Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


Log-Analyse und Auswertung: GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.12.2012, 19:33   #1
bene-s
 
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Standard

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


Ich habe mir den GVU-Trojaner eingefangen
Habe bin nach folgender Anleitung vorgegangen:
http://www.trojaner-board.de/51187-a...i-malware.html

Das ist der Report:
Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Benedikt :: LAPTOP-BEN [Administrator]

25.12.2012 19:19:10
mbam-log-2012-12-25 (19-19-10).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem |

Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 391625
Laufzeit: 4 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 11
HKCR\CLSID\{597A9974-8CB0-4f41-B61F-ED065738A397} (PUP.RewardsArcade) -> Erfolgreich gelöscht

und in Quarantäne gestellt.
HKCR\CLSID\{25514C64-8321-494e-BD3E-3DBAB3F8CEBA} (PUP.RewardsArcade) -> Erfolgreich gelöscht

und in Quarantäne gestellt.
HKCR\TypeLib\{60BE6B2E-F2F5-4404-AA1E-4381D4A6EEA2} (PUP.RewardsArcade) -> Erfolgreich gelöscht

und in Quarantäne gestellt.
HKCR\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB} (PUP.RewardsArcade) -> Erfolgreich

gelöscht und in Quarantäne gestellt.
HKCR\RewardsArcade.FBApi.1 (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne

gestellt.
HKCR\RewardsArcade.FBApi (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne

gestellt.
HKCR\RewardsArcade.BHO.1 (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne

gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{597A9974-8CB0-

4F41-B61F-ED065738A397} (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{597A9974-8CB0-4F41-B61F-

ED065738A397} (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{597A9974-8CB0-4F41-B61F-ED065738A397}

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RewardsArcade (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 15
C:\Program Files (x86)\RewardsArcade (PUP.RewardsArcade) -> Erfolgreich gelöscht und in

Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade (PUP.RewardsArcade) -> Erfolgreich gelöscht und

in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498 (PUP.RewardsArcade) -> Erfolgreich gelöscht

und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Chrome (PUP.RewardsArcade) -> Erfolgreich

gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox (PUP.RewardsArcade) -> Erfolgreich

gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\defaults (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\locale (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\locale\en-US (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 60
C:\Program Files (x86)\RewardsArcade\RewardsArcade.dll (PUP.RewardsArcade) -> Erfolgreich

gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\wgsdgsdgdsgsd.dll (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne

gestellt.
C:\Users\Benedikt\Downloads\SoftonicDownloader_fuer_windows-media-player-plugin.exe

(PUP.OfferBundler.ST) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\fb.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in

Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\appAPIinternalWrapper.js (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\jquery.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und

in Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\json.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in

Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\RewardsArcade.exe (PUP.RewardsArcade) -> Erfolgreich

gelöscht und in Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\Uninstall.exe (PUP.RewardsArcade) -> Erfolgreich gelöscht

und in Quarantäne gestellt.
C:\Program Files (x86)\RewardsArcade\UserConfirmation.exe (PUP.RewardsArcade) -> Erfolgreich

gelöscht und in Quarantäne gestellt.
C:\ProgramData\dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) -> Erfolgreich gelöscht und in Quarantäne

gestellt.
C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk

(Trojan.Ransom.SUGen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\uninstall.ico (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Chrome\rewardsarcade.crx (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome.manifest (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\install.rdf (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\background.html

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\browser.xul

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossrider.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\crossriderapi.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\dialog.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps-style.css

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\manage-apps.html

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\messaging.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\options.xul

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\push.html

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\search_dialog.xul

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\socialapi.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\update.html

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\utilityapi.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\workers_chain.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\faye-browser-

min.js (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\jquery-1.4.2.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox

\facebox.css (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\facebox.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\b.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\bl.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\br.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\closelabel.gif (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\loading.gif (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\tl.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\chrome\content\lib\facebox\Images

\tr.png (PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\defaults\preferences\prefs.js

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\locale\en-US\translations.dtd

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\button1.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\button2.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\button3.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\button4.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\button5.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\crossrider_statusbar.png

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\icon16.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\icon24.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\icon48.png (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\panelarrow-up.png

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\popup.css (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\popup.html (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\popup_binding.xml

(PUP.RewardsArcade) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\skin.css (PUP.RewardsArcade) ->

Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox\skin\update.css (PUP.RewardsArcade)

-> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

ich habe es nochmal durchlaufen lassen und das kam dabei raus:

Malwarebytes Anti-Malware 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.12.25.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Benedikt :: LAPTOP-BEN [Administrator]

25.12.2012 19:42:32
mbam-log-2012-12-25 (19-42-32).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 569140
Laufzeit: 3 Stunde(n), 18 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Users\Benedikt\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30\1ede2ede-110e2a3a (Trojan.FakeMS) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Alt 26.12.2012, 13:24   #2
t'john
/// Helfer-Team
 
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Standard

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen




Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).



danach:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 26.12.2012, 17:22   #3
bene-s
 
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Standard

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


# AdwCleaner v2.103 - Datei am 26/12/2012 um 17:14:35 erstellt
# Aktualisiert am 25/12/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Benedikt - LAPTOP-BEN
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Benedikt\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files (x86)\yourfiledownloader
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\Benedikt\AppData\Roaming\yourfiledownloader

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\RewardsArcade
Schlüssel Gelöscht : HKCU\Software\Cr_Installer
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\PIP
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6427058B-217C-4C7F-A6CE-C7934C0BDCEB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Run []

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v17.0.1 (de)

Datei : C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\rv7lhdso.default\prefs.js

C:\Users\Benedikt\AppData\Roaming\Mozilla\Firefox\Profiles\rv7lhdso.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.search.defaultenginename", "MyStart Search");
Gelöscht : user_pref("extensions.incredibar_i.aflt", "orgnl");
Gelöscht : user_pref("extensions.incredibar_i.dfltLng", "");
Gelöscht : user_pref("extensions.incredibar_i.did", "10556");
Gelöscht : user_pref("extensions.incredibar_i.excTlbr", "false");
Gelöscht : user_pref("extensions.incredibar_i.hardId", "02e39d3200000000000090e6ba67d94c");
Gelöscht : user_pref("extensions.incredibar_i.id", "02e39d3200000000000090e6ba67d94c");
Gelöscht : user_pref("extensions.incredibar_i.installerproductid", "26");
Gelöscht : user_pref("extensions.incredibar_i.instlDay", "15335");
Gelöscht : user_pref("extensions.incredibar_i.instlRef", "");
Gelöscht : user_pref("extensions.incredibar_i.ms_url_id", "");
Gelöscht : user_pref("extensions.incredibar_i.newTab", false);
Gelöscht : user_pref("extensions.incredibar_i.ppd", "1000");
Gelöscht : user_pref("extensions.incredibar_i.prdct", "incredibar");
Gelöscht : user_pref("extensions.incredibar_i.productid", "26");
Gelöscht : user_pref("extensions.incredibar_i.prtnrId", "Incredibar");
Gelöscht : user_pref("extensions.incredibar_i.smplGrp", "none");
Gelöscht : user_pref("extensions.incredibar_i.tlbrId", "base");
Gelöscht : user_pref("extensions.incredibar_i.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6R8f24i44W&loc=IB[...]
Gelöscht : user_pref("extensions.incredibar_i.upn2", "6R8f24i44W");
Gelöscht : user_pref("extensions.incredibar_i.upn2n", "92823571689640818");
Gelöscht : user_pref("extensions.incredibar_i.vrsn", "1.5.3.27");
Gelöscht : user_pref("extensions.incredibar_i.vrsnTs", "1.5.3.2716:04:07");
Gelöscht : user_pref("extensions.incredibar_i.vrsni", "1.5.3.27");

*************************

AdwCleaner[S1].txt - [4418 octets] - [26/12/2012 17:14:35]

########## EOF - C:\AdwCleaner[S1].txt - [4478 octets] ##########

otl.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 12/26/2012 5:27:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benedikt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.83% Memory free
8.00 Gb Paging File | 5.78 Gb Available in Paging File | 72.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 18.81 Gb Free Space | 12.62% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 75.62 Gb Free Space | 56.27% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-BEN | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Benedikt\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\Benedikt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Users\Benedikt\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Users\Benedikt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
PRC - C:\Users\Benedikt\AppData\Local\RockMelt\Update\1.2.189.1\RockMeltCrashHandler.exe (Google Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
PRC - C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe (Synology Inc.)
PRC - C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
PRC - C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe (Iomega Corporation)
PRC - C:\Windows\AsScrPro.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe ()
PRC - C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\Atouch64.exe ()
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05dbad5299910497c7b4951aa213f13a\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\f961fb1ec279c14554f5580a457ef542\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\fa143a722656801e18a200ec93f62015\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\5a9b62aa4b4080c52d6fe5f41431b5f7\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a865d59ff4afed0781473f36b4380e49\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\adaaf894878905f022f824b84fcd59a8\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\59d00fa60a9e559f8717404a5032e6ba\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\aebb94e0eea9c39ec18a7915a711f621\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\7c8bffb6e42a248341d7821a8464ef0b\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\a74fade4c3e490c62af3d60742fb078a\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\dfe6e22159d3f5bf61b5bfe1da6f2758\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c63fe1e324904c893d2a5d02f0783658\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\14d2241be401f66cc1898dc5dc383b80\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\e10bbd79027aa4c1ca8950b78fd640d4\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\379599837ade465016dd5d96798b2766\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\dbc34d53e1fbedabecd201fe4f264961\mscorlib.ni.dll ()
MOD - C:\Users\Benedikt\AppData\Local\Facebook\Messenger\2.1.4651.0\libcef.dll ()
MOD - C:\Users\Benedikt\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.WinForms.dll ()
MOD - C:\Users\Benedikt\AppData\Local\Facebook\Messenger\2.1.4651.0\CefSharp.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Users\Benedikt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Program Files (x86)\maxdome\DCBin\sqlite3.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\PocoFoundation.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\PocoNet.dll ()
MOD - C:\Program Files (x86)\maxdome\DCBin\DCTrayApp.exe ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\Common Files\AVerMedia\AVerQuick\AVerHIDReceiver.exe ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (ATKGFNEXSrv) -- C:\Program Files\ATKGFNEX\GFNEXSrv.exe ()
SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (CyberLink PowerDVD 11.0 Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSServerForPDVD11.exe (CyberLink)
SRV - (CyberLink PowerDVD 11.0 Monitor Service) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\MediaServer\CLMSMonitorService.exe (CyberLink)
SRV - (CLHNServiceForPowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\CLHNServiceForPowerDVD.exe ()
SRV - (UsbClientService) -- C:\Program Files (x86)\Synology\Assistant\UsbClientService.exe ()
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (SynoDrService) -- C:\Program Files (x86)\Synology Data Replicator  3\SynoDrServicex64.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Prosieben) -- C:\Program Files (x86)\maxdome\DCBin\DCService.exe (Entriq, Inc.)
SRV - (AVerRemote) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerRemote.exe (AVerMedia)
SRV - (AVerScheduleService) -- C:\Program Files (x86)\Common Files\AVerMedia\Service\AVerScheduleService.exe ()
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (pcouffin) -- C:\Windows\SysNative\drivers\pcouffin.sys (VSO Software)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (busenum) -- C:\Windows\SysNative\drivers\busenum.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (AmUStor) -- C:\Windows\SysNative\drivers\AmUStor.sys (Alcor Micro, Corp.)
DRV:64bit: - (AVerAF15DMBTH64) -- C:\Windows\SysNative\drivers\AVerAF15DMBTH64.sys (AVerMedia TECHNOLOGIES, Inc.)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV:64bit: - (ASMMAP64) -- C:\Program Files\ATKGFNEX\ASMMAP64.sys ()
DRV - ({329F96B6-DF1E-4328-BFDA-39EA953C1312}) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Common\NavFilter\000.fcl (CyberLink Corp.)
DRV - (ntk_PowerDVD) -- C:\Program Files (x86)\CyberLink\PowerDVD11\Kernel\DMP\ntk_PowerDVD_64.sys (Cyberlink Corp.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Upgrade to Google Chrome
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = Google
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Yahoo! Deutschland
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = Upgrade to Google Chrome
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Upgrade to Google Chrome
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\..\SearchScopes\{CFF0EFDF-C7BB-4C8A-B32E-745AB5DBC6AF}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-1587142674-203668243-1397722338-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.yahoo.de"
FF - prefs.js..extensions.enabledAddons: stealthyextension%40gmail.com:2.4
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.12
FF - prefs.js..extensions.enabledAddons: %7BD4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389%7D:0.9.10
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?ie=UTF-8&oe=UTF-8&sourceid=navclient&gfns=1&q="
FF - prefs.js..network.proxy.ftp: "72.64.146.135"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "72.64.146.135"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "72.64.146.135"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "72.64.146.135"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@t-immersion.com/DFusionHomeWebPlugIn: C:\Program Files (x86)\Total Immersion\DFusionHomeWebPlugIn\NPDFusionWebFirefox.dll (Total Immersion)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Benedikt\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@us-w1.rockmelt.com/RockMelt Update;version=8: C:\Users\Benedikt\AppData\Local\RockMelt\Update\1.2.189.1\npRockMeltOneClick8.dll (RockMelt Inc.)
FF - HKCU\Software\MozillaPlugins\facebook.com/fbDesktopPlugin: C:\Users\Benedikt\AppData\Local\Facebook\Messenger\2.1.4651.0\npFbDesktopPlugin.dll (Facebook, Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 20:39:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\crossriderapp498@crossrider.com: C:\Users\Benedikt\AppData\Local\RewardsArcade\498\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 11:58:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 11:58:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011/07/25 20:39:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/12/05 11:58:53 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/05 11:58:48 | 000,000,000 | ---D | M]
 
[2011/07/23 23:14:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Extensions
[2012/11/26 16:26:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\rv7lhdso.default\extensions
[2012/11/26 16:26:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benedikt\AppData\Roaming\mozilla\Firefox\Profiles\rv7lhdso.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/10/22 17:48:04 | 000,183,174 | ---- | M] () (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\firefox\profiles\rv7lhdso.default\extensions\stealthyextension@gmail.com.xpi
[2011/10/30 17:07:52 | 000,434,392 | ---- | M] () (No name found) -- C:\Users\Benedikt\AppData\Roaming\mozilla\firefox\profiles\rv7lhdso.default\extensions\{D4DD63FA-01E4-46a7-B6B1-EDAB7D6AD389}.xpi
[2012/12/05 11:58:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/12/05 11:58:47 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012/12/05 11:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/12/05 11:58:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012/12/05 11:58:53 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011/10/09 11:08:58 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/09/13 09:51:44 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011/10/09 11:08:58 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011/10/09 11:08:58 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011/10/09 11:08:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011/10/09 11:08:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Iomega Home Storage Manager] C:\Program Files (x86)\Iomega\Home Storage Manager\Iomega Discovery.exe (Iomega Corporation)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\Cyberlink\MediaShowEspresso\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [PDVD9LanguageShortcut] C:\Program Files (x86)\Cyberlink\PowerDVD9\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl11] C:\Program Files (x86)\CyberLink\PowerDVD11\PDVD11Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePDRShortCut] C:\Program Files (x86)\Cyberlink\PowerDirector\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [Data Replicator 3] C:\Program Files (x86)\Synology Data Replicator  3\Backup.exe (Synology Inc.)
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [Facebook Update] C:\Users\Benedikt\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe (Samsung Electronics)
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [RockMelt Update] C:\Users\Benedikt\AppData\Local\RockMelt\Update\RockMeltUpdate.exe (Google Inc.)
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [Spotify Web Helper] C:\Users\Benedikt\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [Upgrade] C:\Users\Benedikt\AppData\Roaming\TeamViewer\{179D98DA-F7CC-4FD3-BEAA-FED9A592A53D}\Upgrade.exe File not found
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [Windows Remote Service] C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Benedikt\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Facebook Messenger.lnk = C:\Users\Benedikt\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Facebook)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C4A55D93-73E7-4595-9112-1CF9BE239F30}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/12/26 17:23:57 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2012/12/26 11:57:37 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{45E9267D-AFF6-4BED-A4BF-AAE3BBFDDB95}
[2012/12/25 19:17:36 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Malwarebytes
[2012/12/25 19:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/12/25 19:17:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/12/25 19:17:30 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/12/25 19:17:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/12/25 14:40:19 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{7FCABAAB-4857-4583-839B-ED295800BF72}
[2012/12/24 23:06:33 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{51797DF7-D1BC-4B1C-969F-B126DB032DDC}
[2012/12/24 11:06:11 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{DCE88CAF-12FB-449B-96E6-5010D93FB605}
[2012/12/23 15:37:41 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{1F3CCB4E-4E55-4670-A6E9-62F51030AB43}
[2012/12/22 20:48:21 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{0092E016-D37D-42D8-8774-F78B8D78798B}
[2012/12/22 08:48:09 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{B48CC21C-A2EE-4A6E-93E3-BDEB08A782A0}
[2012/12/21 23:38:26 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{A74B450F-8C7F-47FA-930B-7348056D2087}
[2012/12/21 11:40:55 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 11:40:55 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/21 11:40:54 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 11:40:52 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 11:38:00 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{1FAF3202-03B5-4310-8CF7-867C2698D7D6}
[2012/12/20 19:06:36 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{EFB1C892-BA09-407A-A0F8-E1263F76E489}
[2012/12/19 21:50:51 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{8F3AD9C1-050A-47EC-8CD7-51EF0F923E8B}
[2012/12/19 09:50:36 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{8258ABF9-A96D-41B9-B285-8900C96C40C2}
[2012/12/18 19:06:03 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{F42C6FC4-CCB0-4A32-B196-91608A037045}
[2012/12/17 15:50:21 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{B3FCC957-BD9A-4FD5-AC12-F94F8F553A23}
[2012/12/16 21:53:30 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{AF1B6594-B448-4622-9DA5-092AF223E5C9}
[2012/12/14 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{8C46FEB9-82B4-415E-BE48-E7149C04B4B4}
[2012/12/13 18:19:49 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{19F9CD4F-1494-428B-8161-4ABDB98566F5}
[2012/12/12 17:53:50 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2012/12/12 16:20:45 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll
[2012/12/12 16:20:45 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll
[2012/12/12 16:20:29 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe
[2012/12/12 16:20:29 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe
[2012/12/12 16:20:28 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012/12/12 16:20:28 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012/12/12 16:20:28 | 000,001,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012/12/12 16:20:21 | 000,108,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012/12/12 16:20:21 | 000,105,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012/12/12 16:20:21 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012/12/12 16:20:21 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012/12/12 16:20:21 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012/12/12 16:20:21 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012/12/12 16:20:21 | 000,046,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012/12/12 16:20:21 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012/12/12 16:20:21 | 000,020,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012/12/12 16:20:21 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012/12/12 16:20:21 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012/12/12 16:20:14 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012/12/12 16:20:08 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll
[2012/12/12 16:20:08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012/12/12 16:20:08 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012/12/12 16:20:08 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll
[2012/12/12 16:20:08 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/12 16:20:08 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/12 16:20:08 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll
[2012/12/12 16:20:08 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll
[2012/12/12 16:20:08 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012/12/12 16:20:08 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012/12/12 16:20:06 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll
[2012/12/12 16:20:06 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012/12/12 16:20:06 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll
[2012/12/12 16:20:06 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012/12/12 16:20:06 | 000,035,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012/12/12 16:20:06 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012/12/12 16:20:06 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012/12/12 16:20:06 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012/12/12 16:20:05 | 000,058,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012/12/12 16:20:01 | 000,247,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012/12/12 16:20:01 | 000,242,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012/12/12 16:20:01 | 000,223,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll
[2012/12/12 16:20:01 | 000,214,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll
[2012/12/12 16:20:01 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012/12/12 16:20:01 | 000,172,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll
[2012/12/12 16:20:01 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll
[2012/12/12 16:20:01 | 000,154,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll
[2012/12/12 16:20:01 | 000,124,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll
[2012/12/12 16:20:01 | 000,066,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012/12/12 16:20:01 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/12 16:20:00 | 000,309,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012/12/12 16:20:00 | 000,227,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012/12/12 16:20:00 | 000,192,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012/12/12 16:19:59 | 000,630,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll
[2012/12/12 16:19:59 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll
[2012/12/12 16:19:59 | 000,494,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll
[2012/12/12 16:19:59 | 000,382,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll
[2012/12/12 16:19:59 | 000,157,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012/12/12 16:19:59 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012/12/12 16:14:35 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 16:14:35 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/12 16:14:34 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 16:14:34 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 16:14:34 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 16:14:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 16:14:34 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 16:14:34 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 16:14:33 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 16:14:33 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 16:14:33 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 16:14:33 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 16:14:31 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 16:14:31 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 16:14:30 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 16:11:19 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 16:11:18 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 16:11:18 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 16:11:18 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 16:11:16 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 16:11:16 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 16:11:16 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 16:11:16 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 16:11:16 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 16:11:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 16:11:16 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 16:11:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:11:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:11:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:11:16 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 16:11:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:11:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:11:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:11:15 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:11:15 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:11:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:11:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:11:15 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:11:15 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:11:15 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 16:10:12 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 16:10:12 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 12:36:56 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{251102C1-AF35-41DA-9DA3-B2C691EB5A15}
[2012/12/11 19:57:47 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{56CB12A8-D5AA-4A4F-A52A-9F6E73A0955E}
[2012/12/10 15:42:21 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{8DC60FB5-1F1C-4E31-A261-19189CC7AFEB}
[2012/12/10 00:07:44 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{31D4D5E9-F941-4448-A098-BA4AFBA96068}
[2012/12/09 12:07:31 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{63EB664A-0C73-4061-9336-3B788B84DF08}
[2012/12/09 11:19:59 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{2C00CE39-F111-48A8-9DB5-E1A9C799F300}
[2012/12/09 02:25:08 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{FAF8BE44-4AE0-4C78-B37B-BC6972A11638}
[2012/12/08 15:30:56 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\Documents\CyberLink
[2012/12/08 14:24:50 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{88DA2F38-4C8D-40AC-91B5-B4FBC0D86F4B}
[2012/12/08 00:09:02 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{10FDC401-5100-49FD-92B8-18F2B24E41B2}
[2012/12/07 12:08:47 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{FA34FAEA-02B0-4C46-A3E2-3B2D7EB88747}
[2012/12/06 21:59:52 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{F0DE0B4E-FEEE-4FA6-AF24-400DA3B49596}
[2012/12/06 09:59:27 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{CBC98C19-5918-4F0C-B767-8446E0A6BC48}
[2012/12/05 21:59:11 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{E006E68E-9288-4E74-A5F8-9DC6FA72828A}
[2012/12/05 11:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012/12/05 09:58:53 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{7C42344B-F3DA-4754-B883-943DA7F6595A}
[2012/12/04 19:42:15 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{BC9B2AB4-6A4B-4C26-BF2F-6404171B8710}
[2012/12/04 07:42:01 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{3A35CEDD-1E3E-486C-93D5-95984DEBF296}
[2012/12/03 20:02:45 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/03 20:02:44 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/03 20:02:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/03 20:02:34 | 000,019,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/03 20:02:33 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/03 20:02:29 | 000,322,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/03 20:02:29 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/03 20:02:29 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/03 20:02:29 | 000,228,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/03 20:02:29 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/03 20:02:29 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/03 20:02:29 | 000,054,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/03 20:02:29 | 000,046,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/03 20:02:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/03 20:02:29 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/03 20:02:29 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/03 20:02:29 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/03 20:02:29 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/03 20:02:28 | 001,048,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/03 20:02:28 | 000,384,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/03 20:02:27 | 001,123,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/03 20:02:26 | 003,174,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/03 20:02:25 | 004,916,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/03 20:02:24 | 005,773,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/03 19:59:58 | 001,448,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/03 19:59:58 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012/12/03 17:35:57 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{540A1F21-483C-4114-9D85-211E0D5A2FE5}
[2012/12/03 00:33:18 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{72F80C47-4952-4D09-B8BB-DE3E972008C2}
[2012/12/02 12:33:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{1E928ED2-956C-4705-8F64-E1C34E63790C}
[2012/12/02 00:32:54 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{E6BD63F9-B693-4BC7-822B-A38222ADC5E0}
[2012/12/01 12:32:42 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{91E32A18-5114-4403-817C-6A375FEE9A03}
[2012/12/01 00:32:30 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{B2260090-39ED-48B3-8515-CA287A58C9FB}
[2012/11/30 12:32:05 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{640583D0-73F3-43E9-92B9-0EE923B9D576}
[2012/11/29 18:50:24 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{06BF42C6-F5EA-4394-AD5C-2A4660C186C1}
[2012/11/28 23:38:23 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{6222BC32-D6B8-4C8F-B70A-4E1878205A80}
[2012/11/28 12:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recuva
[2012/11/28 12:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2012/11/28 12:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2012/11/28 12:17:22 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2012/11/28 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Synology
[2012/11/28 11:41:50 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\CloudStation
[2012/11/28 11:38:06 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{16081AC8-B4AF-4B46-828A-2FF029EDF8C5}
[2012/11/27 20:22:03 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{1F309F49-DA88-4DBA-AC6F-4200B3C5101B}
[2012/11/27 08:21:50 | 000,000,000 | ---D | C] -- C:\Users\Benedikt\AppData\Local\{409862B6-6E8F-4C9C-98B2-47192A86C3F4}
[2011/12/29 09:59:31 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\Benedikt\AppData\Roaming\pcouffin.sys
 
========== Files - Modified Within 30 Days ==========
 
[2012/12/26 17:25:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 17:25:13 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/12/26 17:23:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benedikt\Desktop\OTL.exe
[2012/12/26 17:16:40 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/12/26 17:16:29 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-LAPTOP-BEN-Benedikt.job
[2012/12/26 17:16:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/12/26 17:16:16 | 3220,525,056 | -HS- | M] () -- C:\hiberfil.sys
[2012/12/26 17:13:04 | 000,550,017 | ---- | M] () -- C:\Users\Benedikt\Desktop\adwcleaner.exe
[2012/12/26 17:13:01 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/12/26 16:48:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/12/26 16:42:01 | 000,000,940 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1587142674-203668243-1397722338-1001UA.job
[2012/12/26 16:00:00 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1587142674-203668243-1397722338-1001UA.job
[2012/12/26 15:59:01 | 000,001,128 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1587142674-203668243-1397722338-1001Core.job
[2012/12/26 14:42:00 | 000,000,888 | ---- | M] () -- C:\Windows\tasks\RockMeltUpdateTaskUserS-1-5-21-1587142674-203668243-1397722338-1001Core.job
[2012/12/25 20:00:00 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\Synology Data Replicator 3-R116152-Benedikt.job
[2012/12/25 19:27:48 | 001,613,340 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012/12/25 19:27:48 | 000,697,082 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012/12/25 19:27:48 | 000,652,360 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012/12/25 19:27:48 | 000,148,346 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012/12/25 19:27:48 | 000,121,292 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012/12/25 19:17:32 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/25 18:02:25 | 000,002,965 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/22 08:46:47 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012/12/21 16:54:34 | 000,467,320 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/12/21 13:46:01 | 000,001,058 | ---- | M] () -- C:\Users\Benedikt\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012/12/21 11:42:09 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll
[2012/12/21 11:42:09 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll
[2012/12/21 11:42:09 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll
[2012/12/21 11:42:09 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll
[2012/12/12 16:22:33 | 000,630,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmGCDeps.dll
[2012/12/12 16:22:33 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmGCDeps.dll
[2012/12/12 16:22:33 | 000,382,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemcomn2.dll
[2012/12/12 16:22:33 | 000,309,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmWmiPl.dll
[2012/12/12 16:22:33 | 000,247,296 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\framedynos.dll
[2012/12/12 16:22:33 | 000,242,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\framedyn.dll
[2012/12/12 16:22:33 | 000,227,328 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmWmiPl.dll
[2012/12/12 16:22:33 | 000,223,232 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\miutils.dll
[2012/12/12 16:22:33 | 000,204,105 | ---- | M] () -- C:\Windows\SysWow64\winrm.vbs
[2012/12/12 16:22:33 | 000,204,105 | ---- | M] () -- C:\Windows\SysNative\winrm.vbs
[2012/12/12 16:22:33 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\framedynos.dll
[2012/12/12 16:22:33 | 000,189,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\framedyn.dll
[2012/12/12 16:22:33 | 000,172,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\miutils.dll
[2012/12/12 16:22:33 | 000,160,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmidcom.dll
[2012/12/12 16:22:33 | 000,157,184 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAuto.dll
[2012/12/12 16:22:33 | 000,154,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmitomi.dll
[2012/12/12 16:22:33 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAuto.dll
[2012/12/12 16:22:33 | 000,108,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wevtfwd.dll
[2012/12/12 16:22:33 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winrscmd.dll
[2012/12/12 16:22:33 | 000,106,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mi.dll
[2012/12/12 16:22:33 | 000,105,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wecutil.exe
[2012/12/12 16:22:33 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrscmd.dll
[2012/12/12 16:22:33 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wevtfwd.dll
[2012/12/12 16:22:33 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wecapi.dll
[2012/12/12 16:22:33 | 000,078,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wecutil.exe
[2012/12/12 16:22:33 | 000,066,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSManMigrationPlugin.dll
[2012/12/12 16:22:33 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wecapi.dll
[2012/12/12 16:22:33 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmRes.dll
[2012/12/12 16:22:33 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmRes.dll
[2012/12/12 16:22:33 | 000,059,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\prvdmofcomp.dll
[2012/12/12 16:22:33 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pwrshplugin.dll
[2012/12/12 16:22:33 | 000,058,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncobjapi.dll
[2012/12/12 16:22:33 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManMigrationPlugin.dll
[2012/12/12 16:22:33 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\PSModuleDiscoveryProvider.dll
[2012/12/12 16:22:33 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winrs.exe
[2012/12/12 16:22:33 | 000,046,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ncobjapi.dll
[2012/12/12 16:22:33 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pwrshplugin.dll
[2012/12/12 16:22:33 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrs.exe
[2012/12/12 16:22:33 | 000,036,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\PSModuleDiscoveryProvider.dll
[2012/12/12 16:22:33 | 000,035,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmprovhost.exe
[2012/12/12 16:22:33 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wsmprovhost.exe
[2012/12/12 16:22:33 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WSManHTTPConfig.exe
[2012/12/12 16:22:33 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WSManHTTPConfig.exe
[2012/12/12 16:22:33 | 000,026,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\WsmAgent.dll
[2012/12/12 16:22:33 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winrshost.exe
[2012/12/12 16:22:33 | 000,021,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\WsmAgent.dll
[2012/12/12 16:22:33 | 000,020,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrshost.exe
[2012/12/12 16:22:33 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wsmplpxy.dll
[2012/12/12 16:22:33 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\Register-CimProvider.exe
[2012/12/12 16:22:33 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winrssrv.dll
[2012/12/12 16:22:33 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\Register-CimProvider.exe
[2012/12/12 16:22:33 | 000,010,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wsmplpxy.dll
[2012/12/12 16:22:33 | 000,009,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrssrv.dll
[2012/12/12 16:22:33 | 000,004,675 | ---- | M] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/12/12 16:22:33 | 000,004,675 | ---- | M] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/12/12 16:22:33 | 000,004,148 | ---- | M] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/12 16:22:33 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\winrsmgr.dll
[2012/12/12 16:22:33 | 000,001,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winrsmgr.dll
[2012/12/12 16:22:32 | 000,494,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wbemcomn2.dll
[2012/12/12 16:22:32 | 000,214,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wmitomi.dll
[2012/12/12 16:22:32 | 000,124,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wmidcom.dll
[2012/12/12 16:22:32 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mi.dll
[2012/12/12 16:22:32 | 000,079,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\prvdmofcomp.dll
[2012/12/12 16:16:13 | 001,161,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012/12/12 16:16:13 | 000,424,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012/12/12 16:16:13 | 000,362,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012/12/12 16:16:13 | 000,338,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012/12/12 16:16:13 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012/12/12 16:16:13 | 000,215,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012/12/12 16:16:13 | 000,025,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012/12/12 16:16:13 | 000,016,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012/12/12 16:16:13 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012/12/12 16:16:13 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012/12/12 16:16:13 | 000,007,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012/12/12 16:16:13 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:16:13 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:16:13 | 000,005,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012/12/12 16:16:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:16:13 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:16:13 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:16:13 | 000,002,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012/12/12 16:16:12 | 000,006,144 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012/12/12 16:16:12 | 000,005,120 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012/12/12 16:16:12 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012/12/12 16:16:12 | 000,004,608 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012/12/12 16:16:12 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012/12/12 16:16:12 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012/12/12 16:16:12 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012/12/12 16:16:12 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012/12/12 16:15:51 | 000,478,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll
[2012/12/12 16:15:51 | 000,376,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll
[2012/12/12 16:15:38 | 002,312,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012/12/12 16:15:38 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012/12/12 16:15:38 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012/12/12 16:15:38 | 000,816,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012/12/12 16:15:38 | 000,729,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2012/12/12 16:15:38 | 000,717,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012/12/12 16:15:38 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2012/12/12 16:15:38 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012/12/12 16:15:38 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012/12/12 16:15:38 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012/12/12 16:15:38 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012/12/12 16:15:38 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012/12/12 16:15:38 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012/12/12 16:15:38 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012/12/12 16:15:38 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012/12/11 20:50:15 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012/12/11 20:50:15 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012/12/11 20:00:38 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012/12/11 20:00:38 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012/12/06 14:37:47 | 000,467,696 | ---- | M] () -- C:\Users\Benedikt\Desktop\1354797232644.jpg
[2012/12/03 20:04:41 | 005,773,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2012/12/03 20:04:41 | 003,174,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorets.dll
[2012/12/03 20:04:41 | 000,322,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2012/12/03 20:04:41 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpudd.dll
[2012/12/03 20:04:41 | 000,228,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpendp_winip.dll
[2012/12/03 20:04:41 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TSWbPrxy.exe
[2012/12/03 20:04:41 | 000,057,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys
[2012/12/03 20:04:41 | 000,054,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsRdpWebAccess.dll
[2012/12/03 20:04:41 | 000,044,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2012/12/03 20:04:41 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys
[2012/12/03 20:04:41 | 000,015,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RdpGroupPolicyExtension.dll
[2012/12/03 20:04:40 | 004,916,224 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2012/12/03 20:04:40 | 001,048,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mstsc.exe
[2012/12/03 20:04:40 | 000,269,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2012/12/03 20:04:40 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbGDCoInstaller.dll
[2012/12/03 20:04:40 | 000,037,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2012/12/03 20:04:40 | 000,018,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprtPS.dll
[2012/12/03 20:04:40 | 000,016,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wksprtPS.dll
[2012/12/03 20:04:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyExtension.dll
[2012/12/03 20:04:40 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\TsUsbRedirectionGroupPolicyControl.exe
[2012/12/03 20:04:39 | 001,123,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mstsc.exe
[2012/12/03 20:04:39 | 000,384,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wksprt.exe
[2012/12/03 20:04:39 | 000,192,000 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpendp_winip.dll
[2012/12/03 20:04:39 | 000,046,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MsRdpWebAccess.dll
[2012/12/03 20:04:39 | 000,003,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\de-DE\tsusbflt.sys.mui
[2012/12/03 20:01:33 | 001,448,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2012/12/03 20:01:33 | 000,307,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
 
========== Files Created - No Company Name ==========
 
[2012/12/26 17:13:02 | 000,550,017 | ---- | C] () -- C:\Users\Benedikt\Desktop\adwcleaner.exe
[2012/12/25 19:17:32 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/12/25 18:02:25 | 000,002,965 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012/12/12 16:20:28 | 000,204,105 | ---- | C] () -- C:\Windows\SysWow64\winrm.vbs
[2012/12/12 16:20:27 | 000,004,675 | ---- | C] () -- C:\Windows\SysNative\wsmanconfig_schema.xml
[2012/12/12 16:20:17 | 000,004,675 | ---- | C] () -- C:\Windows\SysWow64\wsmanconfig_schema.xml
[2012/12/12 16:20:10 | 000,004,148 | ---- | C] () -- C:\Windows\SysNative\psmodulediscoveryprovider.mof
[2012/12/12 16:20:02 | 000,204,105 | ---- | C] () -- C:\Windows\SysNative\winrm.vbs
[2012/12/06 14:37:47 | 000,467,696 | ---- | C] () -- C:\Users\Benedikt\Desktop\1354797232644.jpg
[2012/10/29 12:09:28 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012/08/26 09:27:54 | 000,111,928 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012/08/26 09:27:50 | 002,793,768 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012/08/26 09:27:50 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012/05/15 01:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012/01/25 00:04:03 | 000,001,994 | ---- | C] () -- C:\Users\Benedikt\.TransferManager.db
[2011/12/29 09:59:31 | 000,099,384 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\inst.exe
[2011/12/29 09:59:31 | 000,007,859 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\pcouffin.cat
[2011/12/29 09:59:31 | 000,001,167 | ---- | C] () -- C:\Users\Benedikt\AppData\Roaming\pcouffin.inf
[2011/12/27 18:14:53 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/12/11 18:33:30 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011/12/11 11:35:01 | 000,005,034 | ---- | C] () -- C:\ProgramData\pubjtini.xmz
[2011/11/20 01:19:17 | 000,007,602 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\Resmon.ResmonCfg
[2011/09/06 20:58:42 | 001,591,234 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011/08/29 15:35:34 | 000,000,147 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc
[2011/08/29 11:11:53 | 000,000,048 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/08/13 16:38:24 | 000,008,192 | ---- | C] () -- C:\Users\Benedikt\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/07/26 16:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011/07/26 16:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011/07/26 16:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011/07/26 16:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011/07/25 20:32:39 | 000,266,130 | ---- | C] () -- C:\Windows\hpwins23.dat
[2011/07/25 20:32:39 | 000,001,843 | ---- | C] () -- C:\Windows\hpwmdl23.dat
[2011/07/24 00:13:00 | 000,049,152 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.dll
[2011/07/24 00:13:00 | 000,003,456 | R--- | C] () -- C:\Windows\SysWow64\AVerIO.sys
[2011/07/24 00:12:50 | 000,598,016 | R--- | C] () -- C:\Windows\SysWow64\sptlib21.dll
[2011/07/24 00:12:50 | 000,294,912 | R--- | C] () -- C:\Windows\SysWow64\sptlib11.dll
[2011/07/24 00:12:50 | 000,290,816 | R--- | C] () -- C:\Windows\SysWow64\sptlib22.dll
[2011/07/24 00:12:50 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib03.dll
[2011/07/24 00:12:50 | 000,249,856 | R--- | C] () -- C:\Windows\SysWow64\sptlib01.dll
[2011/07/24 00:12:50 | 000,225,280 | R--- | C] () -- C:\Windows\SysWow64\sptlib02.dll
[2011/07/24 00:12:50 | 000,135,168 | R--- | C] () -- C:\Windows\SysWow64\sptlib12.dll
 
========== ZeroAccess Check ==========
 
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/07/14 13:17:53 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/07/14 13:17:53 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012/12/12 16:22:32 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012/12/12 16:22:32 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012/12/12 16:22:32 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011/09/08 19:07:37 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Atari
[2012/07/04 18:29:26 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Audacity
[2011/09/06 21:13:58 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Banamalon
[2011/11/28 13:11:57 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Der Planer 4
[2012/12/26 17:19:41 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Dropbox
[2012/05/19 11:22:13 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\FileZilla
[2011/09/08 18:56:26 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Leadertech
[2011/12/11 11:35:00 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Movavi
[2011/08/12 13:01:48 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Phase6
[2011/09/11 11:01:59 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\ProtectDISC
[2011/08/13 14:48:30 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Samsung
[2012/07/04 16:20:56 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Spotify
[2011/12/03 23:53:54 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Steinberg
[2011/12/11 18:11:42 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Stereoscopic Player
[2012/03/26 18:59:25 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\TeamViewer
[2012/04/12 12:00:39 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Temp
[2012/02/21 23:15:30 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Total Immersion
[2012/02/29 21:32:59 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\TuneUp Software
[2012/11/04 16:50:39 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Vso
[2011/07/25 18:17:16 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\Windows Live Writer
[2011/07/23 23:31:33 | 000,000,000 | ---D | M] -- C:\Users\Benedikt\AppData\Roaming\XMedia Recode
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---
__________________
Alt 26.12.2012, 17:47   #4
bene-s
 
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Standard

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


extras.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 12/26/2012 5:27:49 PM - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benedikt\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4.00 Gb Total Physical Memory | 2.15 Gb Available Physical Memory | 53.83% Memory free
8.00 Gb Paging File | 5.78 Gb Available in Paging File | 72.32% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 149.04 Gb Total Space | 18.81 Gb Free Space | 12.62% Space Free | Partition Type: NTFS
Drive D: | 134.40 Gb Total Space | 75.62 Gb Free Space | 56.27% Space Free | Partition Type: NTFS
 
Computer Name: LAPTOP-BEN | User Name: Benedikt | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~2\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1205F07F-E68F-4E98-AC9F-BC497FB6AE15}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{1960A39F-F7D3-42A7-8B67-C85BE5029AF6}" = lport=3306 | protocol=6 | dir=in | name=mysql | 
"{2643B3AF-23A7-4E4A-BB36-F41B2F0772B1}" = lport=137 | protocol=17 | dir=in | app=system | 
"{375D1973-CD08-4E86-91D1-06D7AA91CB81}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3F09C416-58E3-4857-8C24-B65D42FDB2EA}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{5B82617A-F29B-4ED6-B593-47F70F6A5904}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{61FECE22-48BF-4F9F-A0EB-D3D0FD40CF16}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{67871ED1-5D86-446C-BE13-A62C9246EC02}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6AD5FB1B-61F5-4738-B784-3956E77706D7}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{6F270352-D9F2-4FA9-9361-3A9E10F29043}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7043D2E7-76EC-464D-9466-1F25F5ABF3BA}" = rport=427 | protocol=17 | dir=in | svc=hpslpsvc | app=c:\windows\system32\svchost.exe | 
"{80967B1F-C834-4986-AFBB-5A6F299A0006}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{82AD5449-2138-4075-A17A-04145AEC7FCE}" = lport=138 | protocol=17 | dir=in | app=system | 
"{871FC431-46F2-4C6B-8E9F-5FAE79D7A42C}" = rport=139 | protocol=6 | dir=out | app=system | 
"{94A25D9A-8A59-497A-8CEE-6CC5EA7C238D}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A2D8E102-F5D3-4781-B2FA-C24AF7BDBCC0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AA6792F3-FA8B-4387-91DF-33A8622D109C}" = lport=139 | protocol=6 | dir=in | app=system | 
"{AE0F092F-545E-4FCB-BBB4-A0DE3B814AB1}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6D75657-EBF5-4678-8AA9-7A0A6797862B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B945E278-3379-4350-80C5-04BE8CCF46D5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BD102961-21D0-4A96-A50C-4E0FE8A16CEC}" = rport=138 | protocol=17 | dir=out | app=system | 
"{C39BEEAD-911F-40D0-BE95-6D67EB101145}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CB1DFA36-D27D-41F3-8CE2-B1D8350AFB58}" = rport=445 | protocol=6 | dir=out | app=system | 
"{CFA65EAC-3B89-4033-A34F-70B3E9CC8CB6}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D96C54A9-26A4-4EC1-BA4F-317B56DE91FC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{E26B4FA1-3D7E-4759-8506-3DADB47C449B}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F209F0DB-E5AE-49F7-8C14-5E69DEE91B7B}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0069256C-9933-4A44-8D39-A90D98A3148F}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0188D779-D2D3-4919-BDD2-641059989EE0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{051855E1-B771-4AD6-A1AA-C5D813625CCF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe | 
"{058C8073-3BC6-4E70-BEE5-F0EBCE910A37}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{084F940C-0DD9-42D7-BD7A-462C17F59AD8}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{096E634C-DBE9-4A2D-830A-667A674FDEBE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{09892035-C21E-4D2B-92B1-D1EF8B93409D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AE81807-3AF3-4A6A-A2AD-E320E0979236}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{0D696784-7C2C-4A9E-9DCF-BBA6903D30DC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe | 
"{0F1F6A7A-5441-4D62-B716-BE4A2D105AE3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{1489F443-612B-4E8B-BD21-2749A532733F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1937FB0B-27AE-47E6-B298-2630D73FB92F}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe | 
"{1D0BCE4D-6DCD-4410-BF72-5ABF7677CE6F}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{1E356BC9-8235-45DA-9EC1-AF7827B4E598}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{209DF050-D28E-4597-9CDC-6846702502B8}" = protocol=17 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal\mediaportal.exe | 
"{23E860D5-964C-4CDF-9428-0704D40E00A6}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{23E8F323-308E-4EBD-B78F-0888E99AFFBD}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{26F99FAF-9274-4ADC-BFAF-7D41AE04A85A}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{31D9950D-628C-4733-8184-71C13E87F88C}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{333A4051-4686-407C-ADF4-672E79CF7291}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{34927EAC-90A6-4692-B52F-84D8B6EC4AF4}" = protocol=6 | dir=out | app=system | 
"{37856E31-EB7F-4BF5-94B5-A5C22C301D62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3C1DEF59-B0AA-4C1F-AA3A-EA7A6B19E827}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3DFDBE6C-235E-4A15-A0E1-746A3F0F1F9B}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe | 
"{3EDC9658-CC8F-45E5-844D-4F3E28BE214C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{47D284AB-507E-4531-83BD-13F42A24EE32}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe | 
"{4C50CD21-32AC-4329-ABAC-330DA1CDA8F2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{50216E8E-A909-47ED-9D2E-91853DB998D0}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{540E34B9-3338-467D-9F4D-D65DA64F2B27}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe | 
"{553486DB-3BF1-43E1-A77B-0E65E7755366}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe | 
"{57B4C82B-A11B-4F54-8C84-492BD8DFF72D}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{57DFAD52-67FD-40FD-A172-CC7D5D88DB9E}" = protocol=17 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{5C84A6DB-0094-450F-8577-55D4CC0CB267}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{5E065604-D82F-47E8-9654-9B2842B68E49}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe | 
"{60F0CA09-BAA2-4554-B38C-381E17AFADC5}" = protocol=17 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal tv server\setuptv.exe | 
"{620911DC-291D-4A1B-AAB0-8C62EF7ADA5D}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\downloader.exe | 
"{63431372-BAC4-450A-94A9-5AFB940EA629}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe | 
"{67001F12-1413-4032-9A7D-1B64F5471A3C}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\common\mediaserver\clmsserverforpdvd11.exe | 
"{67A5D90A-7A31-43A3-81B4-91E575D1D3B9}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe | 
"{693F7505-4952-42A2-9399-3AC0A98D6920}" = dir=in | app=c:\users\benedikt\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{6DEE88D4-7178-43AD-8A3E-4F869A027CE3}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{6F60248F-5998-4F37-9201-58CA6DD64467}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6FCE0717-73EB-430C-A046-220A371E8F21}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{6FE3ADAF-F724-4F37-A0D0-6CBE15DCBF0F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{738F2583-1A67-4AAC-8B93-D6039E757CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal tv server\tvservice.exe | 
"{743DDA30-03CB-4485-AA55-F6125F3BB4F8}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{78F9E112-484C-49D1-BDD0-304E2A20BFEE}" = protocol=6 | dir=in | app=c:\program files (x86)\yourfiledownloader\yourfile.exe | 
"{7C15D9B3-D252-4A80-AFAB-EC6D3C3CEEFD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe | 
"{7C7A8780-ED66-475D-8715-FDE184E4884B}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7D82D301-638C-4983-8E04-C682FABA1351}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{816A2B17-4B9A-421F-8A39-24E82AB6F5C0}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{861D82B2-2EC5-413D-8934-FDE87AA8B3B9}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer_service.exe | 
"{8A3573C7-89F6-400E-96B2-8D802B288419}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe | 
"{8C5EE8F9-BBF1-4CCC-9464-2094283CA0AD}" = protocol=6 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal\mediaportal.exe | 
"{8C65E437-2587-4E31-BD2E-9216E199BE3C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe | 
"{8FCD5483-0EDD-45FD-AD46-6F06797B868F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{923CD2DC-5878-4327-8321-A18F27CE460C}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{92759B6B-C037-49F3-B499-CBF1B4FE57DF}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{9403F810-1634-4D53-836C-71A0381123A7}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{940F23E1-707D-435E-82D3-CDE695725D64}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{9480AA88-64C3-4B41-AE8C-8B7E18D4840C}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{959C23B7-8B7E-455B-BCFA-4DC9F537A466}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{99F98F52-B4DF-434E-B133-9193FC1F6645}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{A26D6D61-B537-48CE-973E-F344EA9BCF3D}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A8218195-3B97-4AD2-B491-FEF0937E8784}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{AAFCDC5C-F988-4BFD-8B54-56B4BCC29A57}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{BA35D102-E310-4E81-A2C5-036A7FABC927}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{BC87975A-FF6E-430F-A6F0-CD7E586B651B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{BFF4E73C-49ED-4C52-87E3-E8C2DBCA2DC8}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{C08BB7CF-1A77-46A2-B225-D206F3C310BD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe | 
"{C0DEB6D9-C13F-47AB-B253-0052EBBFC010}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version8\teamviewer.exe | 
"{C46B29F4-2E8F-48C1-876C-5AF4D2868289}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe | 
"{CA19AD38-CA9C-47A9-B9B5-7A4E63CA06F0}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\movie\powerdvd cinema\powerdvdcinema11.exe | 
"{CB28D6AD-D725-4D54-8AB2-D1D5855A9E45}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{D3C35F65-9774-478E-9FFC-79EF9F720009}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\pdvd11serv.exe | 
"{D7EAD21D-9D4A-4546-AE08-277A4CC260EB}" = protocol=17 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal tv server\tvservice.exe | 
"{DAEA9BAE-5468-4D8F-93C0-A0D1E8EDA23F}" = protocol=6 | dir=in | app=c:\program files (x86)\team mediaportal\mediaportal tv server\setuptv.exe | 
"{DBB0AC83-5D96-48FB-816C-6E3553BBAF16}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{DBB7BDC4-AC67-4B59-A8E6-946A6AFDD5DD}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe | 
"{E3CAF7F2-585B-4B6F-90F9-86B4DC33BC8C}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{E59C17C3-9ECB-4050-9A68-C78F8E70DA88}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{ED09C66D-D8E1-42CA-BF2A-1F35C2E65461}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe | 
"{EF7186C1-AE3B-4C40-A936-7E1B1392DE1F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{F2ED42D3-A979-4509-9416-F8C81E9810CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{F4AC4718-36FF-4F53-90D1-CF8EE0F8DD82}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe | 
"{F979FF10-7638-45CE-906F-E3E4BCD663C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FBFE13B7-ADE6-46AF-B2A1-0B4CB5766251}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{FE15002D-2D0F-4D7C-8076-B7DD1EEC29D3}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd11\powerdvd11.exe | 
"{FFC3950B-8919-4E0C-822F-0A19381FBA59}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"TCP Query User{0907653B-F2DD-4E06-8028-82A002F80BD3}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{0E9485FD-BD91-46D2-9C2E-F5DFDF899FFF}C:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe | 
"TCP Query User{1208D8E7-6AB2-4797-A8F1-5BEAEC4E7B4E}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{1F7C626C-0C0E-4222-8D35-16C29E908A94}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{3062447B-7EC4-48F4-A1CB-3F801F77B62A}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"TCP Query User{3DE80C6B-95F6-4F74-BF12-77E11D1F5BB9}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"TCP Query User{448BAF68-400E-40F7-8182-EC137BF19EC0}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"TCP Query User{470262AA-5EAB-4494-A44A-4CF8FCFD5A9F}F:\001 benedikt\data\spiele\cs16 fullv32.1 non\cs16 fullv32.1 non\hl.exe" = protocol=6 | dir=in | app=f:\001 benedikt\data\spiele\cs16 fullv32.1 non\cs16 fullv32.1 non\hl.exe | 
"TCP Query User{6EE86D61-C1CB-43B8-AECC-0B96539E0C8E}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{735D7C0E-8CBC-4AB8-B6C5-13A5450D55FE}C:\program files (x86)\synology data replicator  3\backup.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology data replicator  3\backup.exe | 
"TCP Query User{75354581-4EFD-499B-9325-AD14F44E2CE2}C:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe" = protocol=6 | dir=in | app=c:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe | 
"TCP Query User{7F0CDA65-CC90-49C2-A7FA-DCFE9739DC46}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{9908A6C0-7AC3-461F-AC74-2E652BE35C10}C:\program files\windows sidebar\sidebar.exe" = protocol=6 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"TCP Query User{9F725E2C-BBF0-4EA1-8C01-B8C0F985635E}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{A47B6BDB-B696-4DFF-80D4-C36480A783DF}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{C72B5A63-8B1F-4ACB-9162-C788FD928993}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{C90CA715-7657-4F1F-AB31-672B1702F20F}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{CB1ADB5F-E16A-4D69-8CA3-5C6232F41768}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=6 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe | 
"TCP Query User{DB0438E2-BE73-45A3-8650-7315D6D9225D}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"TCP Query User{FE73E7C2-9033-488B-9390-904814E4D61A}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"UDP Query User{11A02878-BA06-41DB-B28F-7684DA023959}C:\program files (x86)\synology data replicator  3\backup.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology data replicator  3\backup.exe | 
"UDP Query User{2B877EFC-B933-488F-AE06-6EDD35F40ABB}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"UDP Query User{2C52F106-F07D-4970-94AD-70D43FAD198A}C:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=c:\program files (x86)\videolan\vlc\vlc.exe | 
"UDP Query User{311D68DB-069B-4C92-A103-CC5D25DA6C71}C:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\adobe\adobe dreamweaver cs5\dreamweaver.exe | 
"UDP Query User{496203AD-F153-4654-958C-B1E6EE54F6E9}C:\program files (x86)\iomega\home storage manager\iomega storage manager.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega storage manager.exe | 
"UDP Query User{4BFF4B6B-80E5-4207-8BF6-04B4F0E95EC0}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{63D597C6-FB38-468C-8C5E-E47B8C81372A}F:\001 benedikt\data\spiele\cs16 fullv32.1 non\cs16 fullv32.1 non\hl.exe" = protocol=17 | dir=in | app=f:\001 benedikt\data\spiele\cs16 fullv32.1 non\cs16 fullv32.1 non\hl.exe | 
"UDP Query User{6DAAB1D2-2025-4F76-8209-30C5EEF5DE85}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{6EC69B2A-E2C1-4E52-BBA7-4E579768A6C9}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{7A07A87B-33A2-4CE8-B127-F708EA4644CC}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{8843A90C-1707-4520-A3E6-FA3C16658AB8}C:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe | 
"UDP Query User{8F9B7B1B-3C28-4A43-9C52-1A42AF67521B}C:\program files (x86)\synology\assistant\dsassistant.exe" = protocol=17 | dir=in | app=c:\program files (x86)\synology\assistant\dsassistant.exe | 
"UDP Query User{A076F6D0-27F2-44C5-9580-A417022B9B7D}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{BFC7B982-7D82-4F7D-8A90-D2D7203E97AC}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{CE15A45B-753B-43C0-8C9B-257C3F40DE1B}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{D0CC4917-F888-4DF8-BB2B-172FB2864A34}C:\program files\windows sidebar\sidebar.exe" = protocol=17 | dir=in | app=c:\program files\windows sidebar\sidebar.exe | 
"UDP Query User{DF7D1DC7-53E6-471A-B790-41B4CD7C61B9}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{E67B92E3-22FF-4E7F-B0CC-1F144A86CDAE}C:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe" = protocol=17 | dir=in | app=c:\program files (x86)\banamalon\windows remote service\windowsremoteservice.exe | 
"UDP Query User{E6C613F1-60D9-4ECE-ADBD-3CB16A6DEA87}C:\program files (x86)\iomega\home storage manager\iomega discovery.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iomega\home storage manager\iomega discovery.exe | 
"UDP Query User{F49E38C3-5991-4EEE-9B9F-F855644EBAAA}C:\users\benedikt\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\benedikt\appdata\roaming\spotify\spotify.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{2E1B4B42-069F-4F53-9966-9B9B938D7FE5}" = HP Officejet 6500 E709 Series
"{6BFAB6C1-6D46-46DB-A538-A269907C9F2F}" = Network64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FF21C3E6-97FD-474F-9518-8DCBE94C2854}" = 64 Bit HP CIO Components Installer
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"Elantech" = ETDWare PS/2-x64 7.0.5.7_WHQL
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"Shop for HP Supplies" = Shop for HP Supplies
"USB 2.0 1.3M UVC WebCam" = USB 2.0 1.3M UVC WebCam
"WinRAR archiver" = WinRAR
"ZDFmediathek_is1" = ZDFmediathek Version 2.1.6
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2DBE8A-43D0-7830-7AE7-CA6C99A832E7}" = Adobe Community Help
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{1759725E-9A7B-4A94-8CF7-8265DC3867D6}" = TuneRankings plugin for Windows Media Player
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17D26CDD-B87C-412B-92F0-2D5DD4313522}" = Facebook Messenger 2.1.4651.0
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{38DAE5F5-EC70-4aa5-801B-D11CA0A33B41}" = BPDSoftware
"{3B05F2FB-745B-4012-ADF2-439F36B2E70B}" = ATKOSD2
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4A9849CA-E11C-4F24-8BB1-97C717A1C898}" = LightScribe System Software
"{57F60D52-630B-43C5-BD20-176F5CD4EED6}" = bpd_scan
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A1ACC15-7632-45ba-A3AB-0250EBD4B7DD}" = 6500_E709a
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6CC080F1-2E00-41D5-BE47-A3BC784E9DFB}" = BPDSoftware_Ini
"{6F340107-F9AA-47C6-B54C-C3A19F11553F}" = Hewlett-Packard ACLM.NET v1.1.0.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser und SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7C05592D-424B-46CB-B505-E0013E8E75C9}" = ATK Hotkey
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E310838-457C-4269-B177-3EFB300CBDDC}" = Synology Data Replicator  3
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_HOMESTUDENTR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9129B46A-51F0-431b-9838-DF7272F3204E}" = ProductContext
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A436F67F-687E-4736-BD2B-537121A804CF}" = HP Product Detection
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C08E4323-261D-4B2F-8F24-CDB26E2AA081}" = Iomega Home Storage Manager
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D1E5870E-E3E5-4475-98A6-ADD614524ADF}" = ATK Media
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3D54F3E-C5C3-443D-978F-87A72E5616E8}" = ATK Generic Function Service
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{DE13432E-F0C1-4842-A5BA-CC997DA72A70}" = 6500_E709_eDocs
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E948B551-08DB-4163-8995-8C43B03D1B19}" = maxdome Download Manager 4.1.300.78
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F185B35D-38E5-4D88-B275-15C8C7FC4357}" = 6500_E709_Help
"{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FDA45EDD-578F-490C-9379-157C9F702486}" = JPEG2000 Video Decoder
"{FE3B9518-9FF3-4D89-8A8D-E540C9CCAF3B}" = NVIDIA 3D Vision Video Player
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"ASUS_N71_Screensaver" = ASUS_N71_Screensaver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.12 (Unicode)
"AVerMedia A850 USB DMB-TH" = AVerMedia A850 USB DMB-TH 1.0.64.28
"Avira AntiVir Desktop" = Avira Free Antivirus
"D'Fusion @Home Web Plug-In" = Total Immersion D'Fusion @Home Web Plug-In
"ffdshow_is1" = ffdshow v1.1.3892 [2011-06-20]
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{331C520E-D8C3-4AB9-ADF7-A666A3561922}" = Alcor Micro USB Card Reader
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E28B1E6F-E0AA-4228-AB89-DB4A0C89D426}" = AVerTV
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{F232C87C-6E92-4775-8210-DFE90B7777D9}" = CyberLink PowerDVD 11
"JDownloader" = JDownloader
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PunkBusterSvc" = PunkBuster Services
"Synology Assistant" = Synology Assistant (remove only)
"TeamViewer 8" = TeamViewer 8
"VLC media player" = VLC media player 1.1.11
"WinLiveSuite" = Windows Live Essentials
"XMedia Recode" = XMedia Recode 2.2.7.2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1587142674-203668243-1397722338-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"MyFreeCodec" = MyFreeCodec
"RockMelt" = RockMelt
"Spotify" = Spotify
"Synology CloudStation" = Synology Cloud Station (remove only)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 12/12/2012 7:00:28 AM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12/13/2012 7:15:24 PM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12/16/2012 1:13:13 PM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12/17/2012 1:58:18 PM | Computer Name = Laptop-Ben | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: firefox.exe, Version: 17.0.1.4715,
 Zeitstempel: 0x50b71a4b  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0,
 Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0xfffffd34  ID des fehlerhaften
 Prozesses: 0xcbc  Startzeit der fehlerhaften Anwendung: 0x01cddbd7eb18a1fe  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Mozilla Firefox\firefox.exe  Pfad 
des fehlerhaften Moduls: unknown  Berichtskennung: 55d5a509-4873-11e2-bbf9-90e6ba67d94c
 
Error - 12/20/2012 7:48:52 PM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12/21/2012 8:23:42 AM | Computer Name = Laptop-Ben | Source = Application Hang | ID = 1002
Description = Programm WINWORD.EXE, Version 12.0.6668.5000 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 1e00    Startzeit: 01cddf75c97a5998    Endzeit: 10    Anwendungspfad:
 C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE    Berichts-ID: 2d051f4b-4b69-11e2-9ce3-90e6ba67d94c

 
Error - 12/21/2012 7:31:45 PM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12/22/2012 7:32:02 PM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12/25/2012 2:14:12 PM | Computer Name = Laptop-Ben | Source = Google Update | ID = 20
Description = 
 
Error - 12/25/2012 3:18:56 PM | Computer Name = Laptop-Ben | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SndVol.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7aced  Name des fehlerhaften Moduls: SndVol.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7aced  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001d287
ID
 des fehlerhaften Prozesses: 0xee0  Startzeit der fehlerhaften Anwendung: 0x01cde2d29f987844
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\SndVol.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\System32\SndVol.exe  Berichtskennung: ed39d6b7-4ec7-11e2-a7ab-90e6ba67d94c
 
Error - 12/25/2012 7:48:47 PM | Computer Name = Laptop-Ben | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: SndVol.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7aced  Name des fehlerhaften Moduls: SndVol.exe, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7aced  Ausnahmecode: 0xc0000005  Fehleroffset: 0x000000000001d612
ID
 des fehlerhaften Prozesses: 0x2610  Startzeit der fehlerhaften Anwendung: 0x01cde2d4c211cd38
Pfad
 der fehlerhaften Anwendung: C:\Windows\System32\SndVol.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\System32\SndVol.exe  Berichtskennung: 9fba6e7a-4eed-11e2-a7ab-90e6ba67d94c
 
Error - 12/26/2012 9:01:11 AM | Computer Name = Laptop-Ben | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Cisco AnyConnect Secure Mobility Client Events ]
Error - 10/28/2012 1:57:17 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::applyHostConfigForNoVpn File: .\MainThread.cpp
Line:
 8261 Invoked Function: CHostConfigMgr::DeterminePublicInterface Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10/28/2012 1:57:17 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::genericNoticeHandler File: .\MainThread.cpp Line:
 5911 Invoked Function: CMainThread::applyHostConfigForNoVpn Return Code: -33161196
 (0xFE060014) Description: ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10/28/2012 1:57:17 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::processNotice File: .\MainThread.cpp Line: 5636
Invoked
 Function: CMainThread::genericNoticeHandler Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10/28/2012 1:57:17 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::noticeHandler File: .\MainThread.cpp Line: 5598
Invoked
 Function: CMainThread::processNotice Return Code: -33161196 (0xFE060014) Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10/28/2012 1:57:17 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::internalCallbackHandler File: .\MainThread.cpp
Line:
 5352 Invoked Function: CMainThread::noticeHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10/28/2012 1:57:17 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CMainThread::callbackHandler File: .\MainThread.cpp Line: 
5287 Invoked Function: internalCallbackHandler Return Code: -33161196 (0xFE060014)
Description:
 ROUTEMGR_ERROR_PUBLIC_ADDRESS_UNAVAILABLE 
 
Error - 10/31/2012 4:40:01 AM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1081 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 10/31/2012 4:40:01 AM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 865 Invoked Function: CNetEnvironment::TestAccessToSG Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 10/31/2012 4:40:01 AM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 194 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 11/4/2012 12:01:09 PM | Computer Name = LAPTOP-BEN | Source = acvpnagent | ID = 67110873
Description = Termination reason code 7: The agent has been stopped.
 
[ Media Center Events ]
Error - 12/8/2012 11:05:13 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 04:05:13 - Fehler beim Herstellen der Internetverbindung.  04:05:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/8/2012 11:13:29 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 04:13:18 - Fehler beim Herstellen der Internetverbindung.  04:13:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/9/2012 12:21:36 AM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 05:21:36 - Fehler beim Herstellen der Internetverbindung.  05:21:36 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/9/2012 12:29:52 AM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 05:29:41 - Fehler beim Herstellen der Internetverbindung.  05:29:41 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/9/2012 1:37:58 AM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 06:37:58 - Fehler beim Herstellen der Internetverbindung.  06:37:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/9/2012 1:46:13 AM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 06:46:03 - Fehler beim Herstellen der Internetverbindung.  06:46:03 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/21/2012 9:14:17 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 02:14:17 - Fehler beim Herstellen der Internetverbindung.  02:14:17 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/21/2012 9:22:35 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 02:22:22 - Fehler beim Herstellen der Internetverbindung.  02:22:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/21/2012 10:30:39 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 03:30:39 - Fehler beim Herstellen der Internetverbindung.  03:30:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/21/2012 10:38:56 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 03:38:44 - Fehler beim Herstellen der Internetverbindung.  03:38:44 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/21/2012 11:47:01 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 04:47:01 - Fehler beim Herstellen der Internetverbindung.  04:47:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/21/2012 11:55:17 PM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 04:55:06 - Fehler beim Herstellen der Internetverbindung.  04:55:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/22/2012 1:03:22 AM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 06:03:22 - Fehler beim Herstellen der Internetverbindung.  06:03:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 12/22/2012 1:11:38 AM | Computer Name = Laptop-Ben | Source = MCUpdate | ID = 0
Description = 06:11:27 - Fehler beim Herstellen der Internetverbindung.  06:11:27 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 12/25/2012 1:08:10 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12/25/2012 1:28:47 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7034
Description = Dienst "CyberLink PowerDVD 11.0 Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal passiert.
 
Error - 12/25/2012 2:41:18 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12/25/2012 2:41:18 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12/25/2012 8:46:12 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Modules Installer" wurde mit folgendem Fehler 
beendet:   %%16405
 
Error - 12/26/2012 6:29:38 AM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12/26/2012 6:29:38 AM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 12/26/2012 9:26:39 AM | Computer Name = Laptop-Ben | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 12/26/2012 12:19:35 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 12/26/2012 12:19:35 PM | Computer Name = Laptop-Ben | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
--- --- ---
Alt 27.12.2012, 02:40   #5
t'john
/// Helfer-Team
 
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Standard

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
O4 - HKU\S-1-5-21-1587142674-203668243-1397722338-1001..\Run: [Windows Remote Service] C:\Program Files (x86)\Banamalon\Windows Remote Service\WindowsRemoteService.exe File not found 
[2012/12/25 18:02:25 | 000,002,965 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js 

:Files
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Benedikt\*.tmp
C:\Users\Benedikt\AppData\Local\Temp\*.exe
C:\Users\Benedikt\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

__________________
Mfg, t'john
Das TB unterstützen

Alt 24.02.2013, 11:20   #6
t'john
/// Helfer-Team
 
GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Standard

GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
--> GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen

Antwort

Themen zu GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen
administrator, anleitung, appdata, autostart, brauche, browser, button, dsgsdgdsgdsgw.pad, exploit.drop.gsa, explorer, folge, gelöscht, helper, install, install.exe, löschen, microsoft, preferences, pup.rewardsarcade, quarantäne, roaming, runctf.lnk, service, software, speicher, trojan.fakems, uninstall.exe, version, wgsdgsdgdsgsd.dll


« GVU Trojaner, OTL.txt, OTL Auswertung | BKA oder GVU Trojaner »


Ähnliche Themen: GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen


  1. GVU - trojaner Windows 7 brauche hilfe beim entfernen frstlog vorhanden
    Plagegeister aller Art und deren Bekämpfung - 19.11.2013 (5)
  2. TR/SPY.TBot Dateien beim vollständigen Scan gefunden
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (6)
  3. Befallen mit BKA Trojaner 5.2 (Logs vorhanden)
    Plagegeister aller Art und deren Bekämpfung - 01.08.2012 (3)
  4. WIN7 GVU-Trojaner 2.07! Brauche Hilfe! Logs vorhanden!
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (6)
  5. Foto Thun Trojaner eingefangen! Brauche Hilfe beim entfernen
    Plagegeister aller Art und deren Bekämpfung - 18.06.2012 (1)
  6. Windows Verschlüsselungs Trojaner, brauche dringend Rat beim Fix!
    Log-Analyse und Auswertung - 03.05.2012 (8)
  7. Brauche eure Hilfe beim Löschen & Analysieren einiger Prozesse
    Log-Analyse und Auswertung - 09.04.2012 (1)
  8. BKA-Trojaner, OTL.txt vorhanden, brauche fix.txt
    Log-Analyse und Auswertung - 19.07.2011 (3)
  9. Unbekannter Trojaner verhindert vollständigen Systemstart
    Plagegeister aller Art und deren Bekämpfung - 23.10.2010 (1)
  10. Virus/Trojaner nicht löschbar (Fehler beim löschen) Bitte um Hilfe
    Log-Analyse und Auswertung - 16.12.2008 (0)
  11. Brauche Hilfe beim entfernen von Trojaner (TR/Monderb.321792)
    Plagegeister aller Art und deren Bekämpfung - 18.07.2008 (1)
  12. Trotz Anleitung kann ich Trojaner nicht löschen...brauche dringend Hilfe!
    Log-Analyse und Auswertung - 05.06.2008 (7)
  13. Mit Trojaner(n) infiziert, brauche tipps zum löschen
    Plagegeister aller Art und deren Bekämpfung - 21.02.2008 (3)
  14. Virus??? Wurm? Trojaner??? Brauche hilfe hjt Bericht vorhanden
    Plagegeister aller Art und deren Bekämpfung - 19.02.2008 (5)
  15. Smidfraud-Trojaner? SpyBot hilflos (beim Löschen blue-screen)
    Log-Analyse und Auswertung - 25.12.2007 (11)
  16. endlosschleife beim booten wollte trojaner löschen
    Plagegeister aller Art und deren Bekämpfung - 17.09.2007 (21)
  17. Brauche Hilfe beim TR/Vundo.Gen kann ihn nicht löschen
    Log-Analyse und Auswertung - 03.12.2006 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen - Ich habe mir den GVU-Trojaner eingefangen Habe bin nach folgender Anleitung vorgegangen: http://www.trojaner-board.de/51187-a...i-malware.html Das ist der Report: Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.25.08 Windows 7 Service Pack 1 x64 - GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen...
Archiv
Du betrachtest: GVU-Trojaner befallen, report vorhanden, brauche rat beim vollständigen löschen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131