Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Firefox Delta search Tab löschen (https://www.trojaner-board.de/130667-firefox-delta-search-tab-loeschen.html)

[GSB]Reaper 05.02.2013 19:53
Firefox Delta search Tab löschen
 
Hey Leute, ich habe seid drei Tagen das Problem, dass sich bei Firefox immer eine Seite öffnet die ich nicht kenne.
Und zwar drücke ich auf "Öffnet einen neuen Tab".
Eingestellt ist normaler weise Google als neuer Tab.
Jetzt kommt eine Suchmaschine von Delta Search. Ein Freund sagt das sei ein Virus!?
Ich habe schon vieles versucht.
Ich habe Avira mein Windows Systemverzeichnis scannen lassen, nach Rootkits und aktiver Malware und zum Schluss dann auch Vollständig Scannen lassen.
Ich habe auch die Cookies bei firefox gelöscht und addons geprüft.
Kein Erfolg.
Ich bitte um Hilfe!

Im Vorraus schonmal :dankeschoen:

markusg 05.02.2013 19:54
hi
avira funde posten:
http://www.trojaner-board.de/125889-...en-posten.html
Dann:

Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

[GSB]Reaper 05.02.2013 21:12
Danke für die rasche Antwort.
Ich habe OTL direkt mal durchlaufen lassen. Hier die Logs :
OTL.Txt
Code:
OTL logfile created on: 05.02.2013 20:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Pedro Paret\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
9,97 Gb Total Physical Memory | 8,26 Gb Available Physical Memory | 82,85% Memory free
19,93 Gb Paging File | 17,97 Gb Available in Paging File | 90,19% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,35 Gb Total Space | 101,21 Gb Free Space | 45,31% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 496,32 Gb Free Space | 26,64% Space Free | Partition Type: NTFS
Drive F: | 4,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Z: | 931,51 Gb Total Space | 269,75 Gb Free Space | 28,96% Space Free | Partition Type: NTFS
 
Computer Name: PEDROPARET-PC | User Name: Pedro Paret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found --
PRC - [2013.02.05 20:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro Paret\Desktop\OTL.exe
PRC - [2013.01.25 04:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.01.19 03:51:31 | 001,129,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.01.19 03:50:07 | 001,071,392 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe
PRC - [2013.01.06 14:10:16 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.11 17:59:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.12.11 17:59:37 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.12.11 17:59:37 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.09.17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) -- Z:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe
PRC - [2012.03.30 09:39:22 | 002,042,184 | ---- | M] (Gainward Co. Ltd.) -- C:\Program Files (x86)\EXPERTool\TBPanel.exe
PRC - [2012.01.30 14:28:48 | 000,680,960 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.10 10:23:44 | 001,204,656 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe
PRC - [2010.11.03 11:42:32 | 000,909,440 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe
PRC - [2010.10.28 12:34:18 | 000,330,368 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe
PRC - [2010.10.28 04:40:12 | 000,917,120 | R--- | M] () -- C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe
PRC - [2010.10.21 16:57:58 | 001,419,904 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe
PRC - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe
PRC - [2010.10.20 09:47:58 | 001,096,832 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe
PRC - [2010.09.24 20:29:32 | 001,115,776 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe
PRC - [2010.09.13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.13 17:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.03.05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 09:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2006.11.03 11:01:16 | 000,319,488 | ---- | M] (PixArt Imaging Incorporation) -- C:\Windows\PixArt\Pac207\Monitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.11 15:56:00 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ceda881f46083cfb6356ed39e6bf9dcb\IAStorUtil.ni.dll
MOD - [2013.01.11 15:56:00 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\85a17526c326bfb377b5c2124dce39f2\IAStorCommon.ni.dll
MOD - [2013.01.09 21:07:25 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 21:07:16 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 21:07:10 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll
MOD - [2013.01.09 21:07:02 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll
MOD - [2013.01.09 21:06:58 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 21:06:57 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll
MOD - [2013.01.09 21:06:57 | 000,060,928 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\23da92e38ffc0bbf6673adb1892aa0f4\UIAutomationProvider.ni.dll
MOD - [2013.01.09 21:06:57 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll
MOD - [2013.01.09 21:06:51 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.09 21:06:48 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 21:06:47 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 21:06:46 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 21:06:43 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.01.30 15:48:04 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\de-DE\SBRecon.resources.dll
MOD - [2011.12.16 16:17:00 | 000,246,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2011.08.17 14:45:34 | 000,074,240 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2011.04.12 08:43:19 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.12.01 11:33:32 | 001,244,672 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.10.20 12:45:30 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll
MOD - [2010.10.15 16:40:30 | 001,031,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll
MOD - [2010.10.06 19:56:50 | 001,246,720 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll
MOD - [2010.09.27 19:51:16 | 001,607,168 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll
MOD - [2010.09.27 19:51:12 | 000,881,664 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll
MOD - [2010.09.27 16:34:10 | 001,030,144 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll
MOD - [2010.08.23 03:17:40 | 000,662,016 | R--- | M] () -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMLib.dll
MOD - [2010.08.06 17:13:48 | 000,886,272 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll
MOD - [2010.08.06 17:11:20 | 000,850,944 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll
MOD - [2010.08.06 17:10:22 | 000,964,608 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll
MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll
MOD - [2010.06.21 14:21:22 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll
MOD - [2009.08.12 19:15:52 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll
MOD - [2009.07.31 20:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.05.21 09:14:14 | 000,253,952 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll
MOD - [2009.05.21 03:14:14 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.06.28 09:53:00 | 004,941,768 | ---- | M] (SafeNet Inc.) [Auto | Running] -- C:\Windows\SysNative\hasplms.exe -- (hasplms)
SRV - [2013.02.02 12:03:44 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.25 04:35:08 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.23 11:08:00 | 000,543,144 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.01.19 04:12:08 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.01.06 14:10:16 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.11 17:59:45 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.12.11 17:59:37 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.10.20 09:30:46 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.10.20 09:30:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.09.17 06:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- Z:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (WAS)
SRV - [2010.11.21 04:24:51 | 000,397,824 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll -- (W3SVC)
SRV - [2010.11.21 04:24:51 | 000,061,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll -- (AppHostSvc)
SRV - [2010.11.03 11:42:32 | 000,909,440 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe -- (asHmComSvc)
SRV - [2010.10.28 04:40:12 | 000,917,120 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe -- (asComSvc)
SRV - [2010.10.21 10:52:26 | 000,586,880 | R--- | M] () [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2010.09.13 17:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 09:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.02.03 17:02:17 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2013.01.28 23:35:27 | 000,448,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvstusb.sys -- (NvStUSB)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.11 17:59:48 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.12.11 17:59:48 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.09.24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.09.20 14:24:02 | 000,180,544 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0CD0.sys -- (SaiK0CD0)
DRV:64bit: - [2012.09.20 14:24:02 | 000,047,168 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiU0CD0.sys -- (SaiU0CD0)
DRV:64bit: - [2012.08.10 03:01:00 | 000,056,336 | ---- | M] (Corel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2012.06.28 09:51:36 | 000,139,592 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksfridge.sys -- (aksfridge)
DRV:64bit: - [2012.06.26 09:38:52 | 000,052,200 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus)
DRV:64bit: - [2012.06.26 09:38:52 | 000,024,680 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini)
DRV:64bit: - [2012.06.21 15:04:52 | 000,549,704 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SRS_AE_amd64.sys -- (SRS_AE_Service)
DRV:64bit: - [2012.05.11 08:30:08 | 000,025,920 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Said505F.sys -- (Said505F)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.30 15:26:40 | 001,825,024 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ksaud.sys -- (ksaud)
DRV:64bit: - [2011.11.22 15:14:54 | 000,078,208 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\aksdf.sys -- (aksdf)
DRV:64bit: - [2011.09.28 16:31:30 | 000,321,536 | ---- | M] (SafeNet Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\hardlock.sys -- (hardlock)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 06:59:16 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                          ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 22:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.04.28 00:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.28 00:57:14 | 000,036,936 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmHidLo.sys -- (WmHidLo)
DRV:64bit: - [2010.04.28 00:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 22:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 22:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.04.08 13:28:46 | 000,068,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.03.18 15:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008.08.14 05:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\skfiltv.sys -- (skfiltv)
DRV:64bit: - [2008.02.18 15:20:10 | 000,129,024 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiK0728.sys -- (SaiK0728)
DRV:64bit: - [2006.12.05 11:34:26 | 000,572,416 | ---- | M] (PixArt Imaging Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PFC027.SYS -- (PAC207)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=88e8aa57000000000000f46d048f9707
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 A7 76 E5 65 8C CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.delta-search.com/?q={searchTerms}&affID=119816&babsrc=SP_ss&mntrId=88e8aa57000000000000f46d048f9707
IE - HKCU\..\SearchScopes\{C690FD1D-65C2-4d1d-B8AF-C4B9B2D74158}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{C7E39EC9-FC14-4ac7-8044-665C521F2037}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q="
FF - prefs.js..network.proxy.type: 0
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:12:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 04:12:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.09.06 20:47:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\Extensions
[2013.02.03 19:31:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\Firefox\Profiles\txqdldyy.default\extensions
[2013.02.01 13:19:10 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\firefox\profiles\txqdldyy.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.03 17:02:49 | 000,001,294 | ---- | M] () -- C:\Users\Pedro Paret\AppData\Roaming\mozilla\firefox\profiles\txqdldyy.default\searchplugins\delta.xml
[2013.01.19 04:12:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 04:12:08 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.03 17:02:44 | 000,006,484 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.10.0\bh\delta.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll (Delta-search.com)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Creative SB Monitoring Utility] C:\Windows\SysNative\SBAVMon.dll (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\SmartTechnology\Software\ProfilerU.exe (Saitek)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\SmartTechnology\Software\SaiMfd.exe (Saitek)
O4:64bit: - HKLM..\Run: [SaiVolume] C:\Programme\Saitek\CyborgKeyboard\SaiVolume.exe (Saitek)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Sound Blaster Recon3D Control Panel] C:\Program Files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [DAEMON Tools Lite] Z:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [SaitekInstall] C:\Windows\temp\MadCatz\Range_MMO7_SD7_64_Drivers\00000000\setup.exe (Saitek)
O4 - HKCU..\Run: [Steam] Z:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\EXPERTool\TBPanel.exe (Gainward Co. Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab (Creative Software AutoUpdate 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6C2D29F9-F846-4C3A-8A14-0DBBDBF6D3C0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.01.19 09:47:05 | 000,008,192 | ---- | M] (Microsoft) - E:\AutoOff.exe -- [ NTFS ]
O32 - AutoRun File - [2012.01.19 09:47:05 | 000,000,076 | ---- | M] () - E:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2011.05.24 20:53:43 | 000,000,083 | R--- | M] () - F:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\{2ba0024a-0f98-11e2-a92f-f46d048f9707}\Shell - "" = AutoRun
O33 - MountPoints2\{2ba0024a-0f98-11e2-a92f-f46d048f9707}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{a0106c1c-f856-11e1-9181-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{a0106c1c-f856-11e1-9181-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Bin\assetup.exe
O33 - MountPoints2\{df60158d-6e05-11e2-a5aa-f46d048f9707}\Shell - "" = AutoRun
O33 - MountPoints2\{df60158d-6e05-11e2-a5aa-f46d048f9707}\Shell\AutoRun\command - "" = F:\setup.exe -- [2011.05.29 01:09:08 | 001,747,624 | R--- | M] (Zocky                                                      )
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6A763A7A-07B7-38E5-C03E-DE213C93B06C} - .NET Framework
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {B2E92A92-2B48-9BE2-E110-798F421AAD33} - Offline Browsing Pack
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Browser Infrastructure Helper - hkey= - key= - C:\Users\Pedro Paret\AppData\Local\Smartbar\Application\SnapDo.exe (Smartbar)
MsConfig:64bit - StartUpReg: DAEMON Tools Lite - hkey= - key= - Z:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
MsConfig:64bit - StartUpReg: LogMeIn Hamachi Ui - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: WinampAgent - hkey= - key= - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
MsConfig:64bit - State: "services" - Reg Error: Key error.
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 20:45:35 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Pedro Paret\Desktop\OTL.exe
[2013.02.03 17:02:52 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Delta
[2013.02.03 17:02:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Delta
[2013.02.03 17:02:41 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Babylon
[2013.02.03 17:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.02.03 17:02:17 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.02.02 11:46:46 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.02 11:46:37 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.02 11:46:37 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.02 11:46:37 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.02.02 11:46:37 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.02 11:46:37 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.02 11:46:37 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.02 11:46:37 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.02.02 11:46:37 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.02.02 11:46:37 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.02.02 11:46:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.02.02 11:46:36 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.02.02 11:46:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.02.02 11:46:36 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.02.02 11:46:36 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.02 11:46:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.02 11:46:36 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.02 11:46:36 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.02 11:46:36 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.02.02 11:46:36 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.02.02 11:46:36 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.02 11:46:36 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.02 11:46:36 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.02.02 11:46:35 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.02.02 11:46:35 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.02 11:46:35 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.02.02 11:46:35 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.02.02 11:46:35 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.02.02 11:46:35 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.02 11:46:34 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.02 11:46:34 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.02.02 11:46:34 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.02.02 11:46:34 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.02.02 11:46:34 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.02.02 11:46:34 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.02.02 11:46:34 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.02.02 11:46:34 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.02.02 11:46:34 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.02.02 11:46:34 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.02.02 11:46:34 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.02.02 11:46:34 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.02.02 11:46:34 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.02.02 11:46:34 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.02.02 11:46:34 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.02.02 11:46:34 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.02.02 11:30:15 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\SCE
[2013.02.01 22:32:24 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\PokerStars.NET
[2013.02.01 22:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PokerStars.NET
[2013.01.29 19:59:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Crysis 3 MP Open Beta
[2013.01.25 13:09:18 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\NVIDIA
[2013.01.24 17:12:52 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\Creative
[2013.01.23 17:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
[2013.01.23 17:18:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
[2013.01.23 17:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2013.01.23 17:18:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Synchronization Services
[2013.01.23 17:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework
[2013.01.23 17:18:03 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft SQL Server Compact Edition
[2013.01.23 17:15:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.23 17:15:22 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Analysis Services
[2013.01.23 17:15:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services
[2013.01.23 17:15:18 | 000,000,000 | ---D | C] -- C:\Windows\SHELLNEW
[2013.01.23 17:15:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office
[2013.01.23 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Local\Microsoft Help
[2013.01.23 17:15:08 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2013.01.23 17:15:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.01.19 04:12:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.17 21:27:50 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\EXPERTool
[2013.01.17 21:21:11 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.13 11:21:39 | 000,000,000 | ---D | C] -- C:\Windows\PixArt
[2013.01.11 15:36:12 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.01.07 22:57:37 | 000,000,000 | ---D | C] -- C:\Users\Pedro Paret\AppData\Roaming\Audacity
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.05 20:45:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Pedro Paret\Desktop\OTL.exe
[2013.02.05 20:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.05 18:55:00 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.05 18:55:00 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.05 18:53:30 | 001,724,616 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.05 18:53:30 | 000,742,478 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.05 18:53:30 | 000,689,574 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.05 18:53:30 | 000,162,422 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.05 18:53:30 | 000,132,964 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.05 18:47:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.05 18:47:27 | 2110,672,894 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.05 00:21:54 | 000,007,600 | ---- | M] () -- C:\Users\Pedro Paret\AppData\Local\Resmon.ResmonCfg
[2013.02.04 21:36:51 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.04 21:36:51 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.04 21:36:45 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.02.03 17:03:40 | 000,408,145 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\AnalysisLog.sr0
[2013.02.03 17:02:17 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2013.02.01 22:32:24 | 000,000,776 | ---- | M] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2013.01.29 19:59:19 | 000,001,428 | ---- | M] () -- C:\Users\Public\Desktop\Crysis 3 MP Open Beta.lnk
[2013.01.29 17:41:57 | 000,089,390 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Rechnung.PDF
[2013.01.28 23:35:21 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.01.25 13:07:29 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.01.24 23:58:30 | 011,895,987 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed_Molotov__Wonderful_Life_official_Video_mp3ify-dot-com.mp3
[2013.01.24 23:32:23 | 032,058,088 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_.wav
[2013.01.24 23:31:04 | 032,068,532 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh.wav
[2013.01.24 23:26:03 | 032,081,436 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.wav
[2013.01.24 23:18:15 | 005,822,204 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.mp3
[2013.01.24 17:08:19 | 002,052,088 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.23 21:07:02 | 002,977,906 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.01.23 18:21:03 | 000,714,244 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\CreativSoundblaster 3D OMega.jpg
[2013.01.23 18:15:30 | 000,873,342 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Creativ Soundblaster 3D Omega.JPG
[2013.01.22 18:46:32 | 000,118,145 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\ruecksende_Formular_MIX.pdf
[2013.01.18 21:32:30 | 000,000,222 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\The War Z.url
[2013.01.17 21:21:03 | 531,519,309 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.13 11:29:15 | 000,304,160 | ---- | M] () -- C:\PA207.DAT
[2013.01.09 17:53:09 | 001,701,574 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.07 22:57:26 | 000,000,718 | ---- | M] () -- C:\Users\Pedro Paret\Desktop\Audacity.lnk
[8 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.03 17:03:37 | 000,408,145 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\AnalysisLog.sr0
[2013.02.02 11:46:36 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.02.01 22:32:24 | 000,000,776 | ---- | C] () -- C:\Users\Public\Desktop\PokerStars.net.lnk
[2013.01.29 19:59:19 | 000,001,428 | ---- | C] () -- C:\Users\Public\Desktop\Crysis 3 MP Open Beta.lnk
[2013.01.29 17:42:11 | 000,089,390 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Rechnung.PDF
[2013.01.25 13:07:29 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.01.24 23:58:46 | 005,822,204 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.mp3
[2013.01.24 23:58:41 | 011,895,987 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed_Molotov__Wonderful_Life_official_Video_mp3ify-dot-com.mp3
[2013.01.24 23:32:22 | 032,058,088 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_.wav
[2013.01.24 23:31:03 | 032,068,532 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh.wav
[2013.01.24 23:26:02 | 032,081,436 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Seeed__Wonderful_Life_Aargh_Video_mp3ify-dot-com.wav
[2013.01.23 18:20:58 | 000,714,244 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\CreativSoundblaster 3D OMega.jpg
[2013.01.23 18:16:57 | 000,873,342 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Creativ Soundblaster 3D Omega.JPG
[2013.01.22 18:46:32 | 000,118,145 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\ruecksende_Formular_MIX.pdf
[2013.01.18 21:32:30 | 000,000,222 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\The War Z.url
[2013.01.17 21:21:03 | 531,519,309 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.13 11:23:10 | 000,304,160 | ---- | C] () -- C:\PA207.DAT
[2013.01.07 22:57:26 | 000,000,718 | ---- | C] () -- C:\Users\Pedro Paret\Desktop\Audacity.lnk
[2013.01.07 22:57:26 | 000,000,718 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.01.06 13:26:58 | 000,000,099 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Local\fusioncache.dat
[2013.01.04 17:21:04 | 000,000,132 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Roaming\Adobe CS5-Voreinstellungen für BMP-Format
[2013.01.02 20:29:37 | 001,701,574 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.12.16 21:03:41 | 000,006,656 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.11.24 23:07:04 | 000,007,600 | ---- | C] () -- C:\Users\Pedro Paret\AppData\Local\Resmon.ResmonCfg
[2012.11.04 19:06:54 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.10.20 09:30:38 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.10.20 09:30:38 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.10.18 12:33:10 | 000,038,520 | ---- | C] () -- C:\Windows\SysWow64\RGBAcodec.dll
[2012.09.23 11:16:40 | 000,000,144 | ---- | C] () -- C:\Windows\HotFixList.ini
[2012.09.17 18:18:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.09.16 18:54:17 | 002,601,752 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_moh.exe
[2012.09.11 20:55:09 | 000,003,077 | ---- | C] () -- C:\ProgramData\cfSB1290.ini
[2012.09.11 20:55:09 | 000,002,844 | ---- | C] () -- C:\ProgramData\cfSB1240.ini
[2012.09.11 20:55:09 | 000,001,772 | ---- | C] () -- C:\ProgramData\cfSB1095.ini
[2012.09.11 20:55:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB1090.ini
[2012.09.11 20:55:09 | 000,001,352 | ---- | C] () -- C:\ProgramData\cfSB0910.ini
[2012.09.11 20:55:09 | 000,001,346 | ---- | C] () -- C:\ProgramData\cfSB1100.ini
[2012.09.11 20:55:09 | 000,001,302 | ---- | C] () -- C:\ProgramData\cfSB0300.ini
[2012.09.11 20:55:09 | 000,001,282 | ---- | C] () -- C:\ProgramData\cfSB0471.ini
[2012.09.11 20:55:09 | 000,001,208 | ---- | C] () -- C:\ProgramData\cfSB0490.ini
[2012.09.11 20:55:09 | 000,001,027 | ---- | C] () -- C:\ProgramData\cfSB0560.ini
[2012.09.11 20:55:09 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0271.ini
[2012.09.11 20:55:09 | 000,001,026 | ---- | C] () -- C:\ProgramData\cfSB0270.ini
[2012.09.11 20:55:09 | 000,000,939 | ---- | C] () -- C:\ProgramData\CfSB1170.ini
[2012.09.11 20:55:09 | 000,000,590 | ---- | C] () -- C:\ProgramData\cfSB0950.ini
[2012.09.07 12:50:45 | 000,907,680 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.09.07 12:16:42 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2012.09.07 12:15:58 | 000,025,373 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.09.07 12:15:04 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.09.07 12:15:01 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.09.07 00:19:43 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.07 00:19:42 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.06 21:16:39 | 000,000,806 | ---- | C] () -- C:\ProgramData\CfSB1300.ini
[2012.09.06 20:23:56 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.09.06 20:23:53 | 000,021,565 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.03.30 05:09:46 | 000,007,764 | ---- | C] () -- C:\Windows\cadx2.ini
[2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.20 22:42:09 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\2K Sports
[2013.01.25 19:04:13 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Audacity
[2013.02.03 17:02:41 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Babylon
[2012.10.06 23:25:34 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\DAEMON Tools Lite
[2013.02.03 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Delta
[2012.09.09 16:37:10 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\DeviceVm
[2012.12.09 17:20:27 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Might & Magic Heroes VI
[2012.12.16 21:20:38 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\No Company Name
[2013.01.23 17:11:38 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Notepad++
[2012.10.06 23:24:09 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\OpenCandy
[2012.12.05 06:51:22 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Origin
[2012.12.09 14:32:05 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Rovio
[2013.02.05 19:02:17 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\TS3Client
[2012.11.08 00:48:38 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\ts3overlay
[2012.11.08 01:11:45 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\ts3overlay_hook_win64
[2012.11.25 01:32:06 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\TuneUp Software
[2012.11.08 11:59:11 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\Ubisoft
[2012.09.14 21:59:59 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\wargaming.net
[2012.11.08 20:07:18 | 000,000,000 | ---D | M] -- C:\Users\Pedro Paret\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.09.06 20:19:54 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2012.09.06 20:19:46 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.10.16 19:34:30 | 000,000,000 | ---D | M] -- C:\inetpub
[2013.01.11 15:36:12 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2013.01.23 17:18:12 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.02.03 17:02:49 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2013.02.03 17:02:41 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2012.09.06 20:19:46 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.09.06 20:19:48 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.02.05 20:51:31 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.10.15 23:53:52 | 000,000,000 | ---D | M] -- C:\temp
[2012.11.02 09:04:21 | 000,000,000 | R--D | M] -- C:\Users
[2013.02.02 11:46:29 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
[2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.09.06 20:30:04 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job
 
< MD5 for: AGP440.SYS  >
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys
[2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
[8 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ]
 
< %USERPROFILE%\*.* >
[2013.02.05 20:52:45 | 002,359,296 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat
[2013.02.05 20:52:45 | 000,262,144 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat.LOG1
[2012.09.06 20:19:52 | 000,000,000 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat.LOG2
[2012.09.06 20:20:24 | 000,065,536 | -HS- | M] () -- C:\Users\Pedro Paret\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf
[2012.09.06 20:20:24 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms
[2012.09.06 20:20:24 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms
[2012.10.20 09:22:08 | 000,065,536 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{b3543835-1a8d-11e2-860b-8ab89dcc7889}.TM.blf
[2012.10.20 09:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{b3543835-1a8d-11e2-860b-8ab89dcc7889}.TMContainer00000000000000000001.regtrans-ms
[2012.10.20 09:22:08 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{b3543835-1a8d-11e2-860b-8ab89dcc7889}.TMContainer00000000000000000002.regtrans-ms
[2012.09.09 22:29:48 | 000,065,536 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{df929704-fa93-11e1-9018-b4b2ce2b4e88}.TM.blf
[2012.09.09 22:29:48 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{df929704-fa93-11e1-9018-b4b2ce2b4e88}.TMContainer00000000000000000001.regtrans-ms
[2012.09.09 22:29:48 | 000,524,288 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.dat{df929704-fa93-11e1-9018-b4b2ce2b4e88}.TMContainer00000000000000000002.regtrans-ms
[2012.09.06 20:19:52 | 000,000,020 | -HS- | M] () -- C:\Users\Pedro Paret\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<          >

< End of report >

[GSB]Reaper 05.02.2013 21:14
Dann nochmal die Extra Log datei

Code:
OTL Extras logfile created on: 05.02.2013 20:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Pedro Paret\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
9,97 Gb Total Physical Memory | 8,26 Gb Available Physical Memory | 82,85% Memory free
19,93 Gb Paging File | 17,97 Gb Available in Paging File | 90,19% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 223,35 Gb Total Space | 101,21 Gb Free Space | 45,31% Space Free | Partition Type: NTFS
Drive E: | 1863,01 Gb Total Space | 496,32 Gb Free Space | 26,64% Space Free | Partition Type: NTFS
Drive F: | 4,15 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive Z: | 931,51 Gb Total Space | 269,75 Gb Free Space | 28,96% Space Free | Partition Type: NTFS
 
Computer Name: PEDROPARET-PC | User Name: Pedro Paret | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "Z:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01523DE9-AC50-47BD-A0DA-CF9BD28D6AE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1C54DCDF-951B-410A-8F68-9F34A6379A5A}" = rport=139 | protocol=6 | dir=out | app=system |
"{223111FF-8C88-4AE7-BB9F-F7AC4CEC6748}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{347328E2-7E9E-4FD8-83EF-DA928AF6138F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3EE77449-29A2-4B98-9AE3-C2F14F046269}" = rport=137 | protocol=17 | dir=out | app=system |
"{4BD61BC6-EB93-4FF0-A276-3AEA2FD2A774}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{4DDA17B6-66E6-4F8F-8149-4EF2EE335460}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{50E8F603-3B0A-43A0-BB3A-AB97DC192C09}" = lport=445 | protocol=6 | dir=in | app=system |
"{56E7B98E-DEE0-4414-8A82-59338445C5C4}" = lport=139 | protocol=6 | dir=in | app=system |
"{87150769-0D2D-45B0-918A-2AA5FC8017D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8BF6891D-38A0-4B25-8B6A-1C0026E02B87}" = lport=10243 | protocol=6 | dir=in | app=system |
"{926FFE68-18FE-442E-83F8-6473F885E2AE}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe |
"{961CF5F5-F02E-4CBD-A219-A8BCD8254861}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AC288B3A-A3E6-4F82-8B3F-F9ECAFCEF7AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACB7FA29-97F6-4EFA-8246-720824FD2238}" = rport=10243 | protocol=6 | dir=out | app=system |
"{BB522C8E-ED83-48A5-B17A-AF6F3E8CC223}" = lport=137 | protocol=17 | dir=in | app=system |
"{C6ED4945-8BFE-4C58-A368-17BBDB3C59C2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C92A6FCD-8C06-43CA-BCD5-1C283E71D80E}" = rport=445 | protocol=6 | dir=out | app=system |
"{C9CD8757-F6BB-410C-AE73-FA5E26B59FBB}" = rport=138 | protocol=17 | dir=out | app=system |
"{CAC6D5BD-0359-43B3-9B9C-B4FA475D2381}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D820F0FE-3C3F-45DF-90C0-72C603C886D8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{DB959E21-3607-4476-BF96-059315369A25}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E50A9A29-E937-43EA-9EA2-AD50289F4FFB}" = lport=138 | protocol=17 | dir=in | app=system |
"{F9A93E84-9D42-47E0-9286-2A5E4E43DFA7}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{003FFF2A-ED9D-4046-8408-13FDA263A003}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\support\ea help\electronic_arts_technical_support.htm |
"{04379F2F-B6D3-41BD-B9ED-33207DC1C1F3}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{04A58CA3-F729-4987-9EA4-70375F5C18A4}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm |
"{04F00BF6-4364-4697-BE38-10A5C9B25012}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{0531F746-4FFD-461E-A854-4DCC7A3E0456}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{07407B40-8A68-477A-85A4-A091B2F1B210}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{081BADC5-FCE7-4F7D-AA42-E939AF0F1D30}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{082A519E-323A-4D95-8FA8-436C1C07D91F}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{0AF4C85F-833A-4B0D-B659-C49A3751FE91}" = protocol=6 | dir=out | app=system |
"{0DA6F8C1-5B80-4612-82C4-7597E09861E0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\support\ea help\electronic_arts_technical_support.htm |
"{0F7B891A-B7CE-4DC1-B76E-121F25AAC12D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{0FB2EBB8-B77A-4C7D-ADDD-9627D4B6AFCF}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\bin32\crysis2.exe |
"{10B3324A-E425-4ABA-AA28-947C8999C8AF}" = protocol=17 | dir=in | app=z:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{113F4F16-D7AF-44F4-8596-82AA887322E0}" = protocol=6 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{11B69FE1-4C3A-4456-B506-E736AC768D73}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{1241407D-27D2-49B8-B465-51A0B873DCC9}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{154F232E-6D55-4AC9-9AF9-D71106E6E2A3}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{159A9A6F-49D2-40CF-A3F0-F13D1F2E5493}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{168EF0F5-09EC-43DB-8BBE-CD5DEA951124}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{175464B0-D59D-4B15-B8B2-9C40163CB8D0}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{17798724-F39F-42D5-B721-1E3B372CADD9}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warzlauncher.exe |
"{1816434C-8041-4326-8647-9C4F68D83539}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{1970DCE0-FDC0-42DC-A899-7D333B95540E}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steam.exe |
"{1AEE9DA6-2BB5-4205-95F2-E1A669359C47}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{1AF6AA9C-A305-4B99-B996-EA4209E8CA14}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1BCA7D4F-81A3-46B3-BC8C-D114449BD8AC}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{1D484FA5-B3CB-4A41-839A-2AC6816B6A83}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{20608877-CD88-4FC9-B60B-833E6F821F44}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2315EBFE-561A-46EF-AAE6-C0EAAD67AA61}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steam.exe |
"{237B8ED9-37D0-4EE5-8143-ED8ED8DC3A72}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe |
"{28F49497-18F2-4D91-907C-FA6F62A34B34}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackopsmp.exe |
"{2A05C6D2-FCAE-4CE1-8AB7-18A786593CAB}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{2C0B2AF8-8959-43ED-8847-9B261A46E173}" = dir=in | app=c:\windows\system32\hasplms.exe |
"{2C365F07-7373-44D6-9E5D-0991F0A372C9}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{2D7B3747-8066-4213-AEB8-CC9B2E485340}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2F8FBFEB-FBBC-4B76-A419-495624B0F468}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{33200FCE-7454-4A05-8903-22CBB9E72535}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{3517BAB3-8D63-41B6-8223-B6EB298CD4E0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{366011F8-2734-423D-8AB3-B14C1562509E}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe |
"{3927D4A1-6680-4736-A8E2-03F2C552BCA2}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{3E7ED46D-1BB6-414C-9ED9-1E543EA4D16A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{441F9D3E-EAFA-461D-A40D-2BBAD661BFF3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{44D6FB8E-8DA3-40FB-9B23-0D1595E17FE4}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{45233C28-B057-4ABC-8333-634CE0AF284D}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsxhd\launcher.exe |
"{468B8660-4A3D-4F2D-B695-C9F8EA38A16B}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{474FC2D6-5FA9-4ED3-9650-4587710D356A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AE44843-95F9-4159-A45D-95093E72DB32}" = protocol=17 | dir=in | app=z:\program files (x86)\lightworks\ntcardvt.exe |
"{4B337E7F-8AD2-4EF0-AC69-7B85E3794EF0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe |
"{4BCB71B5-8FFD-4607-A33E-687791351249}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{4FE8CAAC-5504-4FB5-BBD4-23FA69EBCC21}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{52E377DF-A1BC-416C-AC34-4BEF4F6A6575}" = protocol=17 | dir=in | app=z:\program files (x86)\lightworks\lightworks.exe |
"{53BF4FF8-0010-4731-9F25-CA7A1578D719}" = protocol=6 | dir=in | app=z:\program files (x86)\lightworks\ntcardvt.exe |
"{53D40327-FEDE-4AA1-A605-13AD34EB1DAB}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\besetup\setup_battleyearma2oa.exe |
"{58C272D6-A36E-4D63-BBF3-07775A9A09EA}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe |
"{5AAE3E4B-27BF-44D4-AA80-A74C217886FF}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
"{622ED36D-6FA3-467C-AF6E-CD2C10BD826C}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\_runa2co.cmd |
"{62F44B02-FE3B-4E59-AD9E-8A72161340AF}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{64C9BB5E-B929-409B-B062-B78F7E24B2B5}" = protocol=6 | dir=in | app=z:\program files (x86)\ubisoft\might & magic heroes vi\might & magic heroes vi.exe |
"{66A10EB0-786C-49BF-B5F9-CE94F6F351FF}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe |
"{66F1B200-8290-41C8-B374-5F4231F4840F}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{67D5E438-543A-4091-80C6-64FCBB1FB6F6}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{692389B3-B530-41F5-9954-B7E0A3436442}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\shift2u.exe |
"{69CE63B7-E2DD-4987-9730-BF5CA855C67D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{6A7BD28D-48F0-4B1D-B9BD-34145A5ADDD9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6DBD28EF-E1B6-46CE-A64A-12EE8DF03382}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{739D1331-879A-43B2-BD71-C39AA861B877}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74742069-7325-4B88-BB06-6DA8C913C9B5}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis 2\bin32\crysis2.exe |
"{75B860CE-9B93-4793-A6B3-46EF5EA252D8}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{76EC05C9-FD14-461C-BF1D-0AA468E784DC}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{7B0F5621-5F98-4CEE-81C6-C10E657E6642}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{8286B1AB-4A4F-492D-9637-979C358D43C8}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrsp.exe |
"{82EADB55-D8FE-4D61-8346-5E3701898373}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\support\ea help\electronic_arts_technical_support.htm |
"{83CC3EA5-189C-4A59-812E-7B39A8CEB9F4}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{84A948E9-0B89-4BBB-8F80-EA3249C9499A}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{84FDBECE-AE54-44EC-AF3E-F442E10171AA}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{8623875C-5597-4C53-8134-6114074CF02B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{865D5F7D-7218-4692-9F0D-0581DF667A10}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{8B401138-3D4E-44C1-8C86-00411756B34C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8B9F0D44-F567-4FC3-B042-F377299FCA4E}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\chivalrymedievalwarfare\binaries\win32\udk.exe |
"{8EDE6E1A-3DD6-4D6F-9AF3-63963D96BCB3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8F3842C9-B541-4296-9FD1-E8202A20E5B0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders\darksiderspc.exe |
"{90916B68-45A6-494A-9C27-1ABB1E8091A2}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\arma2oa.exe |
"{917FEE92-D2F0-4AFB-8CC0-AD90C4D6F0AB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{9355BE41-878D-4E22-960A-2C636A780B80}" = dir=in | app=c:\users\pedro paret\documents\the war z\warz.exe |
"{9406F58E-B367-445F-BE87-BB0A7187364D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{94512354-4717-412A-8D25-86872A7B3BF8}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{95700C9D-1EBE-4034-8937-C4B5ED9E7421}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{95B95EDC-B871-4C4C-946E-A28CF84CD2E2}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsrevolution\wormsrevolution.exe |
"{978208F2-3770-4B6E-80AA-2DBC5771E4C7}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{9807AED9-2170-46F1-9A2A-8B179C9F24ED}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{98E1A876-7D35-42CE-B206-984D4481BCB9}" = protocol=6 | dir=in | app=z:\program files (x86)\lightworks\lightworks.exe |
"{997D0B47-06F1-4D81-8FD1-9E487E39128D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe |
"{9A878D1C-4F8B-41FD-A8DC-EB4FAE1EB03C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9BB450D0-30E7-4FEE-AB4F-E88DA8CED8F4}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe |
"{A03AAEC4-91DD-42CA-B1EF-B63EDA0E25E4}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{A09D8499-2441-4B78-A413-4FBE40E3A86D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe |
"{A0B83B87-C34E-4E4C-AD95-486C38524965}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{A2265EA2-7B5C-4FE0-8AED-4EBBD7641FFD}" = protocol=17 | dir=in | app=z:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{A2A6046D-D288-4DE0-950B-E1DEC490510B}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\specops_theline\binaries\win32\specopstheline.exe |
"{A3DBD6DB-354E-4470-AD95-198A594D0625}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{A4931974-AC08-4F8E-ACC2-6FB690BA9796}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AB3E67E1-C397-4A1C-B327-EC057008A083}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman absolution\hma.exe |
"{AC4ED422-09EF-4EA6-88F1-05FF4C1E6E1F}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\fc3updatersteam.exe |
"{AEE4F683-3FD7-40E7-B01A-88673BCAB128}" = protocol=6 | dir=in | app=z:\program files (x86)\codemasters\of dragon rising\ofdr.exe |
"{AF859420-85FD-46FB-ACB1-86DE1C5804BC}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\need for speed shift 2\shift2u.exe |
"{B1974456-683F-43D7-ADBE-6435AA2170A0}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\raceroom racing experience\rrrelauncher.exe |
"{B306D154-9074-4799-9028-F251F2B21DF8}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\crysis 3 mp open beta\bin32\crysis 3 mp open beta.exe |
"{B452CFB2-60A4-4A11-873C-7E217915DCAC}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\counter-strike global offensive\csgo.exe |
"{B4F9F8F2-6A5B-4468-9268-43D473CFE550}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{B62FEF40-683C-497D-BCF9-734BDC2E1232}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\f1 2012\f1_2012.exe |
"{BEEE032E-FEAD-4CFA-860B-6689D8A79646}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\just cause 2\justcause2.exe |
"{C30A100B-E870-4030-9C1F-BDE887E2D9EE}" = protocol=17 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2updater.exe |
"{C3C861F2-44F4-4713-85DE-95115CE344E1}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{C4FA0B3F-3806-4A97-BDFA-41F39423DE2F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{C55B9056-47E2-450F-8AB3-B4C2545B1820}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\launcher.exe |
"{C6BB079F-13FB-4EF2-8889-28D46425B33F}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3_d3d11.exe |
"{C98D7525-4BA4-4D24-B959-76449343C16B}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\far cry 3\bin\farcry3.exe |
"{CBB3FE34-525D-472B-8933-30C1889F179B}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{CE7F43B6-5B71-46C4-BD4F-862D144670FE}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\sine mora\sinemora.exe |
"{CF124DC8-FC6D-4F6B-A562-B3E24A0F4287}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wormsxhd\launcher.exe |
"{D08D9392-94BA-45F8-84AD-8AB471D3DF7A}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warzlauncher.exe |
"{D22C79C6-D085-4E22-91AA-B5DBA87A3FC4}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{D6B4E24A-2166-499A-93A8-293C4BFCCF54}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty black ops\blackops.exe |
"{D75EC7EC-0081-4EEF-B3AC-E30B5097D760}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wizardry online\launchpad.exe |
"{D77ECD86-202D-4F56-A818-F233107E76B5}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2\arma2.exe |
"{D87AA7D3-EB7A-439A-BBDE-F8011D193AD8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DBB823A2-91CC-467C-BF18-4998C28AC37B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E0910B4B-F413-4528-ACDF-F450E7D8DA5A}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E81B8256-4C5D-4980-AC5B-C8C6DAA477D2}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis wars\bin32\crysis.exe |
"{E924FEAC-F3F9-4EF0-BCEA-578352EF18D4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{E9D32C4A-C77E-4805-9E31-A4AEE215F695}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\wizardry online\launchpad.exe |
"{EC677EB5-4A25-45E6-B5CA-5926E889F7F2}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{F04FC6DC-6EFF-437D-A85C-82093F8D8F35}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{F3DE2B66-0FAD-4452-B7E1-749FF58268B6}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{F5F1F2F9-7F27-4F8C-ADF4-A24D25A134BD}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\hitman sniper challenge\hmsc.exe |
"{F6D3A72A-AFC5-485C-88B2-A1ED6F1A7C4C}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\r.u.s.e\ruse.exe |
"{FB2B97ED-D9DE-48A2-AC0A-B933B0AB2310}" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{FB35A4F5-EF3B-4846-B51D-4AABE6E54E7D}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe |
"{FB473875-7B28-4AB6-B43D-8EAAD565D919}" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\crysis warhead\bin32\crysis.exe |
"{FE76B456-EACA-4967-9234-A9FE56543E08}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"TCP Query User{0DF3D830-2041-485C-BAEB-E11912DF67DB}Z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=6 | dir=in | app=z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"TCP Query User{1C526450-6E85-40C2-9571-6583E40E2DEB}Z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe |
"TCP Query User{26B0755C-53C6-48C4-8D0F-3E6F2CBE47E6}Z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=6 | dir=in | app=z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe |
"TCP Query User{2A32E7F4-1EA9-4129-BA11-55A5407E3F4D}Z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=6 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"TCP Query User{2BA09F41-12BC-4F19-AC45-CDEFFB50C5D9}Z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"TCP Query User{2BBD881B-6B25-4756-B45C-5D53958FBCBF}Z:\program files (x86)\steam\steamapps\common\the war z\warz.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warz.exe |
"TCP Query User{6AE8CF46-5DD3-4B8B-94BE-2BB411867E4A}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"TCP Query User{B31E83A6-DCD1-443D-8CB2-CD51F30BAC75}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"TCP Query User{D2B76F02-2931-4E2B-BEE7-2CC74F873006}Z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"TCP Query User{DF2021FD-A26A-4441-9946-8AD1B1E16F9F}Z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=6 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe |
"TCP Query User{F53C49CC-FF50-4C74-B391-E2778D751885}Z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=6 | dir=in | app=z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{0E9A3220-964C-486F-B72A-2EE46137034A}C:\program files (x86)\asus\ai suite ii\ai suite ii.exe" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"UDP Query User{29C74113-E458-447A-8CB8-94910E8AA9AA}Z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the witcher 2\bin\witcher2.exe |
"UDP Query User{45B623CD-A734-4964-B0B6-B01E77C9E404}Z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe" = protocol=17 | dir=in | app=z:\program files (x86)\bethesda softworks\dishonored\binaries\win32\dishonored.exe |
"UDP Query User{4782E75E-0083-4FF8-AA6A-7CBE9297B273}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe |
"UDP Query User{6BC468C1-A77D-4B90-826D-ABC6936BAF4F}Z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe" = protocol=17 | dir=in | app=z:\program files (x86)\bethesda softworks\doom 3 bfg edition\doom3bfg.exe |
"UDP Query User{B8D8D07E-983B-41D2-A59A-4CD3A4C4F424}Z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe" = protocol=17 | dir=in | app=z:\program files (x86)\konami\pro evolution soccer 2013\pes2013.exe |
"UDP Query User{BC472146-7BCD-4935-980E-E3EF2044179D}Z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\arma 2 operation arrowhead\expansion\beta\arma2oa.exe |
"UDP Query User{BC92306A-E5CF-48FF-BCB7-AD54049DDB46}Z:\program files (x86)\steam\steamapps\common\the war z\warz.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\the war z\warz.exe |
"UDP Query User{BD540DA7-5556-4A9A-80BA-4FF01A1C3ADB}Z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe" = protocol=17 | dir=in | app=z:\program files (x86)\steam\steamapps\common\assassin's creed revelations\acrmp.exe |
"UDP Query User{F2C8E215-6FCD-445B-B528-6D2CA75AC949}Z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe" = protocol=17 | dir=in | app=z:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe |
"UDP Query User{F55159F1-9F91-469B-8CB6-2CD5F3982AB2}Z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=z:\program files (x86)\electronic arts\medal of honor\mp\mohmpgame.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1444D2EE-C7AD-44A8-844F-2634B49353D1}" = Logitech Gaming Software 5.10
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{34280DB1-8558-4709-AB7E-62A572C03355}" = Saitek Cyborg Keyboard Volume 6.2.1.3
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8E363055-15E5-4D8A-9C69-A0A9DE9A3337}" = UxStyle Core Beta
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUS_{89D54E55-1750-4D92-B6A2-9A502DA6EACC}" =
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.0.1 (BETA)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 313.96
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.47.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{EF483420-4184-4E11-A8BE-B6921549BE58}" = Smart Technology Programming Software 7.0.17.2
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.1.0-git-20120328-0404
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02454664-23E6-46B3-9CB3-30870AE3645E}" = Crysis®3 MP Open Beta
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{177586E7-E42E-4F38-83D1-D15B4AF5B714}" = Delta Chrome Toolbar
"{1A4052AB-BA77-44F7-8EE7-9F9131BFD7A6}" = OF Dragon Rising
"{1D181764-DCD0-41B8-AA7B-0A599F027A72}" = Adobe Photoshop Elements 11
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{24521E5B-24F2-4E84-AA44-8D1BB13140E2}" = M.M.O.7 Update Tool
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{42C336AF-2C66-4591-BC6D-F67F2C424E6F}" = Adobe Flash Player 11 Plugin
"{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{551D9481-9487-4D0C-9A1D-6BC3E7B6D991}_is1" = EXPERTool v8.0
"{5F4C776F-8CBD-4C4F-892F-B568ABDD70C8}" = GameSpy Comrade
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F1349A-4F67-4DC4-9F09-F4C46323632A}" = Snap.Do
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{98CE8819-87AA-4814-8167-ADDDD513485F}" = PSE11 STI Installer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{B158F76F-76AB-4115-A4F0-4C6EF6956093}_is1" = VirtualDubMOD 1.5.10.3 US
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B93EEE50-9C8F-45DF-95E4-3D85A6E242F3}" = DarksidersInstaller
"{BA88EE67-8974-459D-A1DB-C8281D9AC6F6}" = Browser Configuration Utility
"{BB924174-FB22-41AD-B627-D609F86C18E0}" = Sound Blaster Recon3D Extras
"{BC3051A7-1021-4B57-A3DA-AAC24566FAE7}_is1" = The War Z version alpha
"{BEDA6B54-63ED-4F53-A650-95C32239EA70}" = Sound Blaster Recon3D
"{C2523AE6-F335-4D0B-BC15-1C07E4ACE629}" = Pro Evolution Soccer 2013
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D4D065E1-3ABF-41D0-B385-FC6F027F4D00}" = Elements 11 Organizer
"{D96B6543-A0C0-4351-AF96-73DEF1DD6820}" = NBA 2K13
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.3.0
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E94DD4E4-7746-472c-AA7B-1242FED0CFC8}" = Lightworks
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EF911808-37EB-467D-BEDC-577E5CF4C188}_is1" = Dishonored
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FB477816-E6FD-4F89-88D7-01B9CFE7D047}" = DayZ Commander
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FEDA2086-2774-42A0-BC0A-9694CF85E75E}_is1" = DiRT 3 Version 1.0
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Photoshop Elements 11" = Adobe Photoshop Elements 11
"Audacity_is1" = Audacity 2.0.2
"Avira AntiVir Desktop" = Avira Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BattlEye for OA" = BattlEye for OA Uninstall
"DAEMON Tools Lite" = DAEMON Tools Lite
"delta" = Delta toolbar 
"Doom 3 BFG Edition_is1" = Doom 3 BFG Edition
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"GFWL_{45410935-3E72-472B-8C35-AB1000008200}" = Bulletstorm
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Notepad++" = Notepad++
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"PokerStars.net" = PokerStars.net
"PunkBusterSvc" = PunkBuster Services
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 200170" = Worms Revolution
"Steam App 201870" = Assassin's Creed Revelations
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 205930" = Hitman: Sniper Challenge
"Steam App 207040" = Sine Mora
"Steam App 207059" = Sine Mora Pre-Purchase
"Steam App 208500" = F1 2012
"Steam App 20920" = The Witcher 2: Assassins of Kings Enhanced Edition
"Steam App 211400" = Deadlight
"Steam App 211500" = RaceRoom Racing Experience
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 219640" = Chivalry: Medieval Warfare
"Steam App 21970" = R.U.S.E
"Steam App 220240" = Far Cry® 3
"Steam App 221360" = Wizardry Online
"Steam App 226700" = The War Z
"Steam App 33910" = ARMA 2
"Steam App 33930" = ARMA 2: Operation Arrowhead
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 47920" = Shift 2 Unleashed
"Steam App 49520" = Borderlands 2
"Steam App 50300" = Spec Ops: The Line
"Steam App 50620" = Darksiders
"Steam App 50650" = Darksiders II
"Steam App 570" = Dota 2
"Steam App 70600" = Worms Ultimate Mayhem
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 730" = Counter-Strike: Global Offensive
"Steam App 8190" = Just Cause 2
"Steam App 99830" = Crysis 2
"SysInfo" = Creative Systeminformationen
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 01.02.2013 18:25:30 | Computer Name = PedroParet-PC | Source = MsiInstaller | ID = 11706
Description =
 
Error - 02.02.2013 06:21:22 | Computer Name = PedroParet-PC | Source = Application Error | ID = 1000
Error - 02.02.2013 06:46:06 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 02.02.2013 06:47:43 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 03.02.2013 00:34:45 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 03.02.2013 09:30:36 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 03.02.2013 16:23:10 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 04.02.2013 14:43:08 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 05.02.2013 02:29:30 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 05.02.2013 10:53:21 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
Error - 05.02.2013 13:47:38 | Computer Name = PedroParet-PC | Source = WinMgmt |
 ID = 10
 
Description =
 
Error encountered while reading event logs.
 
< End of report >

markusg 05.02.2013 21:31
hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten

[GSB]Reaper 06.02.2013 17:20
So ich habs mal Scannen lassen!

Es waren zu viele schriftzeichen. Ich habs als Anhang beigefügt!

markusg 06.02.2013 19:26
hi
Combofix:
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

[GSB]Reaper 06.02.2013 20:48
Ich habs durchgeführt. Mein PC hab ich neugestartet.
Bei firefox öffnet sich dennoch beim öffnen eines neuen tabs die Delta Search-Seite.

Code:
ComboFix 13-02-06.01 - Pedro Paret 06.02.2013  20:37:07.1.4 - x64
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.49.1031.18.10205.8281 [GMT 1:00]
ausgeführt von:: z:\users\Pedro Paret\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\users\Pedro Paret\AppData\Roaming\Microsoft\Windows\Recent\desktop_29634334.ico
c:\windows\SysWow64\APOMngr.DLL.tmp
c:\windows\SysWow64\CmdRtr.DLL.tmp
c:\windows\SysWow64\tmp1998.tmp
c:\windows\SysWow64\tmp1A73.tmp
c:\windows\SysWow64\tmpF112.tmp
c:\windows\SysWow64\tmpF27A.tmp
c:\windows\SysWow64\tmpF362.tmp
c:\windows\SysWow64\tmpF43E.tmp
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-01-06 bis 2013-02-06  ))))))))))))))))))))))))))))))
.
.
2013-02-06 19:39 . 2013-02-06 19:39        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp
2013-02-06 19:39 . 2013-02-06 19:39        --------        d-----w-        c:\users\DefaultAppPool\AppData\Local\temp
2013-02-06 19:39 . 2013-02-06 19:39        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-02-03 16:02 . 2013-02-03 16:02        --------        d-----w-        c:\users\Pedro Paret\AppData\Roaming\Delta
2013-02-03 16:02 . 2013-02-03 16:02        --------        d-----w-        c:\program files (x86)\Delta
2013-02-03 16:02 . 2013-02-03 16:02        --------        d-----w-        c:\users\Pedro Paret\AppData\Roaming\Babylon
2013-02-03 16:02 . 2013-02-03 16:02        --------        d-----w-        c:\programdata\Babylon
2013-02-03 16:02 . 2013-02-03 16:02        283200        ----a-w-        c:\windows\system32\drivers\dtsoftbus01.sys
2013-02-02 10:30 . 2013-02-02 10:30        --------        d-----w-        c:\users\Pedro Paret\AppData\Local\SCE
2013-02-01 21:32 . 2013-02-05 20:17        --------        d-----w-        c:\users\Pedro Paret\AppData\Local\PokerStars.NET
2013-01-28 22:26 . 2013-01-28 22:35        1510176        ----a-w-        c:\windows\system32\nvir3dgenco6420162.dll
2013-01-28 22:26 . 2012-12-19 05:42        31672        ----a-w-        c:\windows\system32\nvhdap64.dll
2013-01-28 22:26 . 2012-12-19 05:41        194488        ----a-w-        c:\windows\system32\drivers\nvhda64v.sys
2013-01-25 12:09 . 2013-01-25 12:09        --------        d-----w-        c:\users\Pedro Paret\AppData\Local\NVIDIA
2013-01-25 03:36 . 2013-01-25 03:36        555808        ----a-w-        c:\windows\SysWow64\nvStreaming.exe
2013-01-24 19:31 . 2013-01-24 19:31        --------        d-----w-        c:\users\Default\AppData\Local\Microsoft Help
2013-01-24 16:12 . 2013-01-25 17:57        --------        d-----w-        c:\users\Pedro Paret\AppData\Local\Creative
2013-01-23 16:18 . 2013-01-23 16:18        --------        d-----w-        c:\program files\Common Files\DESIGNER
2013-01-23 16:18 . 2013-01-23 16:18        --------        d-----w-        c:\program files\Microsoft Synchronization Services
2013-01-23 16:18 . 2013-01-23 16:18        --------        d-----w-        c:\program files\Microsoft Sync Framework
2013-01-23 16:18 . 2013-01-23 16:18        --------        d-----w-        c:\program files\Microsoft SQL Server Compact Edition
2013-01-23 16:15 . 2013-01-23 16:21        --------        d-----w-        c:\program files (x86)\Microsoft Visual Studio 8
2013-01-23 16:15 . 2013-01-23 16:15        --------        d-----w-        c:\program files\Microsoft Analysis Services
2013-01-23 16:15 . 2013-01-23 16:15        --------        d-----w-        c:\program files (x86)\Microsoft Analysis Services
2013-01-23 16:15 . 2013-01-23 16:21        --------        d-----w-        c:\windows\SHELLNEW
2013-01-23 16:15 . 2013-01-23 16:15        --------        d-----w-        c:\users\Pedro Paret\AppData\Local\Microsoft Help
2013-01-23 16:15 . 2013-02-01 22:25        --------        d-----w-        c:\programdata\Microsoft Help
2013-01-23 16:15 . 2013-01-23 16:21        --------        d-----w-        c:\program files\Microsoft Office
2013-01-13 10:21 . 2013-01-13 10:21        --------        d-----w-        c:\windows\PixArt
2013-01-11 14:36 . 2013-01-11 14:36        --------        d-----w-        C:\NVIDIA
2013-01-07 21:57 . 2013-01-25 18:04        --------        d-----w-        c:\users\Pedro Paret\AppData\Roaming\Audacity
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-06 18:20 . 2012-09-08 14:17        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.xtr
2013-02-06 18:20 . 2012-09-06 23:19        281688        ----a-w-        c:\windows\SysWow64\PnkBstrB.exe
2013-02-04 20:36 . 2012-09-06 23:19        281520        ----a-w-        c:\windows\SysWow64\PnkBstrB.ex0
2013-02-02 11:03 . 2012-09-06 19:30        74248        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-02 11:03 . 2012-09-06 19:30        697864        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-28 22:35 . 2012-11-20 16:19        12771784        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll
2013-01-28 22:35 . 2012-09-06 19:39        2855880        ----a-w-        c:\windows\system32\nvapi64.dll
2013-01-28 22:35 . 2012-09-06 19:39        1114144        ----a-w-        c:\windows\system32\nvumdshimx.dll
2013-01-28 22:35 . 2012-09-06 19:39        2530376        ----a-w-        c:\windows\SysWow64\nvapi.dll
2013-01-28 22:35 . 2012-09-14 20:11        15037248        ----a-w-        c:\windows\SysWow64\nvd3dum.dll
2013-01-25 11:27 . 2012-09-06 19:39        6392096        ----a-w-        c:\windows\system32\nvcpl.dll
2013-01-25 11:27 . 2012-09-06 19:39        3472160        ----a-w-        c:\windows\system32\nvsvc64.dll
2013-01-25 11:27 . 2012-09-06 19:39        877344        ----a-w-        c:\windows\system32\nvvsvc.exe
2013-01-25 11:27 . 2012-09-06 19:39        63776        ----a-w-        c:\windows\system32\nvshext.dll
2013-01-25 11:27 . 2012-09-06 19:39        2555680        ----a-w-        c:\windows\system32\nvsvcr.dll
2013-01-25 11:27 . 2012-09-06 19:39        237856        ----a-w-        c:\windows\system32\nvmctray.dll
2013-01-23 20:07 . 2012-09-06 19:39        2977906        ----a-w-        c:\windows\system32\nvcoproc.bin
2013-01-09 16:50 . 2012-09-09 09:41        67599240        ----a-w-        c:\windows\system32\MRT.exe
2013-01-06 13:10 . 2012-09-06 23:19        76888        ----a-w-        c:\windows\SysWow64\PnkBstrA.exe
2013-01-06 12:25 . 2012-11-04 18:06        669184        ----a-w-        c:\windows\SysWow64\pbsvc.exe
2012-12-29 10:34 . 2012-09-14 20:11        1510328        ----a-w-        c:\windows\system32\nvir3dgenco6420152.dll
2012-12-29 10:34 . 2012-09-08 22:43        1504696        ----a-w-        c:\windows\system32\nvdispgenco64.dll
2012-12-29 10:34 . 2012-09-06 19:39        1813432        ----a-w-        c:\windows\system32\nvdispco64.dll
2012-12-27 21:39 . 2012-09-07 11:50        907680        ----a-w-        c:\windows\PE_Rom.dll
2012-12-20 16:23 . 2012-12-20 16:23        19696        ----a-w-        c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-12-18 08:31 . 2012-09-06 19:39        1510328        ----a-w-        c:\windows\system32\nvhdagenco6420103.dll
2012-12-16 17:11 . 2012-12-21 13:30        46080        ----a-w-        c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 13:30        367616        ----a-w-        c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:30        295424        ----a-w-        c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 13:30        34304        ----a-w-        c:\windows\SysWow64\atmlib.dll
2012-12-11 16:59 . 2012-11-09 14:09        99912        ----a-w-        c:\windows\system32\drivers\avgntflt.sys
2012-12-11 16:59 . 2012-11-09 14:09        129216        ----a-w-        c:\windows\system32\drivers\avipbb.sys
2012-11-30 04:45 . 2013-01-09 15:44        44032        ----a-w-        c:\windows\apppatch\acwow64.dll
2012-11-25 00:20 . 2009-07-13 23:39        245760        ----a-w-        c:\windows\SysWow64\uxtheme.dll
2012-11-25 00:20 . 2010-11-21 03:24        2755072        ----a-w-        c:\windows\SysWow64\themeui.dll
2012-11-09 05:45 . 2012-12-12 15:48        2048        ----a-w-        c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 15:48        2048        ----a-w-        c:\windows\SysWow64\tzres.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{31ad400d-1b06-4e33-a59a-90c2c140cba0}]
2010-11-21 03:24        297808        ----a-w-        c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}]
2013-01-23 12:24        247704        ----a-w-        c:\program files (x86)\Delta\delta\1.8.10.0\bh\delta.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{82E1477C-B154-48D3-9891-33D83C26BCD3}"= "c:\program files (x86)\Delta\delta\1.8.10.0\deltaTlbr.dll" [2013-01-23 321944]
.
[HKEY_CLASSES_ROOT\clsid\{82e1477c-b154-48d3-9891-33d83c26bcd3}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}]
[HKEY_CLASSES_ROOT\delta.deltadskBnd]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="z:\program files (x86)\Steam\steam.exe" [2013-01-23 1597864]
"TBPanel"="c:\program files (x86)\EXPERTool\TBPanel.exe" [2012-03-30 2042184]
"DAEMON Tools Lite"="z:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2013-01-08 3674320]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-09-13 283160]
"BCU"="c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe" [2010-03-05 411864]
"Sound Blaster Recon3D Control Panel"="c:\program files (x86)\Creative\Sound Blaster Recon3D\Sound Blaster Recon3D Control Panel\SBRecon.exe" [2012-01-30 680960]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-11 384800]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"UpdReg"=c:\windows\UpdReg.EXE
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2012-10-20 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2012-10-20 79360]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 174440]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 572416]
R3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [2010-11-25 694888]
R3 Said505F;Said505F;c:\windows\system32\DRIVERS\Said505F.sys [2012-05-11 25920]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 SRS_AE_Service;SRS Audio;c:\windows\system32\drivers\SRS_AE_amd64.sys [2012-06-21 549704]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2012-08-10 56336]
S1 AsUpIO;AsUpIO;SysWow64\drivers\AsUpIO.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-02-03 283200]
S2 AdobeActiveFileMonitor11.0;Adobe Active File Monitor V11;z:\program files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [2012-09-17 171600]
S2 aksdf;aksdf;c:\windows\system32\drivers\aksdf.sys [2011-11-22 78208]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-11 85280]
S2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.12\atkexComSvc.exe [2010-10-28 917120]
S2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.09\aaHMSvc.exe [2010-11-03 909440]
S2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.10\AsSysCtrlService.exe [2010-10-21 586880]
S2 BCUService;Browser Configuration Utility Service;c:\program files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe [2010-03-05 235752]
S2 hasplms;Sentinel Local License Manager;c:\windows\system32\hasplms.exe  -run [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-09-13 13336]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-25 383264]
S3 ksaud;Creative USB Audio Driver;c:\windows\system32\drivers\ksaud.sys [2012-01-30 1825024]
S3 NvStUSB;NVIDIA Stereoscopic 3D USB driver;c:\windows\system32\DRIVERS\nvstusb.sys [2013-01-28 448288]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240]
S3 SaiK0728;SaiK0728;c:\windows\system32\DRIVERS\SaiK0728.sys [2008-02-18 129024]
S3 SaiK0CD0;SaiK0CD0;c:\windows\system32\DRIVERS\SaiK0CD0.sys [2012-09-20 180544]
S3 SaiU0CD0;SaiU0CD0;c:\windows\system32\DRIVERS\SaiU0CD0.sys [2012-09-20 47168]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 56784795
*Deregistered* - 56784795
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs        REG_MULTI_SZ          w3svc was
apphost        REG_MULTI_SZ          apphostsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-06 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-06 11:03]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Creative SB Monitoring Utility"="sbavmon.dll" [2011-08-01 115200]
"SaiVolume"="c:\program files\Saitek\CyborgKeyboard\SaiVolume.exe" [2008-01-18 186880]
"ProfilerU"="c:\program files\SmartTechnology\Software\ProfilerU.exe" [2012-06-25 455680]
"SaiMfd"="c:\program files\SmartTechnology\Software\SaiMfd.exe" [2012-06-25 158208]
"Start WingMan Profiler"="c:\program files\Logitech\Gaming Software\LWEMon.exe" [2010-06-14 190536]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2011-06-16 499608]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 112512]
"Nvtmru"="c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe" [2013-01-19 1129248]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=88e8aa57000000000000f46d048f9707
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q={searchTerms}
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.2.1
DPF: {E705A591-DA3C-4228-B0D5-A356DBA42FBF} - hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
FF - ProfilePath - c:\users\Pedro Paret\AppData\Roaming\Mozilla\Firefox\Profiles\txqdldyy.default\
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoOpenCandy&dpid=SnapdoOpenCandy&co=DE&userid=97eb05d3-c7dd-4a66-9114-f8e5940fca93&searchtype=ds&q=
FF - prefs.js: network.proxy.type - 0
FF - user.js: extensions.delta.tlbrSrchUrl -
FF - user.js: extensions.delta.id - 88e8aa57000000000000f46d048f9707
FF - user.js: extensions.delta.appId - {C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
FF - user.js: extensions.delta.instlDay - 15739
FF - user.js: extensions.delta.vrsn - 1.8.10.0
FF - user.js: extensions.delta.vrsni - 1.8.10.0
FF - user.js: extensions.delta.vrsnTs - 1.8.10.017:02
FF - user.js: extensions.delta.prtnrId - delta
FF - user.js: extensions.delta.prdct - delta
FF - user.js: extensions.delta.aflt - babsst
FF - user.js: extensions.delta.smplGrp - none
FF - user.js: extensions.delta.tlbrId - base
FF - user.js: extensions.delta.instlRef - sst
FF - user.js: extensions.delta.dfltLng - en
FF - user.js: extensions.delta.excTlbr - false
FF - user.js: extensions.delta.admin - false
FF - user.js: extensions.delta.autoRvrt - false
FF - user.js: extensions.delta.rvrt - false
FF - user.js: extensions.delta.newTab - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-1427876517-1304885268-791412254-1000\Software\SecuROM\License information*]
"datasecu"=hex:2c,e4,cf,a9,c9,31,54,bc,a5,21,66,6b,76,27,1a,6d,f8,c9,91,ae,23,
  4f,90,67,65,cb,ad,ef,45,8e,9c,74,85,09,ef,67,ae,6e,29,f3,b3,55,9b,e9,f3,30,\
"rkeysecu"=hex:d2,49,f3,f7,51,c4,d7,83,44,67,ba,c2,16,84,ec,ce
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-06  20:40:38
ComboFix-quarantined-files.txt  2013-02-06 19:40
.
Vor Suchlauf: 9 Verzeichnis(se), 108.756.234.240 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 111.117.627.392 Bytes frei
.
- - End Of File - - F0E8E52FF88A42F774F577527962D428

markusg 06.02.2013 20:52
hi
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.

[GSB]Reaper 06.02.2013 22:25
Ich hab gemacht was du mir empfohlen hast. Leider ist es immer noch nicht weg.
Das Programm zeigt nur ...ähm..*hust* zwei crack dateien an, die ich aber schon lange habe und die auch Avira ständig blocken will.
Hab auch firefox neu installiert. Leider nichts. Auch im Internet Explorer wird der mist geöffnet -.- "Delta Search" was ist das überhaupt? Ist es gefährlich?
Hier die Log Dat:
Code:
Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.06.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Pedro Paret :: PEDROPARET-PC [Administrator]

06.02.2013 21:22:49
mbam-log-2013-02-06 (21-22-49).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|Z:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 492660
Laufzeit: 25 Minute(n), 46 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
Z:\Program Files (x86)\Codemasters\DiRT 3\paul.dll (PUP.RiskwareTool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
Z:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll (Trojan.Downloader.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

markusg 06.02.2013 22:28
sorry, das hier:
Z:\Program Files (x86)\Codemasters\DiRT 3\SKIDROW.dll
ist eine gekrackte version eines spiels, das ist nicht legal in Deutschland und können wir leider nicht unterstützen, helfen können wir hier nur beim neu aufsetzen.
1. Datenrettung:2. Formatieren, Windows neu instalieren:3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
6. werde ich dann noch was zum absichern von Onlinebanking mit Chip Card Reader + Star Money sagen.

[GSB]Reaper 07.02.2013 19:40
Hey markus,

hab mein Problem gelöst! Ich habe mit CCleaner unter etxras delta search tool gefunden.
Ich musste öfters auf deinstallieren drücken bis es dann endlich funktioniert hat! Bin super happy, weil mein Internet deswegen mucken gemacht hat.
Magst du den Thread wieder löschen? da stehen so soviele Informationen über mich! (Name etc) danke dir! Danke dir auch für deine Hilfe!

markusg 07.02.2013 20:57
wir löschen nur persönlihce Daten, wie vor/nachname kombinationen. wenn sowas vorhanden ist, klicke auf beitrag melden und poste was gelöscht werden soll

[GSB]Reaper 10.02.2013 20:33
lösch bitte meinen pc namen und alles was mein namen beinhaltet!
danke euch!

markusg 10.02.2013 20:36
klicke auf beitrag melden, so wies oben steht, ich kann da nichts löschen.


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:35 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58