 000,001,087 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6 (64 Bit).lnk
[2012.09.20 17:36:31 | 000,001,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS6.lnk
[2012.09.20 17:36:15 | 000,001,181 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge CS6.lnk
[2012.09.19 17:12:03 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.09.19 17:08:53 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.19 17:08:52 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.15 17:22:18 | 000,001,818 | ---- | C] () -- C:\Users\Public\Desktop\S4League.lnk
[2012.08.20 16:09:54 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012.08.20 16:09:54 | 000,811,008 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.08.20 16:09:54 | 000,198,656 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.08.14 09:10:19 | 000,000,056 | RHS- | C] () -- C:\Windows\SysWow64\DC7F58F417.sys
[2012.08.14 09:10:15 | 000,000,952 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.07.20 13:39:47 | 000,005,120 | ---- | C] () -- C:\Users\KreanPlay\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.20 12:29:23 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.07.19 23:58:44 | 004,962,240 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.07.19 23:55:04 | 001,048,576 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.07.19 23:52:44 | 000,014,464 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsUpIO.sys
[2012.07.19 23:52:08 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.07.19 23:52:08 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.07.19 23:52:08 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.07.19 23:46:50 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.07.19 23:45:21 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.07.19 22:26:36 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.07.19 22:26:29 | 000,039,559 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.06.11 18:50:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.06.11 18:50:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.10 16:35:16 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.02 22:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2012.07.30 12:31:10 | 000,001,458 | ---- | M] () -- C:\Users\KreanPlay\AppData\Roaming\.minecraft\bin\l.class
[2012.07.30 12:31:10 | 000,003,265 | ---- | M] () -- C:\Users\KreanPlay\AppData\Roaming\.minecraft\bin\n.class
[2012.07.30 12:31:10 | 000,002,219 | ---- | M] () -- C:\Users\KreanPlay\AppData\Roaming\.minecraft\bin\u.class
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
========== LOP Check ==========
 
[2012.08.20 19:32:59 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\.minecraft
[2012.07.19 21:32:47 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\.Nitrous
[2012.09.23 10:25:22 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\AVG2013
[2012.07.20 15:54:33 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Blender Foundation
[2012.07.23 20:04:53 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.08.04 08:01:56 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\DAEMON Tools Lite
[2012.08.17 07:12:38 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\FileZilla
[2012.08.18 18:01:31 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Image-Line
[2012.08.23 09:33:10 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\MAXON
[2012.08.16 18:52:00 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Notepad++
[2012.08.18 11:29:23 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\OpenCandy
[2012.09.22 20:38:15 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\PACE Anti-Piracy
[2012.08.08 20:24:32 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\PDAppFlex
[2012.07.21 09:06:51 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\pdfforge
[2012.09.23 10:40:25 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\Spyware Terminator
[2012.09.23 10:11:21 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\TuneUp Software
[2012.08.03 18:26:22 | 000,000,000 | ---D | M] -- C:\Users\KreanPlay\AppData\Roaming\uTorrent
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1244 bytes -> C:\Wintemp:iwg54f3osEWs8NJVq12
@Alternate Data Stream - 1210 bytes -> C:\Users\KreanPlay\AppData\Local\UWfSpa4cQH:3sBaOgwaSChB2gxWW7wc8m
@Alternate Data Stream - 1110 bytes -> C:\Users\KreanPlay\AppData\Local\E81GlaSED3Y:WMiH9CWZVAFVDcUQIrbLwdlI
@Alternate Data Stream - 1098 bytes -> C:\Users\KreanPlay\AppData\Local\I9dc3BqVMJ5h:lPpZ8zqc1XrbF5V8Zc

< End of report >
--- --- ---

markusg 24.09.2012 17:33
hallo
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

KriegerDL 05.10.2012 12:17
So, erledigt:
BitteDanke

Combofix Logfile:
Code:
ComboFix 12-10-04.02 - KreanPlay 05.10.2012  13:10:54.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.4047.1861 [GMT 2:00]
ausgeführt von:: c:\users\KreanPlay\Downloads\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Savings Sidekick
c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
c:\program files (x86)\Savings Sidekick\Savings Sidekick.exe
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ico
c:\program files (x86)\Savings Sidekick\Savings Sidekick.ini
c:\program files (x86)\Savings Sidekick\Savings SidekickInstaller.log
c:\program files (x86)\Savings Sidekick\Uninstall.exe
c:\users\KreanPlay\AppData\Local\Savings Sidekick
c:\users\KreanPlay\AppData\Local\Savings Sidekick\Chrome\Savings Sidekick.crx
D:\install.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2012-09-05 bis 2012-10-05  ))))))))))))))))))))))))))))))
.
.
2012-09-30 12:27 . 2012-09-30 12:38        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\.minecraft
2012-09-29 18:23 . 2012-10-01 14:39        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\Audacity
2012-09-29 18:23 . 2012-09-29 18:23        --------        d-----w-        c:\program files (x86)\Audacity
2012-09-29 05:41 . 2012-09-29 05:41        --------        d-----w-        c:\program files (x86)\NVIDIA Corporation
2012-09-28 20:28 . 2012-09-28 20:28        --------        d-----w-        c:\users\KreanPlay\AppData\Local\SCE
2012-09-28 11:11 . 2012-09-28 11:11        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\wargaming.net
2012-09-28 11:11 . 2012-09-28 11:11        --------        d-----w-        C:\Games
2012-09-26 13:33 . 2012-08-21 21:01        245760        ----a-w-        c:\windows\system32\OxpsConverter.exe
2012-09-23 09:25 . 2012-09-27 13:51        --------        d-----w-        c:\users\Public\CyberLink
2012-09-23 09:25 . 2012-09-23 09:25        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\CyberLink
2012-09-23 09:24 . 2012-09-23 09:24        --------        d-----w-        c:\program files (x86)\Cyberlink
2012-09-23 09:23 . 2012-09-23 09:24        --------        d-----w-        c:\program files\CyberLink
2012-09-23 09:22 . 2012-09-23 09:22        --------        d-----w-        c:\program files (x86)\Google
2012-09-23 09:21 . 2012-09-23 09:21        --------        d-----w-        c:\programdata\install_clap
2012-09-23 09:06 . 2012-09-29 07:00        --------        d-----w-        c:\programdata\CyberLink
2012-09-23 08:40 . 2012-10-04 15:26        --------        d-----w-        c:\programdata\Spyware Terminator
2012-09-23 08:40 . 2012-09-23 08:40        51496        ----a-w-        c:\windows\system32\drivers\stflt.sys
2012-09-23 08:40 . 2012-09-23 08:40        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\Spyware Terminator
2012-09-23 08:39 . 2012-09-23 08:40        --------        d-----w-        c:\program files (x86)\Spyware Terminator
2012-09-23 08:25 . 2012-09-23 08:25        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\AVG2013
2012-09-23 08:24 . 2012-09-23 08:24        --------        d-----w-        c:\users\KreanPlay\AppData\Local\AVG Secure Search
2012-09-23 08:24 . 2012-09-23 08:24        --------        d-----w-        c:\programdata\AVG Secure Search
2012-09-23 08:24 . 2012-09-23 08:24        31080        ----a-w-        c:\windows\system32\drivers\avgtpx64.sys
2012-09-23 08:24 . 2012-09-23 08:24        --------        d-----w-        c:\program files (x86)\Common Files\AVG Secure Search
2012-09-23 08:24 . 2012-09-23 08:24        --------        d-----w-        c:\program files (x86)\AVG Secure Search
2012-09-23 08:23 . 2012-09-23 08:32        --------        d-----w-        c:\programdata\AVG2013
2012-09-23 08:23 . 2012-09-23 08:23        --------        d-----w-        C:\$AVG
2012-09-23 08:16 . 2012-09-23 08:27        --------        d-----w-        c:\users\KreanPlay\AppData\Local\Avg2013
2012-09-23 08:11 . 2012-09-23 08:11        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\TuneUp Software
2012-09-23 08:10 . 2012-09-23 08:10        --------        d-----w-        c:\program files (x86)\AVG
2012-09-23 08:07 . 2012-10-05 10:55        --------        d-----w-        c:\programdata\MFAData
2012-09-23 08:07 . 2012-09-23 08:07        --------        d-----w-        c:\users\KreanPlay\AppData\Local\MFAData
2012-09-22 22:21 . 2011-07-13 02:55        2237440        ----a-r-        C:\OTLPE.exe
2012-09-22 16:33 . 2012-09-22 16:33        --------        d-----w-        c:\program files (x86)\Common Files\Java
2012-09-22 16:33 . 2012-09-22 16:33        95208        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-22 16:31 . 2012-09-22 16:31        --------        d-----w-        c:\users\KreanPlay\AppData\Roaming\Malwarebytes
2012-09-22 16:30 . 2012-09-22 16:30        --------        d-----w-        c:\programdata\Malwarebytes
2012-09-22 16:30 . 2012-08-30 07:27        9308616        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{51D79C41-9882-4A89-B242-81A9EE3A60AE}\mpengine.dll
2012-09-22 04:42 . 2012-09-22 16:16        --------        d-----w-        C:\_OTL
2012-09-19 15:12 . 2012-09-30 08:26        282312        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2012-09-19 15:11 . 2012-09-29 05:45        --------        d-----w-        c:\users\KreanPlay\AppData\Local\PunkBuster
2012-09-19 15:08 . 2012-09-30 08:26        282312        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2012-09-19 15:08 . 2012-09-30 08:25        283312        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2012-09-19 15:08 . 2012-09-29 05:41        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2012-09-19 14:46 . 2012-09-19 14:46        --------        d-----w-        c:\program files (x86)\EA Games
2012-09-17 16:58 . 2012-09-17 16:58        56672        ----a-w-        c:\windows\system32\drivers\avgidsha.sys
2012-09-16 06:52 . 2012-09-16 06:52        --------        d-----w-        c:\program files (x86)\RocketDock
2012-09-15 15:21 . 2012-09-15 15:21        --------        d-----w-        c:\program files (x86)\alaplaya
2012-09-15 15:21 . 2003-08-15 14:02        69632        ------w-        c:\program files (x86)\Common Files\InstallShield\UpdateService\issch.exe
2012-09-15 15:21 . 2003-08-15 14:01        380928        ------w-        c:\program files (x86)\Common Files\InstallShield\UpdateService\agent.exe
2012-09-15 15:21 . 2003-08-15 13:57        212992        ------w-        c:\program files (x86)\Common Files\InstallShield\UpdateService\ISDM.exe
2012-09-15 15:21 . 2003-09-03 00:26        192512        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iuser.dll
2012-09-15 15:21 . 2012-09-15 15:21        311428        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\Setup.dll
2012-09-15 15:21 . 2012-09-15 15:21        184452        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iGdi.dll
2012-09-15 15:21 . 2003-09-03 00:28        724992        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iKernel.dll
2012-09-15 15:21 . 2003-09-03 00:27        69715        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\ctor.dll
2012-09-15 15:21 . 2003-09-03 00:26        266240        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\iscript.dll
2012-09-15 15:21 . 2003-09-03 00:25        5632        ----a-w-        c:\program files (x86)\Common Files\InstallShield\Professional\RunTime\09\00\Intel32\DotNetInstaller.exe
2012-09-15 15:10 . 2012-09-15 15:11        --------        d-----w-        c:\users\KreanPlay\AppData\Local\Akamai
2012-09-15 15:09 . 2012-10-05 11:10        --------        d-----w-        c:\program files (x86)\Common Files\Akamai
2012-09-14 16:32 . 2012-09-29 19:10        --------        d-----w-        c:\program files (x86)\Common Files\PX Storage Engine
2012-09-14 16:32 . 2012-09-14 16:32        --------        d-----w-        c:\program files (x86)\Common Files\Sonic Shared
2012-09-14 16:32 . 2011-11-03 01:01        56208        ------w-        c:\windows\system32\drivers\PxHlpa64.sys
2012-09-14 16:32 . 2011-10-17 01:00        10224        ------w-        c:\windows\system32\drivers\cdralw2k.sys
2012-09-14 16:32 . 2011-10-17 01:00        10224        ------w-        c:\windows\system32\drivers\cdr4_xp.sys
2012-09-14 16:32 . 2012-09-14 16:32        --------        d-----w-        c:\program files (x86)\My Company Name
2012-09-14 03:34 . 2012-09-14 03:34        105312        ----a-w-        c:\windows\system32\drivers\avgmfx64.sys
2012-09-12 11:55 . 2012-08-22 18:12        1913200        ----a-w-        c:\windows\system32\drivers\tcpip.sys
2012-09-12 11:55 . 2012-08-22 18:12        950128        ----a-w-        c:\windows\system32\drivers\ndis.sys
2012-09-12 11:55 . 2012-08-22 18:12        376688        ----a-w-        c:\windows\system32\drivers\netio.sys
2012-09-12 11:55 . 2012-08-22 18:12        288624        ----a-w-        c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-12 11:55 . 2012-08-02 17:58        574464        ----a-w-        c:\windows\system32\d3d10level9.dll
2012-09-12 11:55 . 2012-08-02 16:57        490496        ----a-w-        c:\windows\SysWow64\d3d10level9.dll
2012-09-12 11:55 . 2012-07-04 20:26        41472        ----a-w-        c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 09:47 . 2012-09-12 09:47        199520        ----a-w-        c:\windows\system32\drivers\avgtdia.sys
2012-09-12 09:47 . 2012-09-12 09:47        175968        ----a-w-        c:\windows\system32\drivers\avgldx64.sys
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 10:50 . 2012-07-19 21:55        1048576        ----a-w-        c:\windows\PE_Rom.dll
2012-09-22 16:33 . 2012-07-20 09:09        821736        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2012-09-22 16:33 . 2012-07-20 09:09        746984        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2012-09-19 14:09 . 2012-07-20 07:40        696240        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-19 14:09 . 2012-07-20 07:40        73136        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-09-12 15:25 . 2012-08-05 06:00        64462936        ----a-w-        c:\windows\system32\MRT.exe
2012-08-13 14:40 . 2012-08-13 14:40        150880        ----a-w-        c:\windows\system32\drivers\avgidsdrivera.sys
2012-08-10 02:52 . 2012-08-10 02:52        40288        ----a-w-        c:\windows\system32\drivers\avgrkx64.sys
2012-08-09 11:56 . 2012-08-09 11:56        230240        ----a-w-        c:\windows\system32\drivers\avgloga.sys
2012-08-03 16:24 . 2012-08-03 16:24        560184        ----a-w-        c:\windows\system32\drivers\sptd.sys
2012-07-21 07:11 . 2012-07-21 07:11        71680        ----a-w-        c:\windows\system32\frapsv64.dll
2012-07-21 07:11 . 2012-07-21 07:11        65536        ----a-w-        c:\windows\SysWow64\frapsvid.dll
2012-07-20 08:02 . 2012-07-20 08:02        91648        ----a-w-        c:\windows\system32\SetIEInstalledDate.exe
2012-07-20 08:02 . 2012-07-20 08:02        89088        ----a-w-        c:\windows\system32\RegisterIEPKEYs.exe
2012-07-20 08:02 . 2012-07-20 08:02        89088        ----a-w-        c:\windows\system32\ie4uinit.exe
2012-07-20 08:02 . 2012-07-20 08:02        86528        ----a-w-        c:\windows\SysWow64\iesysprep.dll
2012-07-20 08:02 . 2012-07-20 08:02        85504        ----a-w-        c:\windows\system32\iesetup.dll
2012-07-20 08:02 . 2012-07-20 08:02        82432        ----a-w-        c:\windows\system32\icardie.dll
2012-07-20 08:02 . 2012-07-20 08:02        76800        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2012-07-20 08:02 . 2012-07-20 08:02        76800        ----a-w-        c:\windows\system32\tdc.ocx
2012-07-20 08:02 . 2012-07-20 08:02        74752        ----a-w-        c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-07-20 08:02 . 2012-07-20 08:02        74752        ----a-w-        c:\windows\SysWow64\iesetup.dll
2012-07-20 08:02 . 2012-07-20 08:02        65024        ----a-w-        c:\windows\system32\pngfilt.dll
2012-07-20 08:02 . 2012-07-20 08:02        63488        ----a-w-        c:\windows\SysWow64\tdc.ocx
2012-07-20 08:02 . 2012-07-20 08:02        55296        ----a-w-        c:\windows\system32\msfeedsbs.dll
2012-07-20 08:02 . 2012-07-20 08:02        534528        ----a-w-        c:\windows\system32\ieapfltr.dll
2012-07-20 08:02 . 2012-07-20 08:02        49664        ----a-w-        c:\windows\system32\imgutil.dll
2012-07-20 08:02 . 2012-07-20 08:02        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2012-07-20 08:02 . 2012-07-20 08:02        48640        ----a-w-        c:\windows\system32\mshtmler.dll
2012-07-20 08:02 . 2012-07-20 08:02        452608        ----a-w-        c:\windows\system32\dxtmsft.dll
2012-07-20 08:02 . 2012-07-20 08:02        448512        ----a-w-        c:\windows\system32\html.iec
2012-07-20 08:02 . 2012-07-20 08:02        403248        ----a-w-        c:\windows\system32\iedkcs32.dll
2012-07-20 08:02 . 2012-07-20 08:02        39936        ----a-w-        c:\windows\system32\iernonce.dll
2012-07-20 08:02 . 2012-07-20 08:02        3695416        ----a-w-        c:\windows\system32\ieapfltr.dat
2012-07-20 08:02 . 2012-07-20 08:02        367104        ----a-w-        c:\windows\SysWow64\html.iec
2012-07-20 08:02 . 2012-07-20 08:02        35840        ----a-w-        c:\windows\SysWow64\imgutil.dll
2012-07-20 08:02 . 2012-07-20 08:02        30720        ----a-w-        c:\windows\system32\licmgr10.dll
2012-07-20 08:02 . 2012-07-20 08:02        282112        ----a-w-        c:\windows\system32\dxtrans.dll
2012-07-20 08:02 . 2012-07-20 08:02        267776        ----a-w-        c:\windows\system32\ieaksie.dll
2012-07-20 08:02 . 2012-07-20 08:02        249344        ----a-w-        c:\windows\system32\webcheck.dll
2012-07-20 08:02 . 2012-07-20 08:02        23552        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2012-07-20 08:02 . 2012-07-20 08:02        222208        ----a-w-        c:\windows\system32\msls31.dll
2012-07-20 08:02 . 2012-07-20 08:02        197120        ----a-w-        c:\windows\system32\msrating.dll
2012-07-20 08:02 . 2012-07-20 08:02        165888        ----a-w-        c:\windows\system32\iexpress.exe
2012-07-20 08:02 . 2012-07-20 08:02        163840        ----a-w-        c:\windows\system32\ieakui.dll
2012-07-20 08:02 . 2012-07-20 08:02        161792        ----a-w-        c:\windows\SysWow64\msls31.dll
2012-07-20 08:02 . 2012-07-20 08:02        160256        ----a-w-        c:\windows\system32\wextract.exe
2012-07-20 08:02 . 2012-07-20 08:02        160256        ----a-w-        c:\windows\system32\ieakeng.dll
2012-07-20 08:02 . 2012-07-20 08:02        152064        ----a-w-        c:\windows\SysWow64\wextract.exe
2012-07-20 08:02 . 2012-07-20 08:02        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2012-07-20 08:02 . 2012-07-20 08:02        149504        ----a-w-        c:\windows\system32\occache.dll
2012-07-20 08:02 . 2012-07-20 08:02        145920        ----a-w-        c:\windows\system32\iepeers.dll
2012-07-20 08:02 . 2012-07-20 08:02        135168        ----a-w-        c:\windows\system32\IEAdvpack.dll
2012-07-20 08:02 . 2012-07-20 08:02        12288        ----a-w-        c:\windows\system32\mshta.exe
2012-07-20 08:02 . 2012-07-20 08:02        11776        ----a-w-        c:\windows\SysWow64\mshta.exe
2012-07-20 08:02 . 2012-07-20 08:02        114176        ----a-w-        c:\windows\system32\admparse.dll
2012-07-20 08:02 . 2012-07-20 08:02        111616        ----a-w-        c:\windows\system32\iesysprep.dll
2012-07-20 08:02 . 2012-07-20 08:02        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2012-07-20 08:02 . 2012-07-20 08:02        10752        ----a-w-        c:\windows\system32\msfeedssync.exe
2012-07-20 08:02 . 2012-07-20 08:02        103936        ----a-w-        c:\windows\system32\inseng.dll
2012-07-20 08:02 . 2012-07-20 08:02        101888        ----a-w-        c:\windows\SysWow64\admparse.dll
2012-07-19 22:00 . 2012-07-19 21:58        4962240        ----a-w-        c:\windows\PE_File.dll
2012-07-19 20:30 . 2012-07-19 20:30        16896        ----a-w-        c:\windows\AsTaskSched.dll
2012-07-18 18:15 . 2012-08-15 10:58        3148800        ----a-w-        c:\windows\system32\win32k.sys
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{0cc09160-108c-4759-bab1-5c12c216e005}"= "c:\program files (x86)\appbario8\prxtbappb.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{0cc09160-108c-4759-bab1-5c12c216e005}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0cc09160-108c-4759-bab1-5c12c216e005}]
2011-05-09 09:49        176936        ----a-w-        c:\program files (x86)\appbario8\prxtbappb.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{1631550F-191D-4826-B069-D9439253D926}]
2012-03-25 12:54        413568        ----a-w-        c:\program files (x86)\PriceGong\2.6.4\PriceGongIE.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-09-23 08:24        1734240        ----a-w-        c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\12.2.5.34\AVG Secure Search_toolbar.dll" [2012-09-23 1734240]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="d:\90 installiertes\Steam\steam.exe" [2012-08-04 1353080]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
"ccleaner"="c:\program files\CCleaner\CCleaner64.exe" [2012-06-22 5283680]
"Browser Infrastructure Helper"="c:\users\KreanPlay\AppData\Local\Smartbar\Application\Linkury.exe" [2012-06-24 19800]
"Akamai NetSession Interface"="c:\users\KreanPlay\AppData\Local\Akamai\netsession_win.exe" [2012-08-10 4440896]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-02-29 56088]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-03-26 291608]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-04-04 843712]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-06-11 641704]
"LogMeIn Hamachi Ui"="c:\program files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe" [2012-06-27 1996200]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"AdobeCS6ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe" [2012-03-09 1073312]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"QuickTime Task"="d:\90 installiertes\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-23 856160]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-09-14 3039352]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-09-23 947808]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe [2011-6-17 272528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%prote~1.dll c:\progra~3\pcperf~1\22558~1.177\{16cdf~1\%protector process name%.dll
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0c:\progra~2\AVG\AVG2013\avgrsa.exe /sync /restart
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages        REG_MULTI_SZ          kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-08-20 5751928]
R2 BBSvc;BingBar Service;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe [2012-06-11 193616]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 136176]
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [2012-08-13 3064000]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-19 250288]
R3 EagleX64;EagleX64;c:\windows\system32\drivers\EagleX64.sys [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 136176]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe [2011-06-17 237008]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-07-14 113120]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-07-20 1255736]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-17 56672]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-08-09 230240]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-08-10 40288]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-03-26 19224]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-03 56208]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-08-13 150880]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-09-12 175968]
S1 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-09-14 105312]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-12 199520]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-09-23 31080]
S1 ndisrd;WinpkFilter LightWeight Filter;c:\windows\system32\DRIVERS\ndisrd.sys [2011-08-12 32360]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-04-04 63928]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-06-11 239616]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
S2 AsusFanControlService;AsusFanControlService;c:\program files (x86)\ASUS\AsusFanControlService\1.01.04\AsusFanControlService.exe [2012-04-10 1473664]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-08-20 184304]
S2 Hamachi2Svc;LogMeIn Hamachi Tunneling Engine;c:\program files (x86)\LogMeIn Hamachi\hamachi-2.exe [2012-06-27 2369960]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-02-01 13592]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-07 161560]
S2 PC Performer Manager;PC Performer Manager;c:\programdata\PC Performer Manager\2.2.558.177\{16cdff19-861d-48e3-a751-d99a27784753}\%Protector Process Name%.exe [2012-08-08 1695776]
S2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO64.EXE [2012-09-11 390672]
S2 sp_rsdrv2;Spyware Terminator Driver Filter;c:\windows\system32\DRIVERS\stflt.sys [2012-09-23 51496]
S2 ST2012_Svc;Spyware Terminator 2012 Realtime Shield Service;c:\program files (x86)\Spyware Terminator\st_rsser64.exe [2012-09-06 1148664]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-07 363800]
S2 vToolbarUpdater12.2.6;vToolbarUpdater12.2.6;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\12.2.6\ToolbarUpdater.exe [2012-09-23 722528]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [2012-06-11 10248192]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [2012-06-11 367616]
S3 ASUSFILTER;ASUSFILTER;SysWow64\drivers\ASUSFILTER.sys [x]
S3 athur;Wireless Network Adapter Service;c:\windows\system32\DRIVERS\athurx.sys [2010-01-05 1847296]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-02-23 95760]
S3 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe [2012-06-11 240208]
S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [2011-05-27 160768]
S3 ICCWDT;Intel(R) Watchdog Timer Driver (Intel(R) WDT);c:\windows\system32\DRIVERS\ICCWDT.sys [2010-08-17 26136]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-03-26 356632]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-03-26 789272]
S3 MEIx64;Intel(R) Management Engine Interface ;c:\windows\system32\DRIVERS\HECIx64.sys [2011-11-09 60184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-02-03 677480]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
Akamai        REG_MULTI_SZ          Akamai
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-04 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-20 14:09]
.
2012-10-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 09:22]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-09-23 09:22]
.
2012-10-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000Core.job
- c:\users\KreanPlay\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 13:09]
.
2012-10-04 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1864943427-391754695-4144144592-1000UA.job
- c:\users\KreanPlay\AppData\Local\Google\Update\GoogleUpdate.exe [2012-07-23 13:09]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-02-10 6463592]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2012-04-04 446392]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2012-09-06 2777296]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2012-09-06 3673808]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = https://isearch.avg.com/?cid={C2F56F8A-40D0-4AC9-B0BF-AA40932A7EE9}&mid=4b550233c51a47d0af9ec1f60e974501-eec03004b6a4821d172d3ffe41973a5534b0fa28&lang=de&ds=od011&pr=sa&d=2012-07-21 09:46&v=12.1.0.20&sap=hp
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>
IE: {{A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - {A69A551A-1AAE-4B67-8C2E-52F8B8A19504} - c:\program files (x86)\SpecialSavings\SpecialSavingsSinged.dll
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\12.2.6\ViProtocol.dll
FF - ProfilePath -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{11111111-1111-1111-1111-110011501160} - c:\program files (x86)\Savings Sidekick\Savings Sidekick.dll
Toolbar-{D0F4A166-B8D4-48b8-9D63-80849FE137CB} - (no file)
Wow6432Node-HKCU-Run-AdobeBridge - (no file)
Wow6432Node-HKCU-Run-EA Core - c:\program files (x86)\Electronic Arts\EADM\Core.exe
AddRemove-Savings Sidekick - c:\program files (x86)\Savings Sidekick\Uninstall.exe
AddRemove-Steam App 105600 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 113200 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 40800 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 42910 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 620 - c:\program files (x86)\Steam\steam.exe
AddRemove-Steam App 644 - c:\program files (x86)\Steam\steam.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll"
"ImagePath"="\"c:\program files\CYBERLINK\SHARED FILES\RICHVIDEO64.EXE\"\00Z
[\]^_‰\00\00‰\00\00\00\00HIJKLMNO\00\00\00\00\00\00\00\00\03\00\00\00|}~‰\00\00‰\00\00\00\00‰\00\00\00\00\00\00\00\00‘’“"
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\Akamai]
"ServiceDll"="C:/Program Files (x86)/Common Files/Akamai/netsession_win_5891ae0.dll"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-05  13:15:10
ComboFix-quarantined-files.txt  2012-10-05 11:15
.
Vor Suchlauf: 13 Verzeichnis(se), 82.783.371.264 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 82.507.931.648 Bytes frei
.
- - End Of File - - B61A24506332F02ABB74C426468700E9
--- --- ---

markusg 05.10.2012 12:26
öffne malwarebytes, und aktualisiere es, dann vollständigen scan, und log posten bitte.


Alle Zeitangaben in WEZ +1. Es ist jetzt 21:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131