Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe

GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe


Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.08.2012, 11:54   #1
Ray77
 
GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe - Standard

GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe


Hi,
ich hatte den GVU-Trojaner und hab ihn nach dieser Anleitung versucht zu entfernen:hxxp://www.chip.de/bildergalerie/WindowsUnlocker-Starkes-Tool-gegen-Bundespolizei-Virus-Co.-Galerie_54218633.html
Was dazu führte, dass ich wieder Zugang zur Windowsoberfläche bekam und das System auf 2 Tage vor dem Trojaner wiederherstellte.
Jetzt habe ich um sicher zu gehen, nochmal, wie oben im Hinweis angegeben mit Malwarebytes einen Vollscan gemacht und der findet noch zwei Dateien.

Ich füge hier noch, wie in der Anleitung für neue Themen beschrieben, die otl.txt und Extras.txt aus dem OTL-Scan ein, sowie das Logfile aus dem Malwarebytesscan.


Lg RayOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2012 12:04:04 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Wayne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,58% Memory free
8,00 Gb Paging File | 5,67 Gb Available in Paging File | 70,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 171,95 Gb Total Space | 21,41 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 83,29 Gb Free Space | 85,29% Space Free | Partition Type: NTFS
Drive E: | 116,32 Gb Total Space | 116,06 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive H: | 663,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 1862,56 Gb Total Space | 1306,11 Gb Free Space | 70,12% Space Free | Partition Type: FAT32
 
Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 12:00:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Downloads\OTL.exe
PRC - [2012.07.03 17:28:24 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.02.24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe
PRC - [2011.08.14 15:38:42 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe
PRC - [2011.08.14 15:38:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.07.03 17:28:26 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012.07.03 17:28:26 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2012.07.03 17:28:26 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.01.28 13:59:50 | 000,355,688 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll
MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe
MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.18 23:44:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.16 21:11:42 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.08.14 15:38:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.08.14 15:38:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.08.14 15:38:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.04.28 21:18:04 | 000,053,080 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM)
DRV:64bit: - [2011.04.28 21:18:04 | 000,031,576 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI)
DRV:64bit: - [2011.04.28 21:18:02 | 000,419,160 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn)
DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV - [2012.03.27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 54 33 5C 05 64 CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( )
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 23:44:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 01:11:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.03 17:28:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 23:44:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 01:11:51 | 000,000,000 | ---D | M]
 
[2011.08.14 14:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\mozilla\Extensions
[2012.08.04 20:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions
[2012.06.04 15:42:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.08.04 20:06:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions\firefox@ghostery.com
[2012.05.22 14:54:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions\ich@maltegoetz.de
[2012.05.29 15:19:06 | 000,002,057 | ---- | M] () -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\umlep2k5.default\searchplugins\youtube-videosuche.xml
[2012.01.10 03:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.08.03 18:13:01 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI
[2012.05.08 10:51:49 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI
[2011.10.30 21:14:42 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI
[2012.02.17 18:30:38 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2012.07.10 00:25:13 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI
[2012.03.14 13:56:43 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2011.08.23 17:36:10 | 000,242,939 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\ILLIMITUX@ILLIMITUX.NET.XPI
[2011.10.22 22:44:58 | 000,007,605 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\SHOW-FILE-SIZE-2@KASHIIF-GMAIL.COM.XPI
[2012.06.18 23:44:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.12 12:12:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.12 12:12:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.12 12:12:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.12 12:12:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.12 12:12:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.12 12:12:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.09 17:00:58 | 000,002,168 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 activate.adobe.com
O1 - Hosts: 127.0.0.1 adobeereg.com
O1 - Hosts: 127.0.0.1 activate-sea.adobe.com
O1 - Hosts: 127.0.0.1 3dns.adobe.com
O1 - Hosts: 127.0.0.1 3dns-1.adobe.com
O1 - Hosts: 127.0.0.1 3dns-2.adobe.com
O1 - Hosts: 127.0.0.1 3dns-3.adobe.com
O1 - Hosts: 127.0.0.1 3dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com
O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com
O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.com
O1 - Hosts: 127.0.0.1 practivate.adobe.newoa
O1 - Hosts: 127.0.0.1 practivate.adobe.ntp
O1 - Hosts: 127.0.0.1 practivate.adobe.ipp
O1 - Hosts: 127.0.0.1 ereg.adobe.com
O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com
O1 - Hosts: 20 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [suyqy.exe] C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe ()
O4 - HKCU..\Run: [Upgrade] C:\Users\Wayne\AppData\Roaming\Dropbox\{4F994184-2CEF-456C-90EA-16CEB6FC74BF}\Upgrade.exe File not found
O4 - HKCU..\Run: [Validator] C:\Users\Wayne\AppData\Roaming\TeamViewer\{4EA3080A-24B1-442F-98D9-7808253D415A}\Validator.exe File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wayne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8F53F93-6CDF-401B-A258-FD83C1390687}: DhcpNameServer = 192.168.178.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000.01.18 01:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2000.07.18 00:32:26 | 000,000,143 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000.07.19 00:00:46 | 000,001,045 | R--- | M] () - H:\AUTORUN.INI -- [ CDFS ]
O32 - Unable to obtain root file information for disk K:\
O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = H:\Setup.exe -- [1999.06.28 00:35:30 | 000,008,928 | R--- | M] ()
O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell\dinstall\command - "" = H:\Setup\Directx7\dxsetup.exe -- [1999.09.08 16:56:36 | 000,322,320 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell\dinstall\command - "" = I:\Setup\Directx\dxsetup.exe
O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell\dinstall\command - "" = J:\Setup\Directx\dxsetup.exe
O33 - MountPoints2\{7e37dd61-c66d-11e0-b9f3-001fd0ddc09a}\Shell - "" = AutoRun
O33 - MountPoints2\{7e37dd61-c66d-11e0-b9f3-001fd0ddc09a}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.exe -- [1999.06.28 00:35:30 | 000,008,928 | R--- | M] ()
O33 - MountPoints2\H\Shell\dinstall\command - "" = H:\Setup\Directx7\dxsetup.exe -- [1999.09.08 16:56:36 | 000,322,320 | R--- | M] (Microsoft Corporation)
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
O33 - MountPoints2\I\Shell\dinstall\command - "" = I:\Setup\directx7\dxsetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.05 11:57:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\Trojboard
[2012.08.05 10:01:59 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Malwarebytes
[2012.08.05 10:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 10:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 10:01:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.05 10:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.05 02:33:48 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\ICQ
[2012.08.05 02:28:07 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Skype
[2012.08.05 02:27:27 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Windows Desktop Search
[2012.08.05 02:25:33 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Opera
[2012.08.05 02:25:29 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Google Inc
[2012.08.04 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\PMB Files
[2012.08.04 19:42:14 | 000,000,000 | -HSD | C] -- C:\found.001
[2012.08.02 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\Audible
[2012.08.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\Audible
[2012.08.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible
[2012.08.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible
[2012.07.09 17:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek Armada II
[2012.07.09 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision
[2012.07.09 16:28:50 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Ondeyz
[2012.07.09 16:28:50 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Awasx
[2012.07.09 15:50:56 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Help
[2012.07.09 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Sun
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.05 12:01:52 | 000,000,000 | ---- | M] () -- C:\Users\Wayne\defogger_reenable
[2012.08.05 10:01:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.05 09:42:52 | 000,007,612 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Resmon.ResmonCfg
[2012.08.04 20:16:11 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 20:16:11 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.04 20:13:21 | 002,281,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.04 20:13:21 | 001,115,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.04 20:13:21 | 000,640,590 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.04 20:13:21 | 000,563,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.04 20:13:21 | 000,006,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.04 20:07:43 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib
[2012.08.04 20:07:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.04 20:07:08 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.04 19:45:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
[2012.07.11 23:08:08 | 000,293,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.09 17:13:17 | 000,000,935 | ---- | M] () -- C:\Windows\STA2.ini
[2012.07.09 17:00:58 | 000,002,168 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.09 17:00:58 | 000,002,167 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.05 12:01:52 | 000,000,000 | ---- | C] () -- C:\Users\Wayne\defogger_reenable
[2012.08.05 10:01:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.03 18:02:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad
[2012.07.09 17:11:53 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini
[2012.05.11 07:31:33 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2012.05.11 00:26:40 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.05.11 00:16:53 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.04.06 00:43:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll
[2012.03.13 13:00:49 | 000,001,021 | ---- | C] () -- C:\Windows\EFXP.ini
[2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.01.15 22:32:44 | 000,001,012 | ---- | C] () -- C:\Windows\ef.ini
[2011.08.21 00:40:39 | 000,028,323 | ---- | C] () -- C:\Users\Wayne\helden.zip.hld.ok
[2011.08.21 00:40:23 | 000,028,323 | ---- | C] () -- C:\Users\Wayne\helden.zip.hld
[2011.08.21 00:27:32 | 000,003,508 | ---- | C] () -- C:\Users\Wayne\.heldEinstellungen4_1.xml
[2011.08.21 00:27:31 | 000,000,221 | ---- | C] () -- C:\Users\Wayne\.dsa4.properties
[2011.08.20 11:42:58 | 000,007,612 | ---- | C] () -- C:\Users\Wayne\AppData\Local\Resmon.ResmonCfg
[2011.08.14 15:54:43 | 000,000,600 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\winscp.rnd
[2011.08.14 15:17:17 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== LOP Check ==========
 
[2011.09.05 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\AnvSoft
[2012.07.03 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Audacity
[2012.07.09 16:28:50 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Awasx
[2011.10.31 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\BayWotch4
[2011.11.21 16:37:43 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\calibre
[2012.06.10 13:28:04 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Downloaded Installations
[2012.08.05 02:32:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Dropbox
[2012.08.05 02:24:04 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Enyt
[2012.06.10 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\FileOpen
[2012.05.13 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\HandBrake
[2012.08.05 02:33:48 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\ICQ
[2012.05.05 20:49:01 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Kuyle
[2011.09.13 11:07:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\LolClient
[2012.06.13 03:01:45 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Nitro PDF
[2012.08.04 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Ondeyz
[2011.09.12 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\OpenOffice.org
[2012.08.05 02:34:20 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Opera
[2012.06.04 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\redsn0w
[2011.08.14 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Sinvise Systems
[2012.08.05 02:30:46 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\TeamViewer
[2011.08.20 00:27:59 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Thunderbird
[2011.08.15 00:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\VidCoder
[2012.08.05 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Windows Desktop Search
[2012.05.29 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\xm1
[2012.05.15 19:00:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 05.08.2012 12:04:04 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Wayne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,58% Memory free
8,00 Gb Paging File | 5,67 Gb Available in Paging File | 70,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 171,95 Gb Total Space | 21,41 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 83,29 Gb Free Space | 85,29% Space Free | Partition Type: NTFS
Drive E: | 116,32 Gb Total Space | 116,06 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive H: | 663,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 1862,56 Gb Total Space | 1306,11 Gb Free Space | 70,12% Space Free | Partition Type: FAT32
 
Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03924DB3-BE2B-4C50-A6D0-8909FC914724}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F6130C0-CA9F-4E05-95D0-879E46CF6A88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E711B3C-FF22-42B6-BDFE-8DAF86EEDCA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{277C06FF-9B3A-4BE4-BA06-6BC3408CA7CD}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{31D13655-226A-4352-93D5-B3BDD0486E56}" = lport=138 | protocol=17 | dir=in | app=system | 
"{34A9AAA9-98A5-455C-9CCA-523A8F056E9D}" = lport=137 | protocol=17 | dir=in | app=system | 
"{39A108BC-3051-4B96-8F75-6B4EB3EC87DE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3EAD1CC6-B21E-4422-BD14-40C421E1AB6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3FB5372C-290E-4980-879A-E2FF30ADBD2C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4BD9C3B8-C4AF-46C9-BCAB-F2E3FE39907D}" = lport=139 | protocol=6 | dir=in | app=system | 
"{502D834B-0CA8-44ED-B886-6297373BAF98}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{6D1AFB3C-0974-4A6E-AB49-8042980E8ACF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{6D59BD40-F573-44E1-B376-A8ACB78BB58B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{76C4546C-C3C1-42E5-9B5B-ABC0CE2834C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{84524776-FAF6-43C8-9FC1-D175B1BD81E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8ABD2703-B883-4A30-921C-A48A7E0BC3D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C82F6377-0BE0-4873-94C5-56AE7450069E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{D8903A83-E650-4B57-A3C2-072EF0BD4F0C}" = rport=138 | protocol=17 | dir=out | app=system | 
"{DEEC9D52-6125-416F-9107-7F2E1F219428}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E3509AEE-B448-472D-904D-225E2EEA9E12}" = lport=445 | protocol=6 | dir=in | app=system | 
"{E909C8B3-9568-4257-90A8-34211EEEC427}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{EEDE7031-62E0-4EDC-B0BF-9904F020AD6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013DA4CE-EB19-4837-B247-D1AE8F5CC6D5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{08DA6174-2043-4C6B-9AB2-EE881976D13B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{18DB1434-0515-4854-8FBE-B78904AA86F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{1AF3980A-0B43-45CA-9113-799F6A6D67EF}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{1D86C787-3D7E-422A-B949-8E8462FBFEE8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2542D6DC-EECB-4109-A791-2B6CBE04087B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{26EBCD64-53AE-4EF3-BE48-686215B833C4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{39EFEA42-C5E3-410E-83E4-DC0D89B98335}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{436AA665-6EEA-4BC5-BEE4-78E655E23327}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{477D8954-27B5-4047-B4E5-A102052A8358}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4A3EB0A1-99C1-4D9E-AFE8-71B08DBACE0C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4BCFA5E4-5240-400B-B202-27DB9FE7A811}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{52BCC33A-ED42-40C6-BA47-8966EBE1FAC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{652305F3-D8AF-40D6-8237-ECF6BD7EEFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{6844A0C1-D935-4D43-AD90-68A4FDE72089}" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe | 
"{71215482-A0EE-4C23-A110-F2280B433131}" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe | 
"{73CB25BC-8BBD-49CB-9BD0-C5A363B97302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8330F8C0-FEF7-4BF7-908E-A394FE9F2C3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{89DFF3D6-B05A-4ECA-BE7A-3C9792624619}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8D929E3B-7390-48F5-85B3-265782C83FAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9CABEE11-7117-4691-90E5-D29069C32C04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9CF7BF5B-E792-4D0E-A285-8628B41D4D98}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{9FF0DEBA-2FE6-4B45-A6F2-2DFCE6498AF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A1F88EF1-9B3C-4745-A1EF-62CDE6C34F9A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{A7347FE6-EA43-4EFB-920E-8D62C495241D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AE1FDE55-CBDC-435D-B43C-16E6D8B69C43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{AE804350-58A8-4641-B74E-BB28859FEA7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C21F5FD8-AAE9-4266-AA24-547AD88857B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{DD2CD438-8DDE-4455-9FD1-65C89A3C2EBD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{E0697E7F-291A-4C4A-841B-0190F76847DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{EA98ECF9-3BCB-48F2-948A-E9E2BD3AE118}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"{ECC4A08D-BA2A-477F-AFB1-21271F20D37E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F3C0CE6E-AAAC-4282-A32D-5753FB47496A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{FDEBCF1E-07E6-48DF-B0B4-38A5E2759F70}" = protocol=6 | dir=out | app=system | 
"TCP Query User{02B22C72-60DE-4F95-BD73-5408D388B4BE}C:\program files (x86)\iphone tunnel suite\bin\itunnel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iphone tunnel suite\bin\itunnel.exe | 
"TCP Query User{07979D93-B6D2-4F64-B015-DD8E44E650C0}C:\users\wayne\downloads\tinyumbrella-5.00.09.exe" = protocol=6 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.00.09.exe | 
"TCP Query User{0C3AE7F6-E4B3-4E8D-A439-D74B9FACC4D8}C:\users\wayne\downloads\tinyumbrella-5.10.14.exe" = protocol=6 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.10.14.exe | 
"TCP Query User{2FF77C6E-2043-48DD-85C5-1159285BEB37}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"TCP Query User{306A2DD5-E0DF-4FF4-A149-63045FB03B69}C:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{3ACD8B76-7992-4595-BDA2-7F4ADE5A279E}G:\star trek\ef2.exe" = protocol=6 | dir=in | app=g:\star trek\ef2.exe | 
"TCP Query User{3FFEA1DD-CEF9-4358-B31B-66C27FA01F21}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{445856C9-A92B-48C2-860B-11C2447232BE}G:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=g:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe | 
"TCP Query User{7902FCC6-3130-47E5-B6C7-59AE212569FB}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"TCP Query User{7AF18BC9-5E85-4763-A24D-E1B801EC2A00}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe | 
"TCP Query User{7D6153E6-8E66-4B5F-BBE2-47F2F40560C6}G:\star trek\ef2.exe" = protocol=6 | dir=in | app=g:\star trek\ef2.exe | 
"TCP Query User{A6A5BF22-515F-4C87-A378-DCF1723F20F2}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe | 
"TCP Query User{B83D011B-26DA-4908-AB56-2D35F887CD4E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{C845B1D3-04BD-489E-9DD6-F7C743B6B506}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"TCP Query User{D2819A6D-3181-47E4-8EBE-730E32C086CE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{D768614D-A45B-4155-A53F-7D3E31BBCE85}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | 
"TCP Query User{E231EFAD-4394-44C5-893E-B4F23AEB8DF9}C:\users\wayne\appdata\roaming\enyt\yrit.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\enyt\yrit.exe | 
"TCP Query User{F5C65411-3F4A-4103-81F9-DC5730DBCB15}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"TCP Query User{FE562A85-FFAC-4531-A5FF-C18C145A621C}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe | 
"UDP Query User{041321AB-93D8-4FCE-B6CA-59AE2EC8B8DF}G:\star trek\ef2.exe" = protocol=17 | dir=in | app=g:\star trek\ef2.exe | 
"UDP Query User{1047F785-C2B5-46C0-847B-616C68029D02}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe | 
"UDP Query User{1CB1797E-3801-4B71-800E-BAC2D6F418B0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{1E0436BA-F3ED-4EA3-B93E-C1532ACB8CD3}G:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=g:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe | 
"UDP Query User{2D760379-2F3C-4A60-8321-90907BBFFCBF}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe | 
"UDP Query User{33D37265-917A-4D36-A77A-F0A469AC8513}C:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{52132288-F903-45B1-B491-B5DCCC954C04}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{6674BA8C-6534-4411-99EF-3B7206D2E1E8}C:\users\wayne\appdata\roaming\enyt\yrit.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\enyt\yrit.exe | 
"UDP Query User{80D0AC82-6A2A-4E7A-88D8-11A71EE1EFF9}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{ABE288F2-1907-4B9F-835A-8247FA7B1945}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"UDP Query User{B17E4CEA-F4BE-44E5-B433-55C612BD234A}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe | 
"UDP Query User{B209463F-0E23-4AC8-995E-5747844D7BF5}G:\star trek\ef2.exe" = protocol=17 | dir=in | app=g:\star trek\ef2.exe | 
"UDP Query User{BB4589D9-D88F-4ECB-B5AA-40421CCEA8F5}C:\program files (x86)\iphone tunnel suite\bin\itunnel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iphone tunnel suite\bin\itunnel.exe | 
"UDP Query User{C0FF9E6C-02C3-44C4-B808-F5BC39B6AB6A}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe | 
"UDP Query User{DECE5D81-B2EA-4215-AC8E-367375D42CB1}C:\users\wayne\downloads\tinyumbrella-5.00.09.exe" = protocol=17 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.00.09.exe | 
"UDP Query User{E2B09821-487B-4725-B6CF-0EA93E6F5BDF}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe | 
"UDP Query User{E474CA5C-4A36-48FB-AC19-126C9162A07E}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe | 
"UDP Query User{E6A6FDFC-D22D-4A48-AAEF-0A1B11BC691D}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe | 
"UDP Query User{FB39A14A-573C-458F-8191-5043C609F0DC}C:\users\wayne\downloads\tinyumbrella-5.10.14.exe" = protocol=17 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.10.14.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{373934DC-C16C-4CB5-83E2-1E5498CF99EC}" = Shutdown Timer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 Update 1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D59CEDD-C68B-4506-A7E2-E4D13FC5373B}" = calibre
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99367836-0A29-4EC8-88DB-CA774E5F93BA}_is1" = iPhone Tunnel Suite v3.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FCA0420-CB8D-4D05-B5B0-905063930DE4}" = Mobile Mouse Server
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DF423F-02E6-40d1-936B-BAF28C884C00}_is1" = 4Videosoft Video Converter Platinum 5.0.12
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"baywotch4_is1" = BayWotch v4.2.13
"CloneDVD2" = CloneDVD2
"conduitEngine" = Conduit Engine 
"Diablo II" = Diablo II
"Elite Force" = Elite Force
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HandBrake" = HandBrake 0.9.6
"Homeworld2" = Homeworld2
"LAME_is1" = LAME v3.99.3 (for Windows)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"Star Trek Armada II" = Star Trek Armada II
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VidCoder_is1" = VidCoder 1.0.0 (x86)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.3.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.08.2012 13:52:09 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.08.2012 13:52:09 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 04.08.2012 14:07:16 | Computer Name = Wayne-PC | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 04.08.2012 14:07:16 | Computer Name = Wayne-PC | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
 
Error - 04.08.2012 14:13:18 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.08.2012 14:13:18 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 04.08.2012 14:13:18 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 04.08.2012 18:28:45 | Computer Name = Wayne-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 05.08.2012 03:44:01 | Computer Name = Wayne-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.6.3.25, Zeitstempel:
 0x4fd16377  Name des fehlerhaften Moduls: CoreFoundation.dll, Version: 1.630.16.0,
 Zeitstempel: 0x4f3a0c6f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000582d7  ID des fehlerhaften
 Prozesses: 0x1580  Startzeit der fehlerhaften Anwendung: 0x01cd726c9039f0ed  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
Berichtskennung:
 52429a4a-ded1-11e1-943d-001c4afe2da6
 
Error - 05.08.2012 04:06:30 | Computer Name = Wayne-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.87 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 17fc    Startzeit:
 01cd72e09a4e40f2    Endzeit: 15    Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
 Anti-Malware\mbam.exe    Berichts-ID: 6e0987b8-ded4-11e1-943d-001c4afe2da6  
 
[ System Events ]
Error - 04.08.2012 13:35:52 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
 
Error - 04.08.2012 13:35:56 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 04.08.2012 13:35:57 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 04.08.2012 13:35:57 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
 
Error - 04.08.2012 13:43:18 | Computer Name = Wayne-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?08.?2012 um 19:38:40 unerwartet heruntergefahren.
 
Error - 04.08.2012 14:04:09 | Computer Name = Wayne-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 04.08.2012 14:04:09 | Computer Name = Wayne-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 04.08.2012 14:04:09 | Computer Name = Wayne-PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
Error - 04.08.2012 14:10:42 | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
Error - 05.08.2012 03:41:08 | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst AntiVirSchedulerService erreicht.
 
 
< End of report >
--- --- ---
 

Themen zu GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe
7-zip, antivir, any video converter, audiograbber, autorun, avira, bho, bonjour, conduit, converter, desktop, entfernen, error, fehler, firefox, flash player, google, home, install.exe, jdownloader, langs, logfile, mozilla, nvidia update, object, pando media booster, plug-in, prozess, realtek, registry, richtlinie, safer networking, security, software, stick, super, svchost.exe, system, tunnel


« Bundespolizei Trojaner sperrt den PC (desktop) sobald ich ihn anmache | BKA-Trojaner mit webcam --> endgültige Reinigung? »


Ähnliche Themen: GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe


  1. Windows 8 Trojaner Zbot.gen gefunden in C:\Users\*****\Appdata\Roaming\Cuyfzy\piutfas.exe
    Log-Analyse und Auswertung - 22.08.2014 (6)
  2. C:\Users\didi\AppData\Roaming\skype.dat
    Log-Analyse und Auswertung - 30.09.2013 (2)
  3. Trojaner: \Users\Kerstin\AppData\Roaming\systeme\upsate.exe
    Log-Analyse und Auswertung - 03.06.2013 (12)
  4. Mit Malwarebytes C:\Users\Zig\AppData\Roaming\Ygowq\irqy.exe (Trojan.ZbotR.Gen) gefunden.
    Plagegeister aller Art und deren Bekämpfung - 16.04.2013 (6)
  5. Mit Malwarebytes C:\Users\Zig\AppData\Roaming\Ygowq\irqy.exe (Trojan.ZbotR.Gen) gefunden.
    Mülltonne - 07.02.2013 (1)
  6. Online- Banking gesperrt! Trojan.FakeAlert.Gen & Trojan.ZbotR.Gen in (C:\Users\\AppData\Temp & C:\Users\\AppData\Roaming\Osje\rutaap.exe)
    Log-Analyse und Auswertung - 06.02.2013 (1)
  7. RunDLL Probleme beim Starten von C:\users\***\AppData\Roaming\pndeb.dll & AppData\Local\powstak.dll
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (5)
  8. Trojaner Generic6.cbnx in C:\Users\Alexander\AppData\Roaming entdeckt
    Log-Analyse und Auswertung - 19.10.2012 (13)
  9. Trojaner in Datei C:\users\XY\Appdata\Roaming\appconf32.exe
    Log-Analyse und Auswertung - 30.07.2012 (4)
  10. Win32/Injector.JRX Trojaner C:\Users\XXXXX\AppData\Roaming\WinHost\host.exe
    Plagegeister aller Art und deren Bekämpfung - 02.05.2012 (11)
  11. Trojaner TR/Dropper.Gen2 in C:\Users\Mirja\AppData\Roaming\Mozilla\Firefox\Profiles\6x4lp5w3.default
    Plagegeister aller Art und deren Bekämpfung - 01.02.2012 (8)
  12. Trojaner TR/Offend.KD.484629 in Users\***\AppData\Roaming\Microsoft\hostrun.exe
    Plagegeister aller Art und deren Bekämpfung - 31.12.2011 (6)
  13. c:\Users\Name\AppData\Roaming\acroiehelpe050.dll
    Log-Analyse und Auswertung - 05.12.2011 (15)
  14. TR/ATRAPS.Gen Trojaner in C:\Users\Benutzername\AppData\Roaming\rundx.dll
    Plagegeister aller Art und deren Bekämpfung - 02.12.2011 (25)
  15. kryptik.NIT-Trojaner in C:\Users\Alexander\AppData\Roaming\Yvap\ulnoa.exe
    Log-Analyse und Auswertung - 09.05.2011 (15)
  16. TR/Spy.Zb.aaw.14997 in C:\Users\ICH\appdata\Roaming\...
    Plagegeister aller Art und deren Bekämpfung - 11.07.2010 (17)
  17. Users/***/Appdata/Roaming/Winlogon.exe
    Log-Analyse und Auswertung - 04.07.2010 (7)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe - Hi, ich hatte den GVU-Trojaner und hab ihn nach dieser Anleitung versucht zu entfernen:hxxp://www.chip.de/bildergalerie/WindowsUnlocker-Starkes-Tool-gegen-Bundespolizei-Virus-Co.-Galerie_54218633.html Was dazu führte, dass ich wieder Zugang zur Windowsoberfläche bekam und das System auf 2 Tage - GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe...
Archiv
Du betrachtest: GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131