Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.02.2013, 18:19   #1
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Hallo habe mir da was eingefangen.

Lässt sich nicht löschen beziehungsweise ändern per Regedit bzw. MalwareBytes bitte um eure Hilfe!

MfG
SiRo

HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load
C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup
C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe (weiß nicht ob das ganz weg ist!)


OTL Extras logfile

Code:
ATTFilter
OTL Extras logfile created on: 05.02.2013 18:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SiRo-CoOl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,97 Gb Total Physical Memory | 12,17 Gb Available Physical Memory | 76,22% Memory free
15,97 Gb Paging File | 12,07 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 74,80 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 352,88 Gb Free Space | 37,88% Space Free | Partition Type: NTFS
Drive E: | 310,41 Gb Total Space | 116,00 Gb Free Space | 37,37% Space Free | Partition Type: NTFS
Drive F: | 310,50 Gb Total Space | 308,63 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive I: | 1862,98 Gb Total Space | 1228,33 Gb Free Space | 65,93% Space Free | Partition Type: NTFS
 
Computer Name: SION | User Name: SiRo-CoOl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
[HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "f:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "f:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
https [open] -- "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" -osint -url "%1" (Mozilla Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "f:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "f:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Enqueue] -- "F:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "F:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03DE8877-9C91-459E-B3EB-C816A3826B58}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{0820D4D3-478C-4508-958A-E422D7568CD0}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{0F2580EB-4250-428A-9C0C-32015F90E0D6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15A58C8D-61AF-4760-A344-9D57EB8FC4C3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1CCAD4A5-B2E2-4C70-9D74-4DA776ACBFAE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{231472F3-C36F-4215-89E2-431D5F17B16F}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{2857AF48-81FA-4B3F-9B35-C7CE60FED792}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{33CABACB-2A39-418D-B972-CF61D14BD936}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{365ED496-2238-4D6E-B10A-D22EBC8D1986}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{3B0F077A-283F-4A39-A36D-E336300BB3BA}" = rport=138 | protocol=17 | dir=out | app=system | 
"{3F3364AF-7D6D-4260-A742-91D839744664}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{4A74AEA5-D238-48FD-B7D2-A1559E73E506}" = rport=137 | protocol=17 | dir=out | app=system | 
"{597B81C3-E086-49D9-90CC-82EF1D31B17C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{74B0BFEB-78D5-4307-B470-625C64E931F6}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{77CA443E-821E-4427-82E1-1E2B7771C191}" = lport=137 | protocol=17 | dir=in | app=system | 
"{789CC276-1755-4132-90A1-ADF9B48B9548}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{7CCDDC5D-C246-4FEC-B620-6E4BB45019C3}" = lport=51000 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{7F9B30DF-255E-4CEF-B0DB-91D39AF86D43}" = lport=5353 | protocol=6 | dir=in | name=adobe csi cs4 | 
"{802831E0-2620-4F21-A0B2-F6D632656780}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{850ABFCF-128C-4326-BEC0-82E2416F2ED0}" = lport=139 | protocol=6 | dir=in | app=system | 
"{86389A9A-E9DC-4C02-B035-C026CEE4F266}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8B324B2D-215D-44F7-B7C4-1B451CECF15F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8E698EBB-7665-4639-B8CA-094EC0FE4C0B}" = lport=3704 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{8FE56E51-18B0-408D-8787-223A71ED2DBD}" = lport=3703 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
"{A7674991-9E83-4008-9C1D-9E6987E7856D}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A7A4F9DF-2523-47CE-84E8-398FFB327207}" = rport=445 | protocol=6 | dir=out | app=system | 
"{AB6C4F58-A9EF-409B-865D-38AE175FD34C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{C0F8970C-8AFC-4941-B9C3-EE9B19544C3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{C2D9688D-F32E-4AA3-BA21-65FBE5C830FF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{CD05588B-220D-4CEA-B905-ED639642BE7F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D51E3BB9-BC9C-4DF5-B40A-68D0702B13E7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{DE3D1D43-9F4A-450F-9AD2-8349B5989C87}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E9166D4B-1627-4162-B911-28965FE9E4A5}" = lport=51001 | protocol=6 | dir=in | name=adobe version cue cs4 server | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007AAFCB-9188-4096-9A96-68F7FADCE1F1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{06B75DED-3B6F-40C8-A0A7-F81D135C16B3}" = protocol=17 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{09CFBE2B-BBA3-40EE-B6ED-AB0557CFAA9A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{0AC9B203-90A4-4E37-8887-5E1FF2DAC224}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{0DFD60F7-9BED-4F49-B602-771F6334F83D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{101D51D8-8B3A-4079-9F41-0788C510C2C1}" = protocol=17 | dir=in | app=e:\origin games\battlefield 3\bf3.exe | 
"{110071DF-BE55-4BC8-9227-8DCCEB284B74}" = protocol=17 | dir=in | app=e:\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{128E3F45-26D0-4C9F-AA5F-CACECC835594}" = protocol=17 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe | 
"{133C65F5-B92B-439B-BD28-258AF0D23B49}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{142C5886-C8B8-46D2-8471-D30EB79F626B}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"{155008C2-ECDC-4D59-9F1B-B6114A203928}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{1A9493F0-2BCF-4841-8208-8E972B4E7BE5}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{205216A6-1169-400E-8449-0D3ECE53844B}" = protocol=6 | dir=in | app=e:\origin games\battlefield 1942\bf1942.exe | 
"{2064CC99-FBF1-4096-8847-B80B172801FB}" = protocol=6 | dir=out | app=system | 
"{211CB1A0-C092-45BA-B52B-2A23C021D636}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{27076EF9-26D0-45D5-B4E0-C0A5EC7482F6}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{2AF1BAF4-AB45-46E7-B85E-2BB97420E470}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{2D126DEB-78EC-4B61-B193-0B5ECC3EEBF4}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer_service.exe | 
"{2DD9DBAF-CB6A-4A60-95BC-4322BFBD7DF7}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{2F0F4A7D-E395-4832-9DB7-6B9FA0A25CCD}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{306F08FF-3DBE-432A-A99C-82F97F68F063}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{33FA10BB-401B-4573-81DC-6D8AF59CC007}" = protocol=17 | dir=in | app=e:\maxpayne3\playmaxpayne3.exe | 
"{39D44E93-B3FB-4A03-933E-DFDC9892666C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3B84CC68-3EDB-4935-B093-43F51D558EEB}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{3BC6E479-BABF-443E-8F6D-20D2FB4BB965}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3F705513-F4AA-4F9F-9399-5A2AC0C88A7E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{44C52794-E8E5-47A4-B80E-7342474A5D42}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{45111898-C0BB-4EDC-95C7-95D99B16A887}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{46E40DB6-ED8F-4B19-9D98-3000A710CBED}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{470721D9-0B81-4480-8909-5F6E8A7C6F25}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{47390B5D-DCEE-4CF2-A2E3-BB389250419B}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{477ADC69-B775-4CE7-ABA3-5D4622D40EDF}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{491DE640-569E-4D63-88E1-4D002CCB032D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{4E9370F4-B649-4F0C-8FA1-E68D098AA318}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{519C627A-CFF4-45DC-9893-29B4A0F7269E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5309254E-3E30-42D3-BBAD-8C9638F2C062}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\rage\rage.exe | 
"{59F57AFE-18CB-4765-A89C-BE7D159152D8}" = dir=in | app=c:\users\siro-cool\appdata\local\microsoft\skydrive\skydrive.exe | 
"{5EFA3847-2623-4A06-8579-D59E4B2C83C0}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{60E55A99-6054-4F27-A351-3905B42308B9}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{6ACD7ED9-F665-4C74-A192-F3C6D08AB38A}" = protocol=6 | dir=in | app=e:\starcraft ii\starcraft ii.exe | 
"{6AD9F96B-D052-468F-97C5-340C695F2FFC}" = protocol=6 | dir=in | app=f:\idevice manager\software4u.idevicemanager.exe | 
"{6BE28E6A-0E80-4080-B2C3-CC7938F35F22}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6F8B792B-4782-4317-BAFA-FE5A0E57D1A9}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{7036A852-092D-42BD-AA17-57F896351993}" = protocol=17 | dir=in | app=e:\starcraft ii\starcraft ii public test.exe | 
"{739964BC-1B57-4F2E-A93B-FC4E5FA9703F}" = protocol=17 | dir=in | app=d:\users\siro-cool\appdata\roaming\icqm\icq.exe | 
"{758F5B19-98CA-455C-AEAE-A32F72EBEAAC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{776F41E4-7069-4A6A-B997-B9D7757EE4DC}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{81C39D1C-5C1E-4E19-AA6E-1B95E36B2D50}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{858EB46D-D065-49E2-84D1-F892DA7248CE}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\rage\rage.exe | 
"{88AF1DAD-9D29-4D1A-8497-DCC5BEBAFEE2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{88C01CA1-6B95-4848-9ED9-6D5AB032A4A8}" = protocol=6 | dir=in | app=e:\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{890186C6-4BC6-4823-A62D-AD8D6AE98A3F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8B32019D-7ACA-4BF1-B9BD-1C7BAF7E45BC}" = protocol=6 | dir=in | app=e:\maxpayne3\playmaxpayne3.exe | 
"{8CA56819-ECA6-47C0-A5A4-050A456EDCAE}" = protocol=17 | dir=in | app=f:\idevice manager\software4u.idevicemanager.exe | 
"{8CC8C808-3609-47C6-947F-284558A25A58}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{8D4CB017-5CA8-4F09-BC4F-389079B7A357}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8EB724DE-5EA1-4218-8EE0-358D21DC7E50}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{8F49DE6C-0C4A-4D64-887E-15C71DB34933}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9523BA88-ACDD-42B4-A140-4FA03EA33ED6}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{9B2F2585-D23C-49FC-8CA7-6FC08CA826B7}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9B657C54-33D7-480C-9B59-CD6FE55DD799}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A590994B-047A-4369-9934-2CA25D04424D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A683330D-E6CB-4A74-B123-6D198AC950B1}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{A7F146B2-E355-491B-A844-FC9076522039}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{A8E2CD23-189D-4B17-B998-B746A3DCC38B}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AAACC749-8747-48DB-91A4-D4AFF5EAA572}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{AB3E7E5F-C825-4B19-A735-6E174C799A44}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\adobe\adobe version cue cs4\server\bin\versioncuecs4.exe | 
"{B4C9C664-E8D4-438D-A1E8-98FC529A0572}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\asus mobilink\iphone simulator\pnsvc.exe | 
"{B824712B-4A41-4F5A-ACA4-AEF5AB66E2B4}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\adobe\cs4servicemanager\cs4servicemanager.exe | 
"{B9644F5E-4E8C-4803-B46C-C0D943CD253A}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{BC6CCBA7-E442-4317-8046-42257F79EA22}" = protocol=6 | dir=in | app=c:\program files (x86)\sybase\sql anywhere 9\win32\dbsrv9.exe | 
"{BDB74E53-BDFB-40A8-916C-81CF1A4B0F81}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{C1918FA6-0464-4C63-A458-784E7CF74FF5}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{C955907C-A9EB-43CC-9D90-E6CDD9D13C95}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{DB5B00B7-3CDB-43B6-83C2-DC65DD3AF2DB}" = protocol=6 | dir=in | app=d:\users\siro-cool\appdata\roaming\icqm\icq.exe | 
"{DDEB9370-C1FD-419D-B00C-7E1CEC8DEA7C}" = protocol=6 | dir=in | app=e:\origin games\battlefield 3\bf3.exe | 
"{E29610B3-BF25-47F6-B56C-5D8AA7288A8C}" = dir=in | app=f:\itunes\itunes.exe | 
"{E2F52681-3886-421D-A8D8-3A4907B511E1}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version7\teamviewer.exe | 
"{E30C774C-57F4-4ECE-AD42-B90C291A6BD9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E752FB11-C6A4-4FF3-9D8B-344A68B29970}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{EBF0EE27-6FB7-4356-95E7-C285DFD6B865}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{FACD9BE2-D049-4EBB-AB33-C2367F504DC6}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{FE66744F-4303-40DA-B224-90970C7175AF}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"TCP Query User{85F6303A-072F-4AB5-97CD-366C91CF800D}C:\windows\syswow64\svchost.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\svchost.exe | 
"UDP Query User{F3EA2EEB-C7B3-4B6A-BEEF-760E938AE688}C:\windows\syswow64\svchost.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\svchost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{295CFB7C-A57E-4313-93E7-68E7CE1D0332}" = Adobe WinSoft Linguistics Plugin x64
"{2D74E972-5A85-44DC-9193-8A302BA8C181}" = Photoshop Camera Raw_x64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6631325A-9B1B-4EE7-8E64-8CC4A6F10643}" = Adobe Fonts All x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8875A1C0-6308-4790-8CF6-D34E89880052}" = Adobe Linguistics CS4 x64
"{887797BF-37A5-4199-B0C9-0D38D6196E9A}" = Adobe Anchor Service x64 CS4
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C8D673B-20FB-43E6-BCB7-9B3F78F2E762}" = Adobe Type Support x64 CS4
"{8DAA31EB-6830-4006-A99F-4DF8AB24714F}" = Adobe CSI CS4 x64
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-1000-0000000FF1CE}_Office14.SingleImage_{70A3169E-288F-454F-A08D-20DF66639B50}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-1000-0000000FF1CE}_Office14.SingleImage_{0242505C-4E90-407F-9299-B5B275F50D86}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-1000-0000000FF1CE}_Office14.SingleImage_{B51389C8-2890-4633-81D8-47D2A7402274}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-1000-0000000FF1CE}_Office14.SingleImage_{3013A793-10A7-4D1F-B8B4-2FAA82F4D259}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-1000-0000000FF1CE}_Office14.SingleImage_{98782D5D-A9EE-43C6-88AD-B50AD8530E78}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-1000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-1000-0000000FF1CE}_Office14.SingleImage_{7BC9B5EB-125A-4E9B-97E1-8D85B5E960B8}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.SingleImage_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.SingleImage_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.SingleImage_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.SingleImage_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90BA8112-80B3-4617-A3C1-BD2771B60F74}" = Adobe CMaps x64 CS4
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A3454894-144A-4D80-B605-C128FE0D7329}" = Adobe Drive CS4 x64
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.90
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B37A99DD-88E2-4ED0-80B4-1E054AB354BF}" = Adobe InDesign CS4 Icon Handler x64
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D0CB24F4-084F-40DE-B6B9-A03626E682F0}" = iCloud
"{D40172D6-CE2D-4B72-BF5F-26A04A900B7B}" = Adobe Photoshop CS4 (64 Bit)
"{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.95.0
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D8CC254C-C671-4664-9A38-FA368D1E2C97}" = SES Driver
"{DFFABE78-8173-4E97-9C5C-22FB26192FC5}" = Adobe PDF Library Files x64 CS4
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6822EFD-3F7D-4B35-8845-757A26AEC8E2}" = Windows Live MIME IFilter
"4CA7CFBB29889F25ACB3DF6E3A42BAE29EB43B20" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM  (01/19/2011 1.0.0009.0)
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.61.3
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PROSetDX" = Intel(R) Network Connections 17.4.95.0
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05308C4E-7285-4066-BAE3-6B50DA6ED755}" = Adobe Update Manager CS4
"{054EFA56-2AC1-48F4-A883-0AB89874B972}" = Adobe Extension Manager CS4
"{098727E1-775A-4450-B573-3F441F1CA243}" = kuler
"{098A2A49-7CF3-4F08-A38D-FB879117152A}" = Adobe Color NA Extra Settings CS4
"{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 8.0 Banner Remover 1.0
"{0D6013AB-A0C7-41DC-973C-E93129C9A29F}" = Adobe Color JA Extra Settings CS4
"{0DC0E85F-36E4-463B-B3EA-4CD8ED2222A1}" = Adobe Color EU Recommended Settings CS4
"{0F723FC1-7606-4867-866C-CE80AD292DAF}" = Adobe CSI CS4
"{15BF7AAF-846C-4A6D-80E1-5D1FC7FB461B}" = Adobe SGM CS4
"{15F3A6F5-06AE-4332-AE3E-21CD0416827A}" = Windows Live Mail
"{1618734A-3957-4ADD-8199-F973763109A8}" = Adobe Anchor Service CS4
"{16E6D2C1-7C90-4309-8EC4-D2212690AAA4}" = AdobeColorCommonSetRGB
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1AA94747-3BF6-4237-9E1A-7B3067738FE1}" = Max Payne 3
"{1B7C06E1-4888-47A6-992A-0990B9683486}" = Adobe Version Cue CS4 Server
"{1DCA3EAA-6EB5-4563-A970-EA14D75037BA}" = Adobe InDesign CS4
"{1E04CB54-AF4E-4AC3-B4B7-C0A160BE57F1}" = Adobe InDesign CS4 Icon Handler
"{26A24AE4-039D-4CA4-87B4-2F83217013FF}" = Java 7 Update 13
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2BAF2B96-7560-48B4-87D4-10178DDBE217}" = Adobe InDesign CS4 Application Feature Set Files (Roman)
"{30C8AA56-4088-426F-91D1-0EDFD3A25678}" = Adobe Dreamweaver CS4
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{35D94F92-1D3A-43C5-8605-EA268B1A7BD9}" = PDF Settings CS4
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = JMicron JMB36X Driver
"{3A4E8896-C2E7-4084-A4A4-B8FD1894E739}" = Adobe XMP Panels CS4
"{3C3DCD2B-6FC7-41BF-BB80-40A936E1A785}" = Windows Live Writer
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3D2C9DE6-9ADE-4252-A241-E43723B0CE02}" = Adobe Color - Photoshop Specific CS4
"{3DA8DF9A-044E-46C4-8531-DEDBB0EE37FF}" = Adobe WinSoft Linguistics Plugin
"{3DD8DC4E-B908-4CC6-9F42-ACEF950D8797}" = LightScribe Template Labeler
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3FD0C489-0F02-481a-A3E1-9754CD396761}" = Intel® Watchdog Timer Driver (Intel® WDT)
"{3FF8E8A7-5BA8-4D9E-B976-B05B2B00B0AE}" = Microsoft Expression Web 4
"{400C31E4-796F-4E86-8FDC-C3C4FACC6847}" = Junk Mail filter update
"{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost
"{43509E18-076E-40FE-AF38-CA5ED400A5A9}" = Pixel Bender Toolkit
"{448DA1AD-D1CA-4967-8EFA-9482F31E7BFD}" = Lexware Datenbank plus 2012
"{44E240EC-2224-4078-A88B-2CEE0D3016EF}" = Adobe After Effects CS4 Presets
"{45EC816C-0771-4C14-AE6D-72D1B578F4C8}" = Adobe After Effects CS4
"{4943EFF5-229F-435D-BEA9-BE3CAEA783A7}" = Adobe Service Manager Extension
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A52555C-032A-4083-BDD9-6A85ABFB39A8}" = Adobe SING CS4
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{52232EF4-CC12-4C21-ABCF-ADB79618302D}" = Adobe Soundbooth CS4 Codecs
"{53646626-11D9-33C6-8BB1-472536192DC4}" = Google Talk Plugin
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{561968FD-56A1-49FD-9ED0-F55482C7C5BC}" = Adobe Media Encoder CS4 Exporter
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{60DB5894-B5A1-4B62-B0F3-669A22C0EE5D}" = Adobe Dynamiclink Support
"{61D6891E-E822-4448-9F9A-0AAAAEB6AF6C}" = Adobe Creative Suite 4 Master Collection
"{63C24A08-70F3-4C8E-B9FB-9F21A903801D}" = Adobe Color Video Profiles CS CS4
"{63E5CDBF-8214-4F03-84F8-CD3CE48639AD}" = Adobe Photoshop CS4 Support
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{67A9747A-E1F5-4E9A-81CC-12B5D5B81B6E}" = Adobe After Effects CS4 Third Party Content
"{68243FF8-83CA-466B-B2B8-9F99DA5479C4}" = AdobeColorCommonSetCMYK
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AB4E5CD-0062-48E8-96A3-E5B4486DFCB3}" = Lexware buchhalter 2013
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6B54B1AE-EBCA-48BE-92AF-61D02118F093}" = Lexware online banking
"{70854FE6-3BF1-4C69-94D0-BEB821102E34}" = Windows Live Mail
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71972D00-4596-11E2-B6EA-B8AC6F97B88E}" = Google Earth Plug-in
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7CC7BDD5-6F10-4724-96A1-EAC7D9F2831C}" = Adobe InDesign CS4 Common Base Files
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB64E72-9B0E-4460-A821-040C341E414A}" = ASUS Ai Charger
"{8186FF34-D389-4B7E-9A2F-C197585BCFBD}" = Adobe Media Encoder CS4 Importer
"{820D3F45-F6EE-4AAF-81EF-CE21FF21D230}" = Adobe Type Support CS4
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83877DB1-8B77-45BC-AB43-2BAC22E093E0}" = Adobe Bridge CS4
"{842B4B72-9E8F-4962-B3C1-1C422A5C4434}" = Suite Shared Configuration CS4
"{87532CAB-7932-4F84-8937-823337622807}" = Adobe Illustrator CS4
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8913AC02-67B8-4B52-91B2-BBA7B9C265B5}" = Windows Live Writer Resources
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8AE7E507-BC49-4DF0-A236-26878691AB53}" = Lexware Info Service
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{90538B62-F392-4DE1-B886-7B48123866E9}" = LightScribe System Software
"{931AB7EA-3656-4BB7-864D-022B09E3DD67}" = Adobe Linguistics CS4
"{94D398EB-D2FD-4FD1-B8C4-592635E8A191}" = Adobe CMaps CS4
"{97C79BEC-43F7-4BD8-A6A7-85C0257E488A}" = Windows Live Writer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6BFB0F-6B1F-4D1A-A9DA-42F6794C9188}" = Lexware Elster
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A6EC82A0-1414-475D-8AFD-469089F3080D}" = Adobe Contribute CS4
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}_953" = Adobe Acrobat 9.5.3 - CPSID_83708
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B05DE7B7-0B40-4411-BD4B-222CAE2D8F15}" = Adobe MotionPicture Color Files CS4
"{B15381DD-FF97-4FCD-A881-ED4DB0975500}" = Adobe Color Video Profiles AE CS4
"{B29AD377-CC12-490A-A480-1452337C618D}" = Connect
"{B5EDE97F-29A3-4A18-B9AE-CBE33DD2ED61}" = Tukui Update Utility
"{B65BA85C-0A27-4BC0-A22D-A66F0E5B9494}" = Adobe Photoshop CS4
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B9F4561A-924D-4510-A85A-BB0960C338CB}" = Adobe Asset Services CS4
"{BB4E33EC-8181-4685-96F7-8554293DEC6A}" = Adobe Output Module
"{BE672587-331F-42F7-BC38-D59759311C75}" = Lexware reisekosten plus 2012
"{BE9CEAAA-F069-4331-BF2F-8D350F6504F4}" = Adobe Media Encoder CS4 Additional Exporter
"{C268B5E1-A5DA-11DF-A289-005056C00008}" = Paragon Backup & Recovery™ 2012 Free
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C52E3EC1-048C-45E1-8D53-10B0C6509683}" = Adobe Default Language CS4
"{C7CA731B-BF9A-46D9-92CF-8A8737AE9240}" = System Requirements Lab for Intel
"{C938BE91-3BB5-4B84-9EF6-88F0505D0038}" = Adobe Premiere Pro CS4 Third Party Content
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CC75AB5C-2110-4A7F-AF52-708680D22FE8}" = Photoshop Camera Raw
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2C146B1-948D-47EF-8387-5D1C6B980F7C}" = Windows Live Writer
"{D34A78EB-78F2-48ab-8CAE-5D4DC255A491}" = Lexware reisekosten plus 2012
"{DEB90B8E-0DCB-48CE-B90E-8842A2BD643E}" = Adobe Media Encoder CS4
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E8EE9410-8AC4-4F43-A626-DDECA75C79F3}" = Adobe Setup
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E64E2E-3A60-40D8-A55D-92F6831875DA}" = Adobe Search for Help
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F289D934-2224-473B-B57E-0040D2693F83}" = TAXMAN 2013
"{F8511A0F-D91D-4E3D-A59C-3CA8FB8EAFE8}" = MechWarrior Online
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F8EF2B3F-C345-4F20-8FE4-791A20333CD5}" = Adobe ExtendScript Toolkit CS4
"{F93C84A6-0DC6-42AF-89FA-776F7C377353}" = Adobe PDF Library Files CS4
"{FB2A5FCC-B81B-48C2-A009-7804694D83E9}" = Adobe Encore CS4 Codecs
"{FBD7A67D-D700-4043-B54F-DD106D00F308}" = LameXP
"{FCDD51BB-CAD0-4BB1-B7DF-CE86D1032794}" = Adobe Fonts All
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe_b2d6abde968e6f277ddbfd501383e02" = Adobe Creative Suite 4 Master Collection
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 2.0.3
"Audiograbber" = Audiograbber 1.83 SE 
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.4
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Exact Audio Copy" = Exact Audio Copy 1.0beta3
"FE5AE7DC-7B01-4263-A94C-B4526C276550_is1" = iDevice Manager
"FileZilla Client" = FileZilla Client 3.6.0.2
"GOGPACKDUKE3D_is1" = Duke Nukem 3D
"InstallShield_{41910260-4532-4734-8181-3E8AFDBB05D7}" = EasyBoost
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"LAME_is1" = LAME v3.99.3 (for Windows)
"MagniDriver" = marvell 91xx driver
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"Max Payne 3 DLC" = Max Payne 3 DLC
"Messenger Plus!" = Messenger Plus!
"Messenger Plus! for Skype" = Messenger Plus! for Skype
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"Mozilla Thunderbird 15.0.1 (x86 de)" = Mozilla Thunderbird 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Mp3tag" = Mp3tag v2.52
"N360" = Norton 360
"Notepad++" = Notepad++
"Origin" = Origin
"PS3 Media Server" = PS3 Media Server
"PunkBusterSvc" = PunkBuster Services
"RocketDock_is1" = RocketDock 1.3.5
"Rockstar Games Social Club" = Rockstar Games Social Club
"StarCraft II" = StarCraft II
"Steam App 43110" = Metro 2033
"Steam App 49520" = Borderlands 2
"Steam App 9200" = RAGE
"TeamViewer 7" = TeamViewer 7
"Web_4.0.1460.0" = Microsoft Expression Web 4
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"XnView Shell Extension_is1" = XnView Shell Extension 3.2.0 (64bits)
"XnView_is1" = XnView 1.99.1
"xp-AntiSpy" = xp-AntiSpy 3.98-2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"101a9f93b8f0bb6f" = Curse Client
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-E:/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{74d11f91-05cc-44f6-8e49-94fe7f33c79b}" = MechWarrior Online
"101a9f93b8f0bb6f" = Curse Client
"Google Chrome" = Google Chrome
"ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer)
"Mozilla Thunderbird 17.0.2 (x86 de)" = Mozilla Thunderbird 17.0.2 (x86 de)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"SOE-E:/PlanetSide 2 PSG" = gamelauncher-ps2-psg
"soe-PlanetSide 2 PSG" = PlanetSide 2
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.02.2013 13:14:05 | Computer Name = SION | Source = Bonjour Service | ID = 100
Description = ERROR: handle_resolve_request bad interfaceIndex 16
 
Error - 04.02.2013 15:29:45 | Computer Name = SION | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 04.02.2013 22:53:33 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 04.02.2013 23:00:39 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 01:23:13 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 01:48:42 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 02:18:22 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 07:16:17 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 07:29:11 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 07:46:15 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 05.02.2013 12:10:20 | Computer Name = SION | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
[ System Events ]
Error - 03.12.2012 10:24:17 | Computer Name = SION | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_VIM
 
Error - 03.12.2012 10:24:44 | Computer Name = SION | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 03.12.2012 13:51:23 | Computer Name = SION | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 03.12.2012 13:51:32 | Computer Name = SION | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_VIM
 
Error - 03.12.2012 13:52:07 | Computer Name = SION | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 04.12.2012 02:04:02 | Computer Name = SION | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 04.12.2012 02:04:12 | Computer Name = SION | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   Uim_VIM
 
Error - 04.12.2012 02:04:31 | Computer Name = SION | Source = Service Control Manager | ID = 7000
Description = Der Dienst "WinRing0_1_2_0" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 04.12.2012 03:48:44 | Computer Name = SION | Source = DCOM | ID = 10010
Description = 
 
Error - 04.12.2012 03:48:48 | Computer Name = SION | Source = Service Control Manager | ID = 7043
Description = Der Dienst Gruppenrichtlinienclient konnte nach dem Empfang eines 
Preshutdown-Steuerelements nicht richtig heruntergefahren werden.
 
 
< End of report >
         

Alt 05.02.2013, 18:20   #2
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



OTL logfile

Code:
ATTFilter
OTL logfile created on: 05.02.2013 18:04:14 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\SiRo-CoOl\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
15,97 Gb Total Physical Memory | 12,17 Gb Available Physical Memory | 76,22% Memory free
15,97 Gb Paging File | 12,07 Gb Available in Paging File | 75,59% Paging File free
Paging file location(s):  [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 74,80 Gb Free Space | 66,92% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 352,88 Gb Free Space | 37,88% Space Free | Partition Type: NTFS
Drive E: | 310,41 Gb Total Space | 116,00 Gb Free Space | 37,37% Space Free | Partition Type: NTFS
Drive F: | 310,50 Gb Total Space | 308,63 Gb Free Space | 99,40% Space Free | Partition Type: NTFS
Drive I: | 1862,98 Gb Total Space | 1228,33 Gb Free Space | 65,93% Space Free | Partition Type: NTFS
 
Computer Name: SION | User Name: SiRo-CoOl | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\SiRo-CoOl\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\ProgramData\weegfw.exe (ArcSoft                                                      )
PRC - C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.)
PRC - C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\TurboVHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pnSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\EPU\EPUHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\EC Simulator.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
PRC - C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\DIGI+ VRM\VRMHelp.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - F:\RocketDock\RocketDock.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c4fa75aed82f50d4a7831755a0c4f7b2\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\521a6a2a0bdc82ad5f0ec5aecb6b8c82\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\d908c91e24616e6b8d38c9da61038b25\Accessibility.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMLib.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.2.1.22\wincfi39.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Bluetooth Go!\BluetoothGo.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Probe_II\ProbeII.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\MyLogo\MyLogo.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\AsNetlib.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\CpuFreq.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Update\Update.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Windows\SysWOW64\IccLibDll.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\asacpiEx.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\iPhone Simulator\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TurboV EVO\HookKey32.dll ()
MOD - C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\acrotray.deu ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsMultiLang.dll ()
MOD - F:\RocketDock\RocketDock.exe ()
MOD - F:\RocketDock\RocketDock.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (MsgPlusService) -- C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\ccSvcHst.exe (Symantec Corporation)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.13\aaHMSvc.exe ()
SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (LBTServ) -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV - (Lexware_Datenbank_Plus) -- C:\Program Files (x86)\Sybase\SQL Anywhere 9\win32\dbsrv9.exe (iAnywhere Solutions, Inc.)
SRV - (DTSAudioService) -- C:\Programme\Realtek\Audio\HDA\DTSAudioService64.exe (DTS)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.13\atkexComSvc.exe ()
SRV - (AtherosSvc) -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe (Atheros Commnucations)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.11\AsSysCtrlService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (Adobe Version Cue CS4) -- C:\Program Files (x86)\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symds64.sys (Symantec Corporation)
DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ironx64.sys (Symantec Corporation)
DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation)
DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (teamviewervpn) -- C:\Windows\SysNative\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1402010.016\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (AnyDVD) -- C:\Windows\SysNative\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon)
DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider)
DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon)
DRV:64bit: - (hotcore3) -- C:\Windows\SysNative\drivers\hotcore3.sys (Paragon Software Group)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LEqdUsb) -- C:\Windows\SysNative\drivers\LEqdUsb.sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidEqd) -- C:\Windows\SysNative\drivers\LHidEqd.sys (Logitech, Inc.)
DRV:64bit: - (mvs91xx) -- C:\Windows\SysNative\drivers\mvs91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (WDC_SAM) -- C:\Windows\SysNative\drivers\wdcsam64.sys (Western Digital Technologies)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (BTATH_A2DP) -- C:\Windows\SysNative\drivers\btath_a2dp.sys (Atheros)
DRV:64bit: - (BtFilter) -- C:\Windows\SysNative\drivers\btfilter.sys (Atheros)
DRV:64bit: - (BTATH_HCRP) -- C:\Windows\SysNative\drivers\btath_hcrp.sys (Atheros)
DRV:64bit: - (BTATH_RCP) -- C:\Windows\SysNative\drivers\btath_rcp.sys (Atheros)
DRV:64bit: - (BTATH_LWFLT) -- C:\Windows\SysNative\drivers\btath_lwflt.sys (Atheros)
DRV:64bit: - (ATHDFU) -- C:\Windows\SysNative\drivers\AthDfu.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (AthBTPort) -- C:\Windows\SysNative\drivers\btath_flt.sys (Atheros)
DRV:64bit: - (BTATH_BUS) -- C:\Windows\SysNative\drivers\btath_bus.sys (Atheros)
DRV:64bit: - (AiCharger) -- C:\Windows\SysNative\drivers\AiCharger.sys (ASUSTek Computer Inc.)
DRV:64bit: - (ICCWDT) -- C:\Windows\SysNative\drivers\ICCWDT.sys (Intel Corporation)
DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130205.003\eng64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130116.013\BHDrvx64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130202.001\IDSviA64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (AnyDVD) -- C:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 76 23 87 92 8B CD 01  [binary data]
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1D 76 23 87 92 8B CD 01  [binary data]
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de"
FF - prefs.js..extensions.enabledAddons: guiconfig%40slosd.net:1.2.2
FF - prefs.js..extensions.enabledAddons: %7B097d3191-e6fa-4728-9826-b533d755359d%7D:0.7.18
FF - prefs.js..extensions.enabledAddons: %7Bef4e370e-d9f0-4e00-b93e-a4f274cfdd5a%7D:1.4.5
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: %7B1018e4d6-728f-4b20-ad56-37578a4de76b%7D:4.2.5
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.4
FF - prefs.js..extensions.enabledAddons: %7B77d2ed30-4cd2-11e0-b8af-0800200c9a66%7D:5.5
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: F:\VLC\npvlc.dll (VideoLAN)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: f:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\SiRo-CoOl\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\SiRo-CoOl\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\SiRo-CoOl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\SiRo-CoOl\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.02.05 17:10:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2012.11.28 01:34:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 07:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: F:\Mozilla Thunderbird\components [2013.01.28 15:31:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: F:\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.19 07:25:48 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: F:\Mozilla Thunderbird\components [2013.01.28 15:31:12 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: F:\Mozilla Thunderbird\plugins
 
[2012.09.05 20:20:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Extensions
[2013.02.01 04:15:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions
[2013.01.08 20:26:56 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013.02.01 04:15:57 | 000,000,000 | ---D | M] (FT DeepDark) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions\{77d2ed30-4cd2-11e0-b8af-0800200c9a66}
[2012.12.16 09:58:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\Firefox\Profiles\vhl1fqfy.default\extensions\ich@maltegoetz.de
[2012.09.05 20:55:51 | 000,174,405 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\guiconfig@slosd.net.xpi
[2012.09.06 18:01:27 | 000,455,379 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\{097d3191-e6fa-4728-9826-b533d755359d}.xpi
[2013.01.30 21:00:53 | 000,533,536 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.11.20 19:27:22 | 000,685,019 | ---- | M] () (No name found) -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\extensions\{ef4e370e-d9f0-4e00-b93e-a4f274cfdd5a}.xpi
[2013.01.26 14:12:42 | 000,002,376 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\searchplugins\icq.xml
[2012.09.09 09:46:48 | 000,004,140 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\searchplugins\youtube.xml
[2013.01.19 07:25:47 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.19 07:25:48 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.08.25 03:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.25 03:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.08.25 03:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.08.25 03:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.08.25 03:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.08.25 03:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\24.0.1312.57\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Users\SiRo-CoOl\AppData\Local\Google\Update\1.3.21.99\npGoogleUpdate3.dll
CHR - Extension: Angry Birds = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: bloomind ct deepdark = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\djolekdiiojehgfggcjckachfgkkdmjd\1_0\
CHR - Extension: Bookmarks Menu = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\ffmdedmghpoipeldijkdlcckdpempkdi\3.4.7_0\
CHR - Extension: AirMech = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdahlabpinmfcemhcbcfoijcpoalfgdn\15008_0\
CHR - Extension: Command & Conquer Tiberium Alliances = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgaeopgjojikeoiidmfaejkifhgjoooe\1.0.8_0\
CHR - Extension: Google Maps = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Download = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\nccjoeeljedbmkidebclpoabijggpbdp\0.1.5_0\
CHR - Extension: Google Mail = C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012.09.10 23:58:02 | 000,001,405 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 	127.0.0.1       activate.adobe.com
O1 - Hosts: 	127.0.0.1       practivate.adobe.com
O1 - Hosts: 	127.0.0.1       ereg.adobe.com
O1 - Hosts: 	127.0.0.1       activate.wip3.adobe.com
O1 - Hosts: 	127.0.0.1       wip3.adobe.com
O1 - Hosts: 	127.0.0.1       3dns-3.adobe.com
O1 - Hosts: 	127.0.0.1       3dns-2.adobe.com
O1 - Hosts: 	127.0.0.1       adobe-dns.adobe.com
O1 - Hosts: 	127.0.0.1       adobe-dns-2.adobe.com
O1 - Hosts: 	127.0.0.1       adobe-dns-3.adobe.com
O1 - Hosts: 	127.0.0.1       ereg.wip3.adobe.com
O1 - Hosts: 	127.0.0.1       activate-sea.adobe.com
O1 - Hosts: 	127.0.0.1       wwis-dubc1-vip60.adobe.com
O1 - Hosts: 	127.0.0.1       activate-sjc0.adobe.com
O1 - Hosts: 	127.0.0.1       wwis-dubc1-vip60.adobe.com
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Contribute Toolbar) - {517BDDE4-E3A7-4570-B21E-2B52B6139FC7} - C:\Program Files (x86)\Adobe\/Adobe Contribute CS4/contributeieplugin.dll ()
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.2.1.22\coIEPlg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe_ID0ENQBO] C:\PROGRA~2\COMMON~1\Adobe\ADOBEV~1\Server\bin\VERSIO~2.EXE (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS Ai Charger] C:\Program Files (x86)\ASUS\ASUS Ai Charger\AiChargerAP.exe (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUS ShellProcess Execute] C:\Program Files (x86)\ASUS\AI Suite II\ASUS Mobilink\Simulator\AsShellProcess.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MessengerPlusForSkypeService] C:\Program Files (x86)\Yuna Software\Messenger Plus! for Skype\MsgPlusForSkypeService.exe (Yuna Software)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKLM..\Run: [PlusService] C:\Program Files (x86)\Yuna Software\Messenger Plus!\PlusService.exe (Yuna Software)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [ewfwfw] C:\ProgramData\weegfw.exe (ArcSoft                                                      )
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [RocketDock] F:\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\Run: [xp-AntiSpy Profile Check] F:\xp-AntiSpy\xp-AntiSpy.exe (Tiger-IT.de)
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [ewfwfw] C:\ProgramData\weegfw.exe (ArcSoft                                                      )
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [icq] C:\Users\UpdatusUser\AppData\Roaming\ICQM\icq.exe -CU File not found
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [RocketDock] F:\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\Run: [xp-AntiSpy Profile Check] F:\xp-AntiSpy\xp-AntiSpy.exe (Tiger-IT.de)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6010.0727\amd64" File not found
O4 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008..\RunOnce: [Uninstall C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SiRo-CoOl\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910\amd64" File not found
F3:64bit: - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe) -  File not found
F3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1008\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3352656A-2115-47C1-A459-32839E5BDAEA}: DhcpNameServer = 192.168.2.1 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{75485dd3-f781-11e1-9973-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{75485dd3-f781-11e1-9973-806e6f6e6963}\Shell\AutoRun\command - "" = H:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.05 17:43:12 | 000,000,000 | ---D | C] -- C:\Program Files\Max Spyware Detector
[2013.02.05 17:43:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Max Secure
[2013.02.05 17:38:29 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Max Secure Software
[2013.02.05 17:10:22 | 000,000,000 | R--D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.02.05 06:11:40 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Malwarebytes
[2013.02.05 06:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.05 06:11:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.05 06:11:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.05 06:11:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.05 05:03:44 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Audacity
[2013.02.05 05:03:16 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Programs
[2013.02.05 04:54:39 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\redsn0w
[2013.02.05 04:48:58 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.05 04:48:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.05 04:48:56 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.05 04:48:56 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.05 04:48:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.04 23:21:33 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\Documents\DCSCMIN
[2013.02.04 20:58:15 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\Local Settings
[2013.02.04 18:09:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\RTCOM
[2013.02.04 18:09:49 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek
[2013.02.04 18:09:39 | 008,363,864 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek.dll
[2013.02.04 18:09:39 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64A.dll
[2013.02.04 18:09:39 | 005,096,448 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoRes64.dat
[2013.02.04 18:09:39 | 003,615,888 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkAPO64.dll
[2013.02.04 18:09:39 | 002,674,320 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtPgEx64.dll
[2013.02.04 18:09:39 | 002,605,400 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib.dll
[2013.02.04 18:09:39 | 002,533,952 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll
[2013.02.04 18:09:39 | 002,131,288 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioEQ.dll
[2013.02.04 18:09:39 | 001,560,168 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTSnMg64.cpl
[2013.02.04 18:09:39 | 001,361,336 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tosade.dll
[2013.02.04 18:09:39 | 001,345,368 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioRealtek264.dll
[2013.02.04 18:09:39 | 001,262,696 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RTCOM64.dll
[2013.02.04 18:09:39 | 001,015,640 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll
[2013.02.04 18:09:39 | 000,869,520 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkApi64.dll
[2013.02.04 18:09:39 | 000,836,544 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo264.dll
[2013.02.04 18:09:39 | 000,712,296 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSSymmetryDLL64.dll
[2013.02.04 18:09:39 | 000,693,352 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSVoiceClarityDLL64.dll
[2013.02.04 18:09:39 | 000,603,984 | ---- | C] (Knowles Acoustics ) -- C:\Windows\SysNative\KAAPORT64.dll
[2013.02.04 18:09:39 | 000,537,456 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PLFX64.dll
[2013.02.04 18:09:39 | 000,524,656 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PGFX64.dll
[2013.02.04 18:09:39 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll
[2013.02.04 18:09:39 | 000,449,392 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSU2PREC64.dll
[2013.02.04 18:09:39 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64A.dll
[2013.02.04 18:09:39 | 000,396,632 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxVolumeSDAPO.dll
[2013.02.04 18:09:39 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll
[2013.02.04 18:09:39 | 000,341,336 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll
[2013.02.04 18:09:39 | 000,331,880 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtlCPAPI64.dll
[2013.02.04 18:09:39 | 000,318,808 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO20.dll
[2013.02.04 18:09:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll
[2013.02.04 18:09:39 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll
[2013.02.04 18:09:39 | 000,221,024 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFNHK64.dll
[2013.02.04 18:09:39 | 000,220,776 | ---- | C] (Sony Corporation) -- C:\Windows\SysNative\SFSS_APO.dll
[2013.02.04 18:09:39 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll
[2013.02.04 18:09:39 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll
[2013.02.04 18:09:39 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll
[2013.02.04 18:09:39 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll
[2013.02.04 18:09:39 | 000,149,608 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCfg64.dll
[2013.02.04 18:09:39 | 000,148,416 | ---- | C] (TOSHIBA Corporation) -- C:\Windows\SysNative\tadefxapo.dll
[2013.02.04 18:09:39 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64A.dll
[2013.02.04 18:09:39 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64A.dll
[2013.02.04 18:09:39 | 000,105,616 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RCoInstII64.dll
[2013.02.04 18:09:39 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll
[2013.02.04 18:09:39 | 000,081,248 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFCOM64.dll
[2013.02.04 18:09:39 | 000,078,688 | ---- | C] (Synopsys, Inc.) -- C:\Windows\SysNative\SFAPO64.dll
[2013.02.04 18:09:39 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll
[2013.02.04 18:09:39 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64A.dll
[2013.02.04 18:09:39 | 000,074,064 | ---- | C] (Virage Logic Corporation / Sonic Focus) -- C:\Windows\SysWow64\SFCOM.dll
[2013.02.04 18:09:39 | 000,065,944 | ---- | C] (TOSHIBA CORPORATION.) -- C:\Windows\SysNative\tepeqapo64.dll
[2013.02.04 18:09:39 | 000,014,952 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\SysNative\RtkCoLDR64.dll
[2013.02.04 18:09:38 | 001,756,264 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2SpeakerDLL64.dll
[2013.02.04 18:09:38 | 001,568,360 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSS2HeadphoneDLL64.dll
[2013.02.04 18:09:38 | 001,486,952 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBoostDLL64.dll
[2013.02.04 18:09:38 | 000,728,680 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSBassEnhancementDLL64.dll
[2013.02.04 18:09:38 | 000,491,112 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSNeoPCDLL64.dll
[2013.02.04 18:09:38 | 000,432,744 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLimiterDLL64.dll
[2013.02.04 18:09:38 | 000,428,648 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGainCompensatorDLL64.dll
[2013.02.04 18:09:38 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSLFXAPO64.dll
[2013.02.04 18:09:38 | 000,242,792 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPO64.dll
[2013.02.04 18:09:38 | 000,241,768 | ---- | C] (DTS) -- C:\Windows\SysNative\DTSGFXAPONS64.dll
[2013.02.04 18:09:38 | 000,202,336 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAC64.dll
[2013.02.04 18:09:38 | 000,108,640 | ---- | C] (Andrea Electronics Corporation) -- C:\Windows\SysNative\AERTAR64.dll
[2013.02.03 10:01:15 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.02.03 09:44:28 | 035,753,472 | -H-- | C] (ArcSoft                                                      ) -- C:\ProgramData\weegfw.exe
[2013.02.03 07:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\SlySoft
[2013.02.03 07:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
[2013.02.01 23:48:06 | 000,060,184 | ---- | C] (Intel Corporation) -- C:\Windows\SysNative\drivers\HECIx64.sys
[2013.02.01 23:45:38 | 000,000,000 | ---D | C] -- C:\Program Files\Intel
[2013.02.01 23:33:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SystemRequirementsLab
[2013.02.01 23:32:58 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\SystemRequirementsLab
[2013.01.26 14:22:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ICQ-Banner-Remover
[2013.01.26 14:12:40 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013.01.26 14:12:35 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQM
[2013.01.26 14:12:13 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQ-Profile
[2013.01.26 14:01:07 | 000,047,616 | -H-- | C] (Yuna Software) -- C:\msimg32.dll
[2013.01.26 13:37:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Messenger Plus! for Skype
[2013.01.26 13:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yuna Software
[2013.01.26 13:16:46 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Skype
[2013.01.26 13:16:42 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.01.26 13:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.01.26 13:16:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.01.26 13:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.01.26 03:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2013.01.26 03:00:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft CAPICOM 2.1.0.2
[2013.01.25 19:49:36 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Netviewer
[2013.01.25 18:45:43 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\Lexware
[2013.01.25 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lexware
[2013.01.25 18:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DataDesign
[2013.01.25 18:45:14 | 000,000,000 | ---D | C] -- C:\ProgramData\SQL Anywhere 11
[2013.01.25 18:45:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SQL Anywhere 11
[2013.01.25 18:44:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sybase
[2013.01.25 18:41:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexware
[2013.01.25 18:41:13 | 000,000,000 | ---D | C] -- C:\ProgramData\lexware
[2013.01.25 18:41:00 | 001,929,216 | ---- | C] (Amyuni Technologies
hxxp://www.amyuni.com) -- C:\Windows\SysWow64\cdintf250.dll
[2013.01.25 18:37:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Lexware
[2013.01.25 18:37:19 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\Lexware
[2013.01.20 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\gnupg
[2013.01.20 13:55:01 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Local\LoRd_MuldeR
[2013.01.20 13:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LameXP v4.06
[2013.01.20 09:24:15 | 000,000,000 | --SD | C] -- C:\Users\SiRo-CoOl\Documents\Meine Websites
[2013.01.20 09:23:05 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.01.20 09:23:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
[2013.01.20 09:23:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8
[2013.01.20 09:22:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Expression
[2013.01.20 08:35:51 | 000,000,000 | -H-D | C] -- C:\archive_db
[2013.01.19 07:25:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.14 20:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.14 20:24:52 | 000,000,000 | ---D | C] -- C:\Users\SiRo-CoOl\AppData\Roaming\qualys
[2013.01.14 20:18:23 | 000,308,640 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.01.14 20:18:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.01.14 20:18:21 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.01.14 20:18:21 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.14 20:18:20 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.01.14 20:18:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.13 17:48:58 | 000,024,416 | R--- | C] (Adobe Systems Inc.) -- C:\Windows\SysNative\AdobePDFUI.dll
[2013.01.10 07:49:04 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.10 07:49:04 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.10 07:48:59 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.10 07:48:59 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.10 07:48:59 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.10 07:48:59 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.10 07:48:59 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.10 07:48:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.10 07:48:59 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.10 07:48:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.10 07:48:59 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.10 07:48:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.10 07:48:59 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.10 07:48:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.10 07:48:59 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.10 07:48:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.10 07:48:59 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.10 07:48:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.10 07:48:59 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.10 07:48:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.10 07:48:59 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.10 07:48:59 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.10 07:48:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.10 07:48:59 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.10 07:48:58 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.10 07:48:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.10 07:48:58 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.10 07:48:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.10 07:48:58 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.10 07:48:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.10 07:48:58 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.10 07:48:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.10 07:48:58 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.10 07:48:54 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.10 07:48:53 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.10 07:48:53 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.10 07:48:53 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.10 07:48:53 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.10 07:48:53 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.10 07:48:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.10 07:48:53 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.10 07:48:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.10 07:48:53 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.10 07:48:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.10 07:48:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 07:48:53 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.10 07:48:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 07:48:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.10 07:48:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 07:48:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 07:48:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.10 07:48:53 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.10 07:48:49 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013.01.08 15:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA
[2013.01.08 15:28:36 | 006,382,008 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcpl.dll
[2013.01.08 15:28:36 | 003,455,416 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvc64.dll
[2013.01.08 15:28:36 | 002,558,392 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvsvcr.dll
[2013.01.08 15:28:36 | 000,118,712 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvmctray.dll
[2013.01.08 15:28:36 | 000,063,928 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvshext.dll
[2013.01.08 15:28:28 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2013.01.08 15:28:11 | 015,052,368 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2013.01.08 15:28:11 | 001,472,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdagenco6420103.dll
[2013.01.08 15:28:11 | 001,107,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvumdshimx.dll
[2013.01.08 15:28:11 | 000,189,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2013.01.08 15:28:11 | 000,031,080 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.05 18:00:01 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2267972725-1089021970-2960566764-1000UA.job
[2013.02.05 17:21:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.05 17:20:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.05 17:18:22 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.05 17:18:22 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.05 17:18:22 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.05 17:18:22 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.05 17:18:22 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.05 17:16:39 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.05 17:16:39 | 000,021,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.05 17:10:23 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.05 17:10:16 | 000,000,035 | -H-- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.02.05 17:09:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.05 06:10:56 | 000,007,596 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Local\resmon.resmoncfg
[2013.02.05 05:30:39 | 006,155,066 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Azad - Ghettobass.mp3
[2013.02.05 04:48:54 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.05 04:48:54 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.05 04:48:54 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.05 04:48:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.05 04:48:54 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.05 04:48:54 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.04 00:42:56 | 001,588,880 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\Cat.DB
[2013.02.03 22:17:53 | 000,001,278 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Network Meter_Settings.ini
[2013.02.03 16:14:41 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.02.03 16:14:41 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.03 10:00:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2267972725-1089021970-2960566764-1000Core.job
[2013.02.02 17:19:01 | 035,753,472 | -H-- | M] (ArcSoft                                                      ) -- C:\ProgramData\weegfw.exe
[2013.02.01 23:59:04 | 000,867,360 | ---- | M] () -- C:\Windows\PE_Rom.dll
[2013.02.01 23:58:59 | 000,932,896 | ---- | M] () -- C:\Windows\PE_File.dll
[2013.02.01 23:40:24 | 000,718,900 | ---- | M] () -- C:\Windows\ASUSBIOS.zip
[2013.02.01 23:25:57 | 000,003,613 | ---- | M] () -- C:\Windows\MB.idx
[2013.02.01 23:24:54 | 000,000,551 | ---- | M] () -- C:\Windows\Path.idx
[2013.01.30 21:02:13 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.01.27 02:21:10 | 000,000,806 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Drives Meter_Settings.ini
[2013.01.27 02:20:56 | 000,000,543 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\All CPU MeterV3_Settings.ini
[2013.01.26 06:52:16 | 002,977,752 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.25 18:45:14 | 000,000,135 | ---- | M] () -- C:\Windows\ODBC.INI
[2013.01.24 15:18:03 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\VT20130115.021
[2013.01.22 21:08:23 | 000,000,019 | ---- | M] () -- C:\Windows\SysWow64\macAddr.lst
[2013.01.20 14:12:31 | 000,001,260 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Party.lnk
[2013.01.20 14:12:22 | 000,001,193 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\Best.lnk
[2013.01.20 08:18:47 | 000,000,282 | ---- | M] () -- C:\Users\SiRo-CoOl\AppData\Roaming\GPU MeterV2_Settings.ini
[2013.01.14 20:18:20 | 001,081,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.01.14 20:18:20 | 000,960,416 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.01.14 20:18:20 | 000,308,640 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.01.14 20:18:20 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.01.14 20:18:20 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.01.14 20:18:20 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.01.10 08:50:17 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.10 08:46:06 | 000,000,172 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1402010.016\isolate.ini
[2013.01.09 08:35:08 | 000,050,986 | ---- | M] () -- C:\Users\SiRo-CoOl\Desktop\new_skoda_octavia_rs_mk3_2014_blue.jpg
[2013.01.09 00:21:16 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.09 00:21:16 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[3 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.05 05:30:32 | 006,155,066 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Azad - Ghettobass.mp3
[2013.02.05 05:03:40 | 000,000,553 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
[2013.02.04 18:09:39 | 000,293,889 | ---- | C] () -- C:\Windows\SysNative\drivers\RTAIODAT.DAT
[2013.02.01 23:39:45 | 000,718,900 | ---- | C] () -- C:\Windows\ASUSBIOS.zip
[2013.02.01 23:21:51 | 000,003,613 | ---- | C] () -- C:\Windows\MB.idx
[2013.01.25 18:45:14 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI
[2013.01.22 21:08:23 | 000,000,019 | ---- | C] () -- C:\Windows\SysWow64\macAddr.lst
[2013.01.20 14:12:31 | 000,001,260 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\SubSiRo Party.lnk
[2013.01.20 14:12:22 | 000,001,193 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\Best.lnk
[2013.01.09 08:35:07 | 000,050,986 | ---- | C] () -- C:\Users\SiRo-CoOl\Desktop\new_skoda_octavia_rs_mk3_2014_blue.jpg
[2013.01.08 15:28:36 | 002,923,201 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin
[2012.10.08 11:07:41 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.10.07 12:23:10 | 000,207,488 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll
[2012.10.07 12:23:08 | 000,138,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll
[2012.10.07 12:23:08 | 000,074,368 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll
[2012.10.07 12:23:06 | 000,318,592 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll
[2012.10.06 11:48:06 | 000,932,896 | ---- | C] () -- C:\Windows\PE_File.dll
[2012.10.06 11:43:23 | 000,867,360 | ---- | C] () -- C:\Windows\PE_Rom.dll
[2012.09.11 10:40:03 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.09.07 16:12:10 | 000,007,596 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Local\resmon.resmoncfg
[2012.09.07 11:06:51 | 000,000,543 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\All CPU MeterV3_Settings.ini
[2012.09.07 10:53:34 | 000,000,806 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Drives Meter_Settings.ini
[2012.09.07 10:51:37 | 000,001,278 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\Network Meter_Settings.ini
[2012.09.07 10:50:57 | 000,000,282 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\GPU MeterV2_Settings.ini
[2012.09.07 10:48:05 | 000,000,241 | ---- | C] () -- C:\Users\SiRo-CoOl\AppData\Roaming\GPU Meter_Settings.ini
[2012.09.07 04:24:04 | 000,094,208 | ---- | C] () -- C:\Windows\SysWow64\IccLibDll.dll
[2012.09.06 15:14:18 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.09.06 15:14:14 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.09.05 19:26:41 | 000,013,440 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.09.05 19:26:40 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.09.05 19:02:36 | 000,034,482 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.09.05 19:01:03 | 000,030,765 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.09.05 18:55:46 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 14:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 14:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.02.05 05:31:45 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Audacity
[2012.09.08 20:45:53 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Canneverbe Limited
[2013.02.03 10:01:15 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.10.03 10:00:26 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\EAC
[2012.12.29 11:23:15 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\FileZilla
[2013.01.20 14:15:02 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\gnupg
[2013.01.26 14:13:21 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQ-Profile
[2013.01.28 15:12:12 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ICQM
[2012.09.07 16:29:01 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Leadertech
[2013.01.25 18:45:43 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Lexware
[2012.10.21 12:27:41 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Mp3tag
[2013.02.05 17:53:05 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Notepad++
[2012.12.03 21:46:29 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Origin
[2013.01.14 20:24:52 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\qualys
[2013.02.05 04:54:39 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\redsn0w
[2012.10.08 11:08:15 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Software4u
[2012.09.15 13:22:21 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Thunderbird
[2012.12.24 01:04:28 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\TS3Client
[2012.09.15 14:11:33 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ts3overlay
[2012.12.24 01:04:26 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\ts3overlay_hook_win64
[2012.09.07 16:29:05 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\Windows Live Writer
[2012.09.09 12:23:49 | 000,000,000 | ---D | M] -- C:\Users\SiRo-CoOl\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 

< End of report >
         
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.05.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SiRo-CoOl :: SION [Administrator]

Schutz: Aktiviert

05.02.2013 06:12:58
mbam-log-2013-02-05 (06-12-58).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|I:\|)
Aktivierte Suchlaufeinstellungen: Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: Speicher | P2P
Durchsuchte Objekte: 37905
Laufzeit: 26 Sekunde(n) [Abgebrochen]

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup (Backdoor.Bot) -> Daten: C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 1
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Backdoor.Fynloski) -> Bösartig: (C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe) Gut: () -> Löschen bei Neustart.

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe (Backdoor.Bot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\SiRo-CoOl\Local Settings\Temp\msszfa.exe (Backdoor.Fynloski) -> Löschen bei Neustart.

(Ende)
         
__________________


Alt 05.02.2013, 20:49   #3
t'john
/// Helfer-Team
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern





Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

F3:64bit: - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LocalS~1\Temp\msszfa.exe) - File not found 
F3 - HKU\S-1-5-21-2267972725-1089021970-2960566764-1000 WinNT: Load - (C:\Users\SIRO-C~1\LocalS~1\Temp\msszfa.exe) - File not found 
[2013.02.03 09:44:28 | 035,753,472 | -H-- | C] (ArcSoft ) -- C:\ProgramData\weegfw.exe 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\SiRo-CoOl\*.tmp
C:\Users\SiRo-CoOl\AppData\Local\Temp\*.exe
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!



2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

3. Schritt
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
__________________

Alt 05.02.2013, 20:53   #4
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Malwarebytes Anti-Rootkit konnte es entfernen!

Hatte leider die ganzen Dateien schon gelöscht sonst hätte ich Sie weitergegeben.

Muss aber sagen wirklich Auswirkungen am System selbst habe ich nicht feststellen können.

PS: Wenn in dem File oben noch irgend was ungewöhnliches ist wäre ich dankbar für ne Info.

Die einzige Datei wo ich nicht zuordnen kann ist "weegfw.exe" 34 MB groß unter C:\ProgramData hatte auch nen Autostarteintrag mit ewfwfw

Wer weiß was das ist darf mir das gerne mitteilen!

Alt 05.02.2013, 21:02   #5
t'john
/// Helfer-Team
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Wo sind die Logfiles?

__________________
Mfg, t'john
Das TB unterstützen

Alt 05.02.2013, 21:02   #6
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Code:
ATTFilter
All processes killed
========== OTL ==========
64bit-Registry value HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found.
Registry value HKEY_USERS\S-1-5-21-2267972725-1089021970-2960566764-1000\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load not found.
C:\ProgramData\weegfw.exe moved successfully.
========== FILES ==========
File\Folder C:\ProgramData\*.exe not found.
File\Folder C:\ProgramData\*.dll not found.
File\Folder C:\ProgramData\*.tmp not found.
File\Folder C:\ProgramData\TEMP not found.
File\Folder C:\Users\SiRo-CoOl\*.tmp not found.
File\Folder C:\Users\SiRo-CoOl\AppData\Local\Temp\*.exe not found.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\SiRo-CoOl\Desktop\cmd.bat deleted successfully.
C:\Users\SiRo-CoOl\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: SiRo-CoOl
->Temp folder emptied: 1129052 bytes
->Temporary Internet Files folder emptied: 3047558 bytes
->FireFox cache emptied: 70855377 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 59009 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1244133 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 50434 bytes
RecycleBin emptied: 612338 bytes
 
Total Files Cleaned = 73,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 02052013_205820

Files\Folders moved on Reboot...
C:\Users\SiRo-CoOl\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1017
www.malwarebytes.org

Database version: v2013.02.05.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SiRo-CoOl :: SION [administrator]

05.02.2013 21:06:31
mbar-log-2013-02-05 (21-06-31).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 32593
Time elapsed: 2 minute(s), 28 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         
Code:
ATTFilter
# AdwCleaner v2.111 - Datei am 05/02/2013 um 21:10:28 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : SiRo-CoOl - SION
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\SiRo-CoOl\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****


***** [Registrierungsdatenbank] *****


***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v18.0.1 (de)

Datei : C:\Users\SiRo-CoOl\AppData\Roaming\Mozilla\Firefox\Profiles\vhl1fqfy.default\prefs.js

[OK] Die Datei ist sauber.

-\\ Google Chrome v24.0.1312.57

Datei : C:\Users\SiRo-CoOl\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [1011 octets] - [05/02/2013 21:08:31]
AdwCleaner[S1].txt - [946 octets] - [05/02/2013 21:10:28]

########## EOF - C:\AdwCleaner[S1].txt - [1005 octets] ##########
         
Danke für die schnelle Hilfe!



Wenn du noch was brauchst sag bescheid hab mich schon auf ne Neuinstallation eingestellt!

Geändert von SubSiro (05.02.2013 um 21:14 Uhr)

Alt 07.02.2013, 00:23   #7
t'john
/// Helfer-Team
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Also Neuaufsetzen schadet sicher nicht

Sollen wir absichern oder willst du neuaufsetzen?
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.02.2013, 06:11   #8
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Absichern! Neuaufsetzen nur im Notfall das letzte mal is noch garnet lang her!

Alt 07.02.2013, 18:15   #9
t'john
/// Helfer-Team
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.

Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.


danach:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset



danach:

Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.
__________________
Mfg, t'john
Das TB unterstützen

Alt 07.02.2013, 19:27   #10
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Der aswMBR.exe Scan bricht immer an gleicher stelle ab!
Miniaturansicht angehängter Grafiken
-aswmbrfehler.jpg  

Alt 07.02.2013, 19:40   #11
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Code:
ATTFilter
aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 19:32:16
-----------------------------
19:32:16.994    OS Version: Windows x64 5.1.2600 Service Pack 2
19:32:16.994    Number of processors: 8 586 0x2A07
19:32:16.994    ComputerName: SION  UserName: 
19:32:17.099    Initialize success
19:32:21.999    AVAST engine defs: 13020700
19:32:26.649    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:32:26.654    Disk 0 Vendor: OCZ-VERT 2.22 Size: 114473MB BusType: 3
19:32:26.654    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000007e
19:32:26.654    Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
19:32:26.654    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000007f
19:32:26.659    Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
19:32:26.664    Disk 0 MBR read successfully
19:32:26.664    Disk 0 MBR scan
19:32:26.669    Disk 0 Windows 7 default MBR code
19:32:26.669    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS       114471 MB offset 2048
19:32:26.684    Disk 0 scanning C:\Windows\system32\drivers
19:32:30.290    Service scanning
19:32:36.945    Modules scanning
19:32:36.945    Disk 0 trace - called modules:
19:32:36.950    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
19:32:36.955    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d09a790]
19:32:36.955    3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> [0xfffffa800cd6b6d0]
19:32:36.955    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cd70050]
19:32:37.065    AVAST engine scan C:\Windows
19:32:37.585    AVAST engine scan C:\Windows\system32
19:33:34.610    AVAST engine scan C:\Windows\system32\drivers
19:33:38.115    AVAST engine scan C:\Users\SiRo-CoOl
19:33:38.190    AVAST engine scan C:\ProgramData
19:35:30.354    Scan finished successfully
19:35:52.159    Disk 0 MBR has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\MBR.dat"
19:35:52.164    The log file has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\aswMBR.txt"


aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-02-07 19:36:26
-----------------------------
19:36:26.421    OS Version: Windows x64 5.1.2600 Service Pack 2
19:36:26.421    Number of processors: 8 586 0x2A07
19:36:26.421    ComputerName: SION  UserName: 
19:36:26.591    Initialize success
19:36:31.481    AVAST engine defs: 13020700
19:36:35.561    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
19:36:35.566    Disk 0 Vendor: OCZ-VERT 2.22 Size: 114473MB BusType: 3
19:36:35.566    Disk 1  \Device\Harddisk1\DR1 -> \Device\0000007e
19:36:35.566    Disk 1 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
19:36:35.566    Disk 2  \Device\Harddisk2\DR2 -> \Device\0000007f
19:36:35.566    Disk 2 Vendor: WDC_WD10 05.0 Size: 953869MB BusType: 11
19:36:35.576    Disk 0 MBR read successfully
19:36:35.576    Disk 0 MBR scan
19:36:35.581    Disk 0 Windows 7 default MBR code
19:36:35.586    Disk 0 Partition 1 00     07    HPFS/NTFS NTFS       114471 MB offset 2048
19:36:35.606    Disk 0 scanning C:\Windows\system32\drivers
19:36:39.396    Service scanning
19:36:46.037    Modules scanning
19:36:46.037    Disk 0 trace - called modules:
19:36:46.042    ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll 
19:36:46.042    1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800d09a790]
19:36:46.047    3 CLASSPNP.SYS[fffff8800205143f] -> nt!IofCallDriver -> [0xfffffa800cd6b6d0]
19:36:46.047    5 ACPI.sys[fffff88000e0b7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800cd70050]
19:36:46.212    AVAST engine scan C:\Windows
19:36:47.172    AVAST engine scan C:\Windows\system32
19:37:46.898    AVAST engine scan C:\Windows\system32\drivers
19:37:50.523    AVAST engine scan C:\Users\SiRo-CoOl
19:37:50.608    AVAST engine scan C:\ProgramData
19:39:08.095    Scan finished successfully
19:39:17.901    Disk 0 MBR has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\MBR.dat"
19:39:17.901    The log file has been saved successfully to "C:\Users\SiRo-CoOl\Desktop\aswMBR.txt"
         

Alt 08.02.2013, 02:16   #12
t'john
/// Helfer-Team
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



ESET und SecurityCheck?
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.02.2013, 05:20   #13
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6889
# api_version=3.0.2
# EOSSerial=8eb40fb9416d65469c55a02e1c5c0290
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-07 11:27:46
# local_time=2013-02-08 12:27:46 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=3592 16777213 100 91 843445 110942162 0 0
# compatibility_mode=5893 16776574 100 94 13407628 111909516 0 0
# scanned=456367
# found=3
# cleaned=0
# scan_time=17027
I:\Eigene Dateien\Eigene Dateien Neo\Programme\Tool Disc\VLC Media Player 1.1.5.exe	Win32/StartPage.OIE trojan	CF4B73974C6EFD3E573A287F2AC8E3F162A0699A	I
I:\Eigene Dateien\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34\1a5a1822-78c570d6	a variant of Java/TrojanDownloader.Agent.NDK trojan	6E5709994BC295BD5D4D192417F7EEC80382E61C	I
I:\Eigene Dateien\Users\SiRo-CoOl\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47\1fe6b2f-2130ec9c	a variant of Java/Exploit.CVE-2012-4681.AA trojan	FF9170778A4FC3B3ED4D4352E0F6E11AAF223109	I
         
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.57  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Norton 360 Online   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 xp-AntiSpy 3.98-2    
 Java 7 Update 13  
 Java version out of Date! 
 Adobe Flash Player 10 Flash Player out of Date! 
 Adobe Flash Player 11.5.502.146  
 Adobe Reader XI  
 Mozilla Firefox (18.0.2) 
 Mozilla Thunderbird 15.0.1 Thunderbird out of Date!  
 Google Chrome 24.0.1312.56  
 Google Chrome 24.0.1312.57  
````````Process Check: objlist.exe by Laurent````````  
 Norton ccSvcHst.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         
Wollen Sie die Funde vom Scanner haben? Hab Sie gezippt!

Geändert von SubSiro (08.02.2013 um 05:26 Uhr)

Alt 08.02.2013, 13:15   #14
t'john
/// Helfer-Team
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



Aktualisiere:
Thunderbird: Thunderbird - Download - Filepony



Java deaktivieren

Aufgrund derezeitigen Sicherheitsluecke:

http://www.trojaner-board.de/122961-...ktivieren.html

Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck



Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

__________________
Mfg, t'john
Das TB unterstützen

Alt 08.02.2013, 14:09   #15
SubSiro
 
Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Standard

Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern



PluginCheck

Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen.
Überprüft wird: Browser, Flash, Java und Adobe Reader Version.

Firefox 18.0 ist aktuell

Flash (11,5,502,146) ist aktuell.

Java ist nicht Installiert oder nicht aktiviert.

Adobe Reader 11,0,1,36 ist aktuell.

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.6.2 (02.02.2013:2)
OS: Windows 7 Home Premium x64
Ran by SiRo-CoOl on 08.02.2013 at 14:14:57,86
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders

Successfully deleted: [Folder] "C:\Users\SiRo-CoOl\AppData\Roaming\software4u"



~~~ FireFox

Emptied folder: C:\Users\SiRo-CoOl\AppData\Roaming\mozilla\firefox\profiles\vhl1fqfy.default\minidumps [17 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 08.02.2013 at 14:23:16,59
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

Antwort

Themen zu Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern
0x80041003, 7-zip, adobe, adobe after effects, adobe reader xi, audacity, audiograbber, backdoor.bot, backdoor.fynloski, battle.net, bonjour, cpu-z, crystaldiskinfo, curse, error, excel, flash player, format, gruppe, install.exe, mozilla, msvcrt, nvidia update, origin, problem, pum.hijack.cmdprompt, registry, richtlinie, security, server, software, svchost.exe, tcp, teamspeak, third party, tr/atraps.gen2, udp, usb, windows, ändern




Ähnliche Themen: Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern


  1. Windows 7: Malwarebytes findet Trojan.Agent, jedoch lässt sich dieser nicht löschen!
    Log-Analyse und Auswertung - 17.05.2014 (12)
  2. versuch mit OTL trojaner PUM.UserWLoad und Trojan.Agent zu entfernen.. hoffe habe alles richtig gemacht
    Log-Analyse und Auswertung - 23.06.2013 (3)
  3. pum.userwload, trojan.agent und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (10)
  4. PUM.UserWLoad und Trojan.Agent auch hier
    Plagegeister aller Art und deren Bekämpfung - 06.02.2013 (9)
  5. PUM.UserWLoad und Trojan.Agent kann nicht entfernt werden :(
    Plagegeister aller Art und deren Bekämpfung - 04.12.2012 (9)
  6. PUM.UserWLoad, Trojan.Agent kann nicht gelöscht werden
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (12)
  7. TR/ATRAPS.Gen2 gefunden; Backdoor Agent lässt sich nicht löschen; mediashifting.com öffnet sich
    Plagegeister aller Art und deren Bekämpfung - 23.01.2012 (29)
  8. TrojWare.Win32.Trojan.Agent.Gen@1 in temp/upd.exe gefunden! Lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 08.12.2011 (16)
  9. Malwarebytes kann Winlogon\Shell (Backdoor.Agent) nicht löschen
    Log-Analyse und Auswertung - 30.10.2011 (22)
  10. Leerer Ordner lässt sich nicht löschen oder ändern
    Alles rund um Windows - 22.03.2009 (6)
  11. Tronjanier: TR/Spy.Agent.hvs ......lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 05.01.2009 (0)
  12. TR/agent.avfm lässt sich nicht löschen...
    Mülltonne - 16.12.2008 (0)
  13. WIN32.Agent.pz lässt sich nicht löschen ....ich weiß nicht mehr weiter
    Plagegeister aller Art und deren Bekämpfung - 12.06.2008 (5)
  14. Trojan-PWS.Vb.JL lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 02.06.2008 (15)
  15. win32.agent.pz lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 20.10.2007 (18)
  16. Agent.ay lässt sich nicht löschen
    Plagegeister aller Art und deren Bekämpfung - 17.05.2006 (1)
  17. Tr/Agent.BI lässt sich nicht löschen
    Log-Analyse und Auswertung - 17.05.2005 (7)

Zum Thema Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern - Hallo habe mir da was eingefangen. Lässt sich nicht löschen beziehungsweise ändern per Regedit bzw. MalwareBytes bitte um eure Hilfe! MfG SiRo HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load C:\Users\SIRO-C~1\LOCALS~1\Temp\msszfa.exe HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Startup C:\Users\SiRo-CoOl\AppData\Roaming\Mining\Mining.exe (weiß nicht ob - Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern...
Archiv
Du betrachtest: Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.