Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.08.2012, 13:04   #1
-stealth^
 
Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? - Standard

Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?



Guten Tag,

Ich war am Surfen, dann kam auf einmal ein weiser bildschirm mit text, dass mein Computer gesperrt sei. Auf der rechten Seiten war ne Zahlung eingerichtet, bei der 100€ voreingestellt war. An mehr erinner ich mich leider nicht, da ich mir nicht mehr durchgelesen habe.

Danach hab ich den Benutzer gewecheslt, und eine Systemherstellung vorgenommen.
Jetzt komme ich auch wieder in meinen urspruenglichen Benutzer.
Habe trotzdem ein wenig gegoogelt, bin auf dieses forum gestoßen.
Mein Problem ist, dass ich das Problem anders angegangen bin (Systemwiederherstellung), wie hier empfohlen und ich mir nicht sicher bin auf welchen trojanerkern meiner zutrifft. So habe ich einen Malwaretest gemacht, via dem von ihnen empfohlenen malwarebytes Anti-Malware programm. Bei diesem Test kam heraus, dass infizierte Objekte vorhanden sind.
report folgt: (habe jz auf auswahl loeschen geklickt, weil das in dem Guide so stand und ich nichts mit in Quarantäne verschieben fand)

danke fuer jede muehe schon mal im vorraus

wie gehe ich jz weiter vor?
was sind das fuer viren/trojaner?
--------------------------------------------------------------------------
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.07.03

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
sebastian :: SEBASTIAN-PC [Administrator]

07.08.2012 12:42:26
mbam-log-2012-08-07 (12-42-26).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 449389
Laufzeit: 1 Stunde(n), 16 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCR\CLSID\{C689C99E-3A8C-4c87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C689C99E-3A8C-4C87-A79C-C80DC9C81632} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Userinit (Trojan.Agent) -> Daten: C:\Users\sebastian\AppData\Roaming\appconf32.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\sebastian\AppData\Local\Temp\is357113909\IWantThis_IC_V3_ROW.exe (Adware.GamePlayLabs) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Der defogger test ergab nichts


OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 07.08.2012 18:03:19 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\sebastian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,69% Memory free
7,71 Gb Paging File | 5,49 Gb Available in Paging File | 71,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 154,83 Gb Total Space | 51,10 Gb Free Space | 33,00% Space Free | Partition Type: NTFS
Drive D: | 419,86 Gb Total Space | 393,47 Gb Free Space | 93,71% Space Free | Partition Type: NTFS
Drive E: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SEBASTIAN-PC | User Name: sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.07 17:53:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe
PRC - [2012.05.08 17:01:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 17:01:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 17:01:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.03.08 13:46:50 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2012.03.08 13:46:41 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.17 13:29:46 | 000,395,144 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe
PRC - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe
PRC - [2011.01.17 19:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 19:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2010.12.10 15:56:43 | 003,054,136 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.10.14 14:38:34 | 000,653,952 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe
PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.07.19 22:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 22:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.07.02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.06.09 09:55:54 | 001,080,448 | ---- | M] (asus) -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe
PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.05.04 00:45:50 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
PRC - [2010.05.04 00:41:46 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe
PRC - [2009.09.08 09:47:07 | 004,513,792 | ---- | M] (PostgreSQL Global Development Group) -- C:\Program Files (x86)\PostgreSQL\8.4\bin\postgres.exe
PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe
PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe
PRC - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.15 08:59:48 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.15 08:59:33 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.15 08:59:27 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.06.15 08:59:24 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.12 12:28:04 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\9b2f17fb61b7197f2a04108f5d1a1cc6\System.Management.ni.dll
MOD - [2012.05.11 23:09:26 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.11 23:08:27 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.11 23:08:21 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.11 23:08:17 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.11 23:08:16 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.11 23:08:10 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2011.03.15 11:10:45 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2010.07.02 23:36:26 | 001,597,440 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2010.07.01 21:21:42 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax
MOD - [2010.02.23 15:14:22 | 000,071,680 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll
MOD - [2010.02.23 15:14:18 | 000,041,472 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll
MOD - [2010.02.23 15:14:10 | 000,050,688 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll
MOD - [2010.02.23 15:12:22 | 000,186,880 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll
MOD - [2010.02.23 15:11:46 | 000,076,288 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll
MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.08.04 11:50:05 | 000,110,592 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll
MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
MOD - [2007.06.15 20:28:36 | 000,147,456 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll
MOD - [2007.06.02 03:08:18 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.08.11 15:44:45 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.06.22 21:20:42 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.07 00:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.05.08 17:01:30 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 17:01:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.03.19 13:38:46 | 002,666,880 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.03.08 13:46:50 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2012.03.08 13:46:41 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.02.29 09:50:48 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.21 16:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.10.13 18:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.07.08 22:32:14 | 000,666,696 | ---- | M] (Juniper Networks) [Auto | Running] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.01.27 17:51:05 | 002,253,688 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6)
SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 05:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.10.01 05:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.09.08 09:48:55 | 000,066,048 | ---- | M] (PostgreSQL Global Development Group) [Auto | Running] -- C:\Program Files (x86)\PostgreSQL\8.4\bin\pg_ctl.exe -- (postgresql-8.4)
SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 12:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.08 17:01:30 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 17:01:30 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 16:00:00 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.07.08 22:00:18 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.12.10 15:56:33 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.09.13 12:24:25 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.08.11 16:15:49 | 007,765,504 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.08.11 15:11:07 | 000,279,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010.07.29 00:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.07.15 02:47:41 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010.07.14 08:17:27 | 000,735,360 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.04.13 12:15:03 | 000,135,560 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.03.02 10:45:23 | 001,594,368 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2010.02.26 10:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.25 05:26:57 | 000,115,312 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\JME.sys -- (JME)
DRV:64bit: - [2009.09.17 22:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.08.20 04:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009.08.18 10:23:31 | 000,143,472 | ---- | M] (JMicron Technology Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\jmcr.sys -- (JMCR)
DRV:64bit: - [2009.08.07 00:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 19:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.12.08 18:35:52 | 000,061,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2008.05.24 03:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV - [2010.02.24 21:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/12/10 05:23:16] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://vshare.toolbarhome.com/?hp=df
IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp
IE - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Web Search..."
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..keyword.URL: "hxxp://vshare.toolbarhome.com/search.aspx?srch=ku&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.9: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.02.05 23:54:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.01.26 21:27:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.09.06 20:39:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\sebastian\AppData\Roaming\5045 [2011.11.21 18:34:28 | 000,000,000 | ---D | M]
 
[2011.02.04 20:53:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sebastian\AppData\Roaming\mozilla\Extensions
[2011.08.13 23:57:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hmkf1ijz.default\extensions
[2011.08.13 23:57:35 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hmkf1ijz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.01.03 23:11:19 | 000,000,000 | ---D | M] ("Nero Toolbar") -- C:\Users\sebastian\AppData\Roaming\mozilla\Firefox\Profiles\hmkf1ijz.default\extensions\toolbar@ask.com
[2011.02.15 21:43:36 | 000,001,583 | ---- | M] () -- C:\Users\sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\hmkf1ijz.default\searchplugins\web-search.xml
[2012.01.26 21:27:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.10 13:48:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2011.11.21 18:34:28 | 000,000,000 | ---D | M] (Java String Helper) -- C:\USERS\SEBASTIAN\APPDATA\ROAMING\5045
[2011.12.21 09:42:29 | 000,121,816 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.04.14 05:08:00 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.12.21 07:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.12.21 07:02:40 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 07:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 07:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 07:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 07:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=ASUT&bmod=ASUT
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Java Deployment Toolkit 6.0.250.6 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U25 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\17.0.963.66\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin
CHR - Extension: Skype Click to Call = C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8442_0\
CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\sebastian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O3 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000\..\Toolbar\WebBrowser: (Nero Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [Rainlendar2] C:\Program Files\Rainlendar2\Rainlendar2.exe File not found
O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" File not found
O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1000..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-837568758-3957210429-1287448362-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Trillian.lnk = C:\Program Files (x86)\Trillian\trillian.exe (Cerulean Studios)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7133F58D-B9A1-4347-A355-C91D1D58257F}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7707379C-C745-4175-B303-D5B6A86106D8}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.03 13:20:21 | 000,000,000 | ---D | M] - E:\Autorun -- [ CDFS ]
O32 - AutoRun File - [2008.01.25 22:10:40 | 000,000,047 | R--- | M] () - E:\Autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2008.03.06 08:38:56 | 000,165,136 | R--- | M] (Electronic Arts Inc.) - E:\autorun.exe -- [ CDFS ]
O33 - MountPoints2\{47d97826-c3f6-11e0-b1f9-bcaec5a02019}\Shell - "" = AutoRun
O33 - MountPoints2\{47d97826-c3f6-11e0-b1f9-bcaec5a02019}\Shell\AutoRun\command - "" = F:\autorun.exe
O33 - MountPoints2\{7c5fea1a-308f-11e0-a923-bcaec5a02019}\Shell - "" = AutoRun
O33 - MountPoints2\{7c5fea1a-308f-11e0-a923-bcaec5a02019}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true
O33 - MountPoints2\{f699e43c-c438-11e0-a7d1-bcaec5a02019}\Shell - "" = AutoRun
O33 - MountPoints2\{f699e43c-c438-11e0-a7d1-bcaec5a02019}\Shell\AutoRun\command - "" = F:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.07 17:53:51 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe
[2012.08.07 12:41:32 | 000,000,000 | ---D | C] -- C:\Users\sebastian\AppData\Roaming\Malwarebytes
[2012.08.07 12:41:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.07 12:41:07 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.08.07 12:41:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.08.07 12:41:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.07 11:59:36 | 000,000,000 | ---D | C] -- C:\ProgramData\rxkphuhcpnjfyub
[2012.07.11 19:37:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinDjView
[2012.07.11 19:37:20 | 003,452,059 | ---- | C] (Andrew Zhezherun) -- C:\Users\sebastian\Desktop\WinDjView-1.0.3-Setup.exe
[2012.07.11 17:53:18 | 000,000,000 | ---D | C] -- C:\Program Files\Plugins
[1 C:\Users\sebastian\AppData\Roaming\*.tmp files -> C:\Users\sebastian\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.07 17:53:51 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\sebastian\Desktop\OTL.exe
[2012.08.07 17:53:11 | 000,000,000 | ---- | M] () -- C:\Users\sebastian\defogger_reenable
[2012.08.07 17:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.07 14:16:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 14:16:03 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.07 14:07:38 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.07 14:07:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.07 14:07:13 | 3105,259,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.07 12:41:08 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.07 11:59:36 | 000,000,051 | ---- | M] () -- C:\ProgramData\wxcwunfzpeasjft
[2012.07.30 14:49:25 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.30 14:49:25 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.30 14:49:25 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.30 14:49:25 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.30 14:49:25 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.11 19:37:24 | 003,452,059 | ---- | M] (Andrew Zhezherun) -- C:\Users\sebastian\Desktop\WinDjView-1.0.3-Setup.exe
[2012.07.11 16:38:23 | 000,314,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.10 18:20:32 | 629,981,737 | ---- | M] () -- C:\Windows\MEMORY.DMP
[1 C:\Users\sebastian\AppData\Roaming\*.tmp files -> C:\Users\sebastian\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.07 17:53:11 | 000,000,000 | ---- | C] () -- C:\Users\sebastian\defogger_reenable
[2012.08.07 12:41:08 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.08.07 11:59:34 | 000,000,051 | ---- | C] () -- C:\ProgramData\wxcwunfzpeasjft
[2012.05.28 23:48:30 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.08 13:46:43 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.03.08 13:46:41 | 002,250,024 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.03.08 13:46:41 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.11.29 19:19:29 | 000,000,032 | ---- | C] () -- C:\Users\sebastian\.simfy
[2011.11.21 18:34:18 | 000,000,072 | ---- | C] () -- C:\Users\sebastian\AppData\Roaming\blckdom.res
[2011.04.12 16:32:21 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.03 12:04:30 | 000,001,110 | ---- | C] () -- C:\Users\sebastian\Splendid Utility.Lnk
[2011.04.03 12:04:02 | 000,001,150 | ---- | C] () -- C:\Users\sebastian\SmartLogon Manager.lnk
[2011.04.03 12:03:08 | 000,001,094 | ---- | C] () -- C:\Users\sebastian\LifeFrame.lnk
[2011.04.03 12:02:28 | 000,002,595 | ---- | C] () -- C:\Users\sebastian\ControlDeck.lnk
[2011.03.28 18:28:06 | 000,001,400 | ---- | C] () -- C:\Users\sebastian\Free YouTube to MP3 Converter.lnk
[2011.03.28 12:55:45 | 000,002,068 | ---- | C] () -- C:\Users\sebastian\KickoffPoker.lnk
[2011.03.27 13:35:02 | 000,001,053 | ---- | C] () -- C:\Users\sebastian\Full Tilt Poker.lnk
[2011.03.20 14:43:39 | 000,005,120 | ---- | C] () -- C:\Users\sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.02.06 15:46:43 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.02.05 20:29:51 | 000,000,000 | ---- | C] () -- C:\Windows\HMHud.INI
[2011.02.04 20:52:37 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.12.10 15:58:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2010.12.10 15:56:36 | 000,001,236 | ---- | C] () -- C:\Users\sebastian\ASUS Data Security Manager.Lnk
[2010.12.10 15:56:22 | 000,002,595 | ---- | C] () -- C:\Users\sebastian\AI Recovery Burner.lnk
[2010.12.10 15:48:26 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2010.12.10 15:40:20 | 000,001,603 | ---- | C] () -- C:\Users\sebastian\e-Driver.lnk
[2010.12.10 15:37:40 | 000,002,069 | ---- | C] () -- C:\Users\sebastian\syncables desktop SE.lnk
[2010.12.10 15:37:07 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== LOP Check ==========
 
[2011.11.21 18:34:28 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\5045
[2011.02.04 18:42:03 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Asus WebStorage
[2011.07.01 19:50:48 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Canneverbe Limited
[2011.08.19 13:58:18 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Command & Conquer 3 Kanes Rache
[2011.08.14 12:50:45 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Command and Conquer 4
[2011.02.21 20:29:36 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DAEMON Tools Lite
[2011.08.11 12:58:01 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DAEMON Tools Pro
[2011.08.08 16:41:42 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DC++
[2011.08.13 23:57:49 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DVDVideoSoft
[2011.03.28 18:28:13 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\DVDVideoSoftIEHelpers
[2011.06.22 20:02:18 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\HEM Data
[2011.03.05 23:31:21 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\HoldemManager
[2012.07.11 16:58:29 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Juniper Networks
[2011.11.21 18:34:11 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\kock
[2012.03.07 17:17:01 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\LolClient
[2011.03.15 11:22:33 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\OpenOffice.org
[2011.05.09 18:22:06 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Opera
[2011.03.16 20:15:15 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Rainmeter
[2011.10.10 10:15:00 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Roaming
[2012.08.07 13:05:32 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Ruyb
[2011.08.30 20:45:51 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Simfy
[2012.07.09 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\SoftGrid Client
[2011.08.27 20:27:32 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Sports Interactive
[2011.02.06 19:58:24 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\TeamViewer
[2011.04.12 16:32:55 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\TP
[2011.02.04 21:04:18 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Trillian
[2012.06.21 17:10:16 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\TS3Client
[2012.04.25 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\UAs
[2012.07.11 17:45:58 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\UDC Profiles
[2012.02.15 22:12:01 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\Wefy
[2012.04.25 19:39:48 | 000,000,000 | ---D | M] -- C:\Users\sebastian\AppData\Roaming\xmldm
[2011.09.15 11:25:51 | 000,000,000 | ---D | M] -- C:\Users\sebastian2\AppData\Roaming\Rainmeter
[2012.07.20 11:53:27 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 120 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >
         
--- --- ---


--------------------------------------------------------------------------OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 07.08.2012 18:03:19 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\sebastian\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 50,69% Memory free
7,71 Gb Paging File | 5,49 Gb Available in Paging File | 71,24% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 154,83 Gb Total Space | 51,10 Gb Free Space | 33,00% Space Free | Partition Type: NTFS
Drive D: | 419,86 Gb Total Space | 393,47 Gb Free Space | 93,71% Space Free | Partition Type: NTFS
Drive E: | 4,33 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: SEBASTIAN-PC | User Name: sebastian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{092A9A3E-FAD0-45C7-A0CA-CE9D66ECA21D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0C4A5571-BE5D-49FE-8391-7B493F268B09}" = lport=445 | protocol=6 | dir=in | app=system | 
"{14BD83CF-A9FB-486F-9133-E81EC402000A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{27043F4D-236D-41A1-A31E-AA93E5B7E3B5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{28431200-6A0B-4D91-BF1C-2BB163890EC5}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{38E22793-3B0D-47A4-A043-36AC27DA2C08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{404B7439-90E3-4DC4-BD25-7059D2762548}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4553D8B7-EE51-4C35-A008-B1C9B0EE4225}" = lport=137 | protocol=17 | dir=in | app=system | 
"{493EE5DA-F464-41A4-8C85-1FA1A7C8AF56}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{566C4DF1-C187-460C-AE04-F9ABFC47A520}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{656045F3-31ED-460E-96D3-568989FF5930}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6D82D814-BCFF-40A6-9761-DBAEB78016BE}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{6E447A32-B420-4829-9B7B-4A00BEE691A3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7069532F-BA57-4062-92C7-5886D7BAD95B}" = rport=445 | protocol=6 | dir=out | app=system | 
"{727B3B1F-FAB6-4EBB-8D80-6467D0E55957}" = rport=138 | protocol=17 | dir=out | app=system | 
"{7E227423-A8E7-4254-854D-7F9FAC3584D5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7FB53812-B83C-48B9-AD7F-9359102BE11D}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{97B595DF-8F0A-4D01-A1CD-1B0350E7DAEE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9CEAAA31-EC6F-4710-B77E-155C987B9CBD}" = lport=5432 | protocol=6 | dir=in | name=postgres | 
"{A2A6758F-5380-4F1C-9C21-1F1C45BCAC14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C2450BAD-A934-4929-B435-BFA20FC7F893}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{C82A1763-E79D-4C2A-B1D2-EE7993B486B4}" = lport=138 | protocol=17 | dir=in | app=system | 
"{CBD351DF-A17A-4DA1-B0BD-0ED4A69C675C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D3E8EF23-4020-4C2F-A414-CFDF5938A3F2}" = lport=139 | protocol=6 | dir=in | app=system | 
"{D73D5157-FEE1-4319-A39F-FAEF3E5FAE74}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{F4767F9A-2FC3-40E2-ABCD-3E545654F873}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F59BD7AB-66AF-4052-A675-76AAE9AA558F}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FCE30929-EBCD-4D7E-BC60-128E74D07EC6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10CADB4F-4A50-484B-A9DD-38C2332660F7}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{11E3E05F-4F82-4348-9F6A-2C175220BD33}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{15626388-78EA-4521-90F2-42660712D286}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{16373464-8A5E-4232-B085-A0142115F2F8}" = protocol=6 | dir=in | app=d:\gamez\footballmanager2011\fm.exe | 
"{175664DD-EC0E-40D7-93B7-A9169581966C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{191D53E0-AC84-4B6D-94C1-C7E254409C83}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{1B2552B0-CA13-4D48-813F-6A930F3C3C83}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{1DFBAE8F-1E8E-41BC-99D1-7A75A8686BB8}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{1E31DF31-CF13-4BF8-ACB2-27ED45AB4F21}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{27E5E5AA-474D-4055-A2A7-B3877712B74C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{2BE3922E-829B-4F44-87B7-CFE539A0481E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2CA70173-C0C6-4F6A-BC3E-7D10F331F52B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3A36EA70-D24E-4269-9E52-C3B38E5727A7}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{3AA863DC-2FC5-40CC-9A34-4DD3A41C5836}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{3CA88A34-5E33-4036-BF8F-EFB14F31DC3A}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{3CB7B563-9351-48E2-B8B6-D014507A73D7}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{4A047031-F494-4F46-85F7-CC155D9651EF}" = protocol=6 | dir=in | app=d:\far cry 2\bin\farcry2.exe | 
"{54AC1FB0-FDEB-4833-8184-2AB11142F8D3}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{5D0197DA-17DD-41FB-B511-70C712C40043}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5EBA0984-460C-442A-992F-4D13553F4532}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{690A2B78-0434-4324-833A-A9CFA8A200AA}" = protocol=17 | dir=in | app=d:\far cry 2\bin\fc2editor.exe | 
"{6D52A170-F472-4676-A640-BC3B75469424}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{703BF62B-BEDC-4DCE-8DA0-E7351FDAEEC7}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{73EF4E89-AE52-4DD8-80DC-BF145FE75B91}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{75F0C17D-A25D-44B5-B5E2-9A19100F9A90}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{7ACA3292-C132-484E-B7DA-D4187627ABEB}" = protocol=6 | dir=out | app=system | 
"{7B215B2A-ED44-4EE3-AC72-49CF0D4F5147}" = protocol=6 | dir=in | app=i:\rise of legends\legends.exe | 
"{7BA25DEB-DE05-46FF-A493-6A2AC574C57E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{7EFC331E-DE4A-46C1-816B-3705ED06C384}" = protocol=17 | dir=in | app=d:\far cry 2\bin\farcry2.exe | 
"{832AD99A-FAEE-4789-9276-ACC5850D4DE4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{88B3E604-B4E0-4B58-8CD8-355DB5B97F01}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8E3371E0-ABAE-4D9C-B741-71C1DE410071}" = protocol=17 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe | 
"{90544DAB-BBF8-44E1-B546-697239EB9CD5}" = protocol=6 | dir=in | app=d:\far cry 2\bin\fc2editor.exe | 
"{9073E1A6-98C9-4644-9D78-166A98639962}" = protocol=6 | dir=in | app=d:\gamez\sacred 2\system\sacred2.exe | 
"{91F9EF70-5B05-4464-9625-037595A2B6EB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{98CF4F6D-F31F-4AD2-9D8E-283D510EE0C5}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9C3525C8-F6E3-405A-9143-A9D6BC56DDC1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{9E90772A-A8D3-46A0-842C-5457A7E4F02B}" = protocol=17 | dir=in | app=d:\far cry 2\bin\fc2launcher.exe | 
"{A15F39BF-B2F9-469F-81BC-28F11340DF47}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A22FD5E1-22AF-4E11-8E2B-99CE7D3C20AA}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A751DE87-9B5D-4952-9BA0-75EB5D5CE169}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{AAB49F13-0C72-458F-8446-7698A1ADF6E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{B1CFE572-456D-4C5E-9FD5-BE29BCE206E4}" = protocol=17 | dir=in | app=i:\rise of legends\legends.exe | 
"{B53652BE-9199-436F-84B4-BB5D299FFC27}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B621F2CD-13F0-4973-A4D9-25792953FD69}" = dir=in | app=d:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat | 
"{B8DC2F54-1FF1-4813-9F97-62638F82D503}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BF4A6A82-6871-4DB8-AB98-AF784A356E0D}" = protocol=17 | dir=in | app=d:\gamez\footballmanager2011\fm.exe | 
"{C10EF3D2-868E-4CE9-9CF4-C55436CB14F9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C5D56D49-72D2-4718-B32C-FD077BBBD5DA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C5DEC575-1909-4BC2-BBEB-2517748AD520}" = protocol=6 | dir=in | app=d:\gamez\sacred 2\system\s2gs.exe | 
"{C78942E5-5425-40F0-A6DC-3E04A8E6B226}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB2AB5F6-C4C8-432F-B2F4-F1F34A579D85}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CDA28068-1EB6-49E1-909C-7DBEABE2AB51}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{CF486823-A38D-412A-A199-87857A5E3AB0}" = protocol=17 | dir=in | app=d:\gamez\sacred 2\system\sacred2.exe | 
"{D2433CC3-03E6-4541-952C-36CF01F9D7B5}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{DC69BDAB-B2C7-4B45-96AD-7DE3C8B93363}" = protocol=6 | dir=in | app=d:\far cry 2\bin\fc2launcher.exe | 
"{E1B8564E-9157-4BCD-8724-F9E4A6148358}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{E559C483-3BF9-441E-AD86-3DDD3DC817F2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E670412B-F955-49D6-A6EB-C4194207C307}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E9F5C3BA-5D6E-4FCB-A556-80BC7818808B}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{EE85C820-387F-4535-9EFE-9A400C4E255A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F410C6A5-7C5A-47C1-AA49-E516D6803A7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{0ED0B015-CA6D-42F1-B503-CD97D2EA225E}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"TCP Query User{342A2284-CD6E-4563-9666-29CCA8862DDC}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{37D9626B-D897-43B1-8B8C-1E5DEA19B123}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | 
"TCP Query User{49A7B88D-5315-4E98-9C0C-CD2BFAFAFAC1}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | 
"TCP Query User{53CDC54D-FF8A-4D40-9D7E-AE71075185BD}F:\aoe\age2_x1\age2_x1.icd" = protocol=6 | dir=in | app=f:\aoe\age2_x1\age2_x1.icd | 
"TCP Query User{6274DC4C-722B-4AD4-B210-7E587C4733E8}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"TCP Query User{6ECC2E94-3CDE-4342-8185-16BDC33AE69E}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{6EEEE802-19B7-46DA-9B66-4ED2823867D8}F:\rise of legends\legends.exe" = protocol=6 | dir=in | app=f:\rise of legends\legends.exe | 
"TCP Query User{7B2825E2-6654-41D5-B306-22C6CF81746E}C:\program files (x86)\trillian\trillian.exe" = protocol=6 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"TCP Query User{806DD8CD-6DE2-4D75-8A09-1AB0F5EAF9C5}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | 
"TCP Query User{821D9DE3-F790-4070-B1A9-C38571D4DE8B}I:\cnc4\data\cnc4.game" = protocol=6 | dir=in | app=i:\cnc4\data\cnc4.game | 
"TCP Query User{86CFBF6B-CF43-4AF4-B5B7-9801946D0A6C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{895C9D58-8FF3-4DC1-997D-56FA8B8D3D47}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{BBC91AD9-DFA0-4AFF-8A07-AEC80832049F}C:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe | 
"TCP Query User{C24D9E50-7373-4B32-B31E-051918B9C789}C:\program files (x86)\opera\opera.exe" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"TCP Query User{C412018D-AB8D-47D7-B01E-687B52429765}D:\gamez\rise of legends\legends.exe" = protocol=6 | dir=in | app=d:\gamez\rise of legends\legends.exe | 
"TCP Query User{C41C626E-2063-43AE-949E-CF11A40607B0}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{DB1D918F-8DE9-450B-AD2B-3FE83EE5A65B}F:\company of heroes an charly4\reliccoh.exe" = protocol=6 | dir=in | app=f:\company of heroes an charly4\reliccoh.exe | 
"TCP Query User{DC1C0A9B-930F-4ED3-9E12-43C08D766577}D:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=6 | dir=in | app=d:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat | 
"TCP Query User{E5A48377-6DCF-42CB-9AD0-F381FBDD9E3C}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | 
"TCP Query User{FAE72955-2060-468B-BCC0-AD5A76759043}C:\users\sebastian\appdata\roaming\ruyb\yzqa.exe" = protocol=6 | dir=in | app=c:\users\sebastian\appdata\roaming\ruyb\yzqa.exe | 
"UDP Query User{16D5ECD5-F267-42AB-A6DB-9DBE5BDDD35C}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{21C060CB-CDD7-4470-AA06-9622519C29E7}C:\users\sebastian\appdata\roaming\ruyb\yzqa.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\roaming\ruyb\yzqa.exe | 
"UDP Query User{271CCF65-4FCB-4A01-9F3C-7FFE28AF660D}C:\program files (x86)\trillian\trillian.exe" = protocol=17 | dir=in | app=c:\program files (x86)\trillian\trillian.exe | 
"UDP Query User{33CA5BA7-6A61-43B0-BF56-A71F51426FB9}F:\rise of legends\legends.exe" = protocol=17 | dir=in | app=f:\rise of legends\legends.exe | 
"UDP Query User{3FBD9BD1-1CD3-4877-A02C-C912EA587980}C:\program files (x86)\opera\opera.exe" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"UDP Query User{3FD18799-81E9-4ABB-869B-B8769A566B27}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | 
"UDP Query User{42E52042-0E97-40E7-8438-F6ADCE69B737}D:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=d:\gamez\cnc kanes rache\retailexe\1.2\cnc3ep1.dat | 
"UDP Query User{51F590FC-0C85-4AB9-A0A5-872EBA85CAB4}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{62E57CED-5524-439E-A6DC-5B90593D49A2}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | 
"UDP Query User{8956AE3B-6EEE-40DB-8F4C-E47A9CCF4C8A}C:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\command & conquer 3 kanes rache\retailexe\1.2\cnc3ep1.dat | 
"UDP Query User{899EC774-7DA5-4055-9884-A4A9E9099846}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"UDP Query User{8F0A4BC2-294C-4BB6-BEC3-A15F2937B2A3}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{ABC7897F-BC13-447A-B427-8CDBD7C1F9A8}C:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\b2bpoker\kickoffpoker\jre\bin\javaw.exe | 
"UDP Query User{B3238CDE-AD99-4319-9061-43091A103C65}F:\aoe\age2_x1\age2_x1.icd" = protocol=17 | dir=in | app=f:\aoe\age2_x1\age2_x1.icd | 
"UDP Query User{B3259157-B391-4F0E-9E25-DF7E7E54BE74}D:\gamez\rise of legends\legends.exe" = protocol=17 | dir=in | app=d:\gamez\rise of legends\legends.exe | 
"UDP Query User{B4FAF1FF-8E5D-43E7-9EC4-FE895752439B}C:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\sebastian\appdata\local\temp\electronicarts_patcher_000.exe | 
"UDP Query User{C289FF7E-E3DF-478D-B161-A4D10E3E59C7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{D0ACE35B-98F4-4BFB-9F26-927D40E71BC7}I:\cnc4\data\cnc4.game" = protocol=17 | dir=in | app=i:\cnc4\data\cnc4.game | 
"UDP Query User{E8028FF4-4B87-478D-BC67-DFA4E6489D4E}C:\program files (x86)\dc++\dcplusplus.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dc++\dcplusplus.exe | 
"UDP Query User{F253A21E-9CBA-4FC5-8A57-F568C5610DA4}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{F2EE0A2C-20E2-4625-81AE-970E4468FE11}F:\company of heroes an charly4\reliccoh.exe" = protocol=17 | dir=in | app=f:\company of heroes an charly4\reliccoh.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CCD84C-3F80-C618-6202-568608213C7E}" = ccc-utility64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDB61EAE-7C1D-7EB6-E1EE-14528E3EB266}" = ATI Catalyst Install Manager
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"HoldemManager" = Holdem Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011162D5-6853-9D60-2BD4-1F3D01966A59}" = CCC Help English
"{05CF7905-AD18-769E-7717-1DC8AF388BEA}" = CCC Help Hungarian
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{1382CAD9-2A6A-F826-96DF-27CC6CC7B3B0}" = CCC Help Czech
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F4C4124-6D6C-4282-63B8-F9468E4404BC}" = Catalyst Control Center InstallProxy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 25
"{28452235-8D43-464B-EDB2-18DA5542722D}" = CCC Help Portuguese
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{3BD37E91-C31A-CB8A-C48C-21CE58723AEF}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{47A1A0D5-37DE-7A02-F411-8DFBA338CCC2}" = CCC Help Swedish
"{47B4F3BD-1FCB-914B-397A-7220136A175F}" = CCC Help Japanese
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D38B420-FDA9-282A-DBBA-3E8E9158A5F4}" = Catalyst Control Center Localization All
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{53FA9A9F-3C19-4D43-AD6B-DEF365D469BA}" = Camtasia Studio 7
"{597535B3-348A-8FBF-1C39-C21E634C1E8A}" = CCC Help Norwegian
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{69A7B958-4617-9924-F32B-7C1FF3C7EE6C}" = Catalyst Control Center Graphics Previews Common
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{6D0C6BE4-F674-43D2-96BC-3509345108C9}_is1" = PokerStove version 1.23
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73AA1842-2960-328C-E51E-CEC0B23950C2}" = Catalyst Control Center Graphics Previews Vista
"{75CE15F1-3508-D4AA-6EB4-AB9D55FAD076}" = CCC Help Russian
"{76246D4D-C095-5B94-9EFA-0F6DFF804BB1}" = CCC Help Greek
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CC4640-98F0-603A-2CDB-A981F09FED6D}" = CCC Help French
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7D1C43EB-EAE9-5D8C-FEF4-E00AF6B9500F}" = CCC Help Finnish
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81BEA2F5-4F9B-4AF5-A9B2-3210F71931D3}" = Catalyst Control Center - Branding
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{842BEE12-CCCB-43F4-ABAF-CBA6DFE2583D}" = Nero BurnLite 10
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{886EA01E-D4B4-D2E1-CEA2-213E9C06DFF5}" = CCC Help Spanish
"{88799CBD-90A6-67FB-310E-79CAB1479F0F}" = CCC Help Chinese Traditional
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95FC26FB-19FD-4A96-BBB1-B1062E8648F5}" = AGEIA PhysX v7.11.13
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8847D7-DF68-2325-250A-96BE101FCF69}" = CCC Help Italian
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA8F54E5-393C-B09B-B641-7CE1D1E1933F}" = CCC Help Dutch
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AB627AF2-9C7E-4DBD-816B-3B2646B81E89}" = Nero BurnLite 10
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B0C30E93-D3D9-4F04-A2AC-54749B573275}" = Command & Conquer 3
"{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8174E5B-B515-3423-1273-4B4B6B483C4B}" = CCC Help Chinese Standard
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1234B72-5EAF-807C-46E8-59A1C9FEF6CA}" = CCC Help Turkish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D4C9692E-4EFA-4DA0-8B7F-9439466D9E31}" = Full Tilt Poker
"{D5CCDB0C-00B7-3A4F-3877-6C57920F05D8}" = CCC Help Korean
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DA8D3A2D-5FD5-82D1-C9A8-801079EE0FD0}" = CCC Help Thai
"{DAB623DC-33F2-E22E-7B24-2270E8AB1EB3}" = ccc-core-static
"{DDA92568-FE0E-E2F4-35A5-7CD99ADACF26}" = CCC Help Danish
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EC6A04DE-135E-AC5C-AA19-8E350AA5B6D4}" = CCC Help German
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"ASUS WebStorage" = ASUS WebStorage
"Avira AntiVir Desktop" = Avira Free Antivirus
"Bookworm Deluxe" = Bookworm Deluxe
"Cooking Dash" = Cooking Dash
"DC++" = DC++ 0.781
"DivX Setup" = DivX-Setup
"Football Manager 2011" = Football Manager 2011
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.7.804
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"Google Chrome" = Google Chrome
"Governor of Poker" = Governor of Poker
"HoldemManager" = Holdem Manager
"Hotel Dash Suite Success" = Hotel Dash Suite Success
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"Jewel Quest 3" = Jewel Quest 3
"Juniper Network Connect 7.0.0" = Juniper Networks Network Connect 7.0.0
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Luxor 3" = Luxor 3
"Mahjongg dimensions" = Mahjongg dimensions
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 9.0.1 (x86 de)" = Mozilla Firefox 9.0.1 (x86 de)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.00.1467" = Opera 12.00
"Plants vs Zombies" = Plants vs Zombies
"Poker Heaven" = Poker Heaven
"PokerStars" = PokerStars
"PostgreSQL 8.4" = PostgreSQL 8.4
"PunkBusterSvc" = PunkBuster Services
"TeamViewer 6" = TeamViewer 6
"TeamViewer 7" = TeamViewer 7
"Trillian" = Trillian
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.9
"vShare" = vShare Plugin
"Winamp" = Winamp
"WinDjView" = WinDjView 1.0.3
"WinLiveSuite_Wave3" = Windows Live Essentials
"wmlite2_is1" = Windows Media Lite 2.3.0
"World of Goo" = World of Goo
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-837568758-3957210429-1287448362-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Juniper_Setup_Client" = Juniper Networks Setup Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 07.08.2012 06:03:59 | Computer Name = sebastian-PC | Source = Microsoft-Windows-User Profiles Service | ID = 1542
Description = Die Klassenregistrierungsdatei kann nicht geladen werden.   DETAIL -
 Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess
 verwendet wird.  
 
Error - 07.08.2012 06:04:08 | Computer Name = sebastian-PC | Source = ESENT | ID = 215
Description = WinMail (6496) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 07.08.2012 06:04:12 | Computer Name = sebastian-PC | Source = ESENT | ID = 215
Description = WinMail (4712) WindowsMail0: Die Sicherung wurde abgebrochen, weil
 sie vom Client angehalten wurde, oder weil die Verbindung mit dem Client unterbrochen
 wurde.
 
Error - 07.08.2012 06:09:32 | Computer Name = sebastian-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 07.08.2012 06:09:39 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-07 12:09:38 CESTFATAL:  the database system is starting up

 
Error - 07.08.2012 06:09:40 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-07 12:09:40 CESTFATAL:  the database system is starting up

 
Error - 07.08.2012 06:20:52 | Computer Name = sebastian-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 07.08.2012 06:20:53 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-07 12:20:53 CESTFATAL:  the database system is starting up

 
Error - 07.08.2012 06:39:23 | Computer Name = sebastian-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
 auf!  Fehlercode: 0x35
 
Error - 07.08.2012 08:07:30 | Computer Name = sebastian-PC | Source = PostgreSQL | ID = 0
Description = 2012-08-07 14:07:30 CESTFATAL:  the database system is starting up

 
[ System Events ]
Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Peernetzwerkidentitäts-Manager erreicht.
 
Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Peernetzwerkidentitäts-Manager" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Peer Name Resolution-Protokoll" ist vom Dienst "Peernetzwerkidentitäts-Manager"
 abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1053
 
Error - 03.08.2012 06:13:38 | Computer Name = sebastian-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 03.08.2012 16:42:33 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AFBAgent" wurde unerwartet beendet. Dies ist bereits 1 Mal
 passiert.
 
Error - 05.08.2012 05:01:39 | Computer Name = sebastian-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 07.08.2012 06:09:32 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 07.08.2012 06:20:52 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
Error - 07.08.2012 06:39:23 | Computer Name = sebastian-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Avira Echtzeit Scanner" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%306.
 
 
< End of report >
         
--- --- ---

Alt 13.08.2012, 18:04   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? - Standard

Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?



Bitte erstmal routinemäßig einen neuen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen!

Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten!




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset





Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Antwort

Themen zu Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?
administrator, anti-malware, appdata, autostart, bildschirm, bingbar, browser, computer, dateien, explorer, forum, gelöscht, gesperrt, helper, infizierte, install.exe, malware, malwarebytes, microsoft, microsoft office starter 2010, nicht sicher, plug-in, problem, seite, seiten, software, surfen, systemwiederherstellung, temp, trojan.agent, wrapper, zahlung




Ähnliche Themen: Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?


  1. ZeroAccess auf Computer scheinbar bereinigt, trotzdem kommen weiter Virus-Meldungen
    Plagegeister aller Art und deren Bekämpfung - 13.11.2013 (12)
  2. Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 09.08.2013 (18)
  3. computer gesperrt von GVU
    Plagegeister aller Art und deren Bekämpfung - 22.06.2013 (2)
  4. Rechner gesperrt - "Polizei - Ihr Computer wurde gesperrt"
    Log-Analyse und Auswertung - 12.02.2013 (5)
  5. Ihr Computer ist gesperrt GVU
    Plagegeister aller Art und deren Bekämpfung - 20.01.2013 (17)
  6. Ihr Computer ist gesperrt!
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (1)
  7. Bundestrojaner Variante: "Ihr Computer wurde gesperrt"; " Ihr Computer wurde durch das Speichern der autom. Informationskontrolle gesperrt"
    Log-Analyse und Auswertung - 25.11.2012 (10)
  8. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Plagegeister aller Art und deren Bekämpfung - 19.08.2012 (6)
  9. Computer gesperrt mit der Nachricht: Der Computer ist für die Verletzung der BRD wurde bockiert!
    Antiviren-, Firewall- und andere Schutzprogramme - 29.07.2012 (1)
  10. Der Anzeigetreiber wurde wiederhergestellt ?
    Netzwerk und Hardware - 25.04.2012 (12)
  11. Windows aus Sicherheitsgründen gesperrt - Zahlung von 50 Euro. Weiter Probleme nach Neuaufsetzen
    Log-Analyse und Auswertung - 13.01.2012 (1)
  12. TANs gesperrt, vermutlich Trojaner. Wie geht es weiter?
    Plagegeister aller Art und deren Bekämpfung - 12.07.2011 (20)
  13. Nach kompletter Neuinstallation wg. Phishing sendet Computer weiter Daten
    Log-Analyse und Auswertung - 16.01.2010 (2)
  14. Problem mit Malware oder iwas in der Art.
    Plagegeister aller Art und deren Bekämpfung - 11.12.2009 (1)
  15. Iwas ist nicht so wie es sein sollte .. ;)
    Log-Analyse und Auswertung - 04.03.2009 (14)
  16. Iwas stimmt da nicht!Aber was?:-)
    Mülltonne - 28.11.2007 (0)
  17. Koenntet ihr Ueberpruefen ob ich iwas falsches auf dem PC draufhabe?
    Log-Analyse und Auswertung - 15.11.2007 (2)

Zum Thema Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? - Guten Tag, Ich war am Surfen, dann kam auf einmal ein weiser bildschirm mit text, dass mein Computer gesperrt sei. Auf der rechten Seiten war ne Zahlung eingerichtet, bei der - Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter?...
Archiv
Du betrachtest: Computer gesperrt... iwas mit 100€. pc wiederhergestellt und weiter? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.