Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Plagegeister aller Art und deren Bekämpfung: Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 05.04.2013, 07:19   #1
Packer
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Guten Morgen

Vorab möchte ich mich bedanken das ihr euch zeit für mich nehmt!

Ich habe folgendes Problem, den Laptop den ich von meinem Bruder übernommen habe (er ist für 1,5 Jahre ins Ausland gegangen) ist extrem langsam! Er erzeugt ausserdem einen sehr hohen internet traffic was besonders blöd ist da ich datenvolumen begrenzung habe....

Also habe ich die verbindung einfach mal getrennt und mich umgesehen und habe festgestellt das da Drucker sind die da nicht sein sollten.
Ich habe auch festgestellt das viele programme und ordner unter sicherheit sehr duböse Gruppen und Benutzer alle rechte an dem hatten!

Naja ich habe mich dann zum besitzer gemacht und da mal reingesehen und es hat mich sehr erschreckt! Einer der "drucker" hatte plötzlch sehr merkwürdige funktionen wie Kreditkarten erstellen und verschiedene sniffing (glaube es müsste so heißen) funktionen ect.

Das erscheint mir sehr gefährlich! Mein antivieren Programm (Norton) kann nichts ungewöhnliches finden!

Jetzt weiß ich nicht welche Infos ich liefern sollte damit ihr mir helfen könnt?

Ich habe den Laptop durchgeschaut (da es der meines Bruders ist) ob da irgend welche programme drauf sind die da nicht sein dürfen(auch keygens ect.) habe aber um ehrlich zu sein keine Ahnung! Ich habe vorsichts halber das was irgendwie komisch aussah entfernt!

Vielen dank

Packer

Alt 05.04.2013, 15:29   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Hallo und

Zitat:
Mein antivieren Programm (Norton) kann nichts ungewöhnliches finden!
Was genau heißt das? Hat es nun etwas gefunden oder nicht?
Bei Funden immer die Logs posten


Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
__________________

__________________
Alt 05.04.2013, 17:38   #3
Packer
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Also ich habe heute mit dem support von Norton telefoniert und war gelinde gesagt einfach nur erschrocken wie fahrlässig und ahnungslos die sind!

die haben meinen Laptop per Remote kontrolle übernommen und haben nichts weiter getan als ordner mit inhalt per rechtsklick und löschen zu entfernen.
Ausserdem haben die Norton Eraser und mein normales Norton CBE laufen lassen!

Das einzigste was die gefunden haben waren 14 tracking cookis. Den Bericht habe ich leider nicht mehr da der HAMMER support ihn einfach weggedrückt hat!

Ich habe ihm sehr verdächtige zertifikate und java addons im Internetexplorer gezeigt die eindeutig einflauss auf di zertifizierung vom sonar norton schutz hat, aber er meinte ich soll mir doch einfach nicht den spaß am surfen verderben lassen!!!!

aber um es kurz zu sagen nein ich habe keine log files, wenn du mir sagst mit welchem programm ich mein system scannen sollte werde ich das sofort tun!

gruß

Packer
__________________
Alt 06.04.2013, 03:08   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.


Erstmal eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.04.2013, 19:15   #5
Packer
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


ok hier der scann vielen dank!

Code:
ATTFilter
OTL logfile created on: 06.04.2013 19:51:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Reda\Xtra Programme\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 46,52% Memory free
7,85 Gb Paging File | 5,54 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 23,99 Gb Free Space | 20,61% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 230,99 Gb Free Space | 70,04% Space Free | Partition Type: NTFS
 
Computer Name: PACKER-PC | User Name: Packer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - D:\Reda\Xtra Programme\OTL\OTL.exe (OldTimer Tools)
PRC - C:\Users\Packer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Users\Packer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRServer.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRFeature.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
PRC - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
PRC - C:\Users\Packer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_4_402_287.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeck.exe (asus)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\Packer\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\302207b4fa3083899fd8ab4db98cecc5\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\d7d20811a7ce7cc589153648cbb1ce5c\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\ff7c9a4f41f7cccc47e696c11b9f8469\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\19b3d17c3ce0e264c4fb62028161adf7\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Users\Packer\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
MOD - C:\PROGRAM FILES (X86)\NORTON INTERNET SECURITY CBE\ENGINE\20.3.0.36\wincfi39.dll ()
MOD - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Brightness.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\HelpFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\P4GControl.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Resolution.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\Volume.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (EPSON_PM_RPCV4_05) -- C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_WT50RP.EXE File not found
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TurboBoost) -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe (Intel(R) Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (SplashtopRemoteService) -- C:\Program Files (x86)\Splashtop\Splashtop Remote\Server\SRService.exe (Splashtop Inc.)
SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.)
SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation)
SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation)
SRV - (ipsecd) -- D:\Reda\Xtra Programme\VPN\ipsecd.exe ()
SRV - (dtpd) -- D:\Reda\Xtra Programme\VPN\dtpd.exe ()
SRV - (iked) -- D:\Reda\Xtra Programme\VPN\iked.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ATKGFNEXSrv) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe (ASUS)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe (ASUS)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symnets.sys (Symantec Corporation)
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\symds64.sys (Symantec Corporation)
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ironx64.sys (Symantec Corporation)
DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1403000.024\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (SymIM) -- C:\Windows\SysNative\drivers\SymIMV.sys (Symantec Corporation)
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (vflt) -- C:\Windows\SysNative\drivers\vfilter.sys (Shrew Soft Inc)
DRV:64bit: - (vnet) -- C:\Windows\SysNative\drivers\virtualnet.sys (Shrew Soft Inc)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronic Corp.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (JME) -- C:\Windows\SysNative\drivers\JME.sys (JMicron Technology Corp.)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (TurboB) -- C:\Windows\SysNative\drivers\TurboB.sys ()
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\drivers\WSDScan.sys (Microsoft Corporation)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130405.069\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130405.069\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ASMMAP64) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys (ASUS)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = Reg Error: Value error.
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = Reg Error: Value error.
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=45568b13-ae8d-49a9-9d46-4ca5a8474bdc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=45568b13-ae8d-49a9-9d46-4ca5a8474bdc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=45568b13-ae8d-49a9-9d46-4ca5a8474bdc&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: firefox%40ghostery.com:2.9.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=45568b13-ae8d-49a9-9d46-4ca5a8474bdc&affid=111585&searchtype=ds&babsrc=lnkry&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: D:\Reda\Xtra Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll File not found
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Packer\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Packer\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Packer\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\IPSFFPlgn\ [2012.12.09 11:19:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\coFFPlgn\ [2013.04.06 17:24:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.09 21:42:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2012.10.25 20:29:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Packer\AppData\Roaming\mozilla\Extensions
[2013.03.25 01:31:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Packer\AppData\Roaming\mozilla\Firefox\Profiles\mfzj1obm.default\extensions
[2013.03.25 01:31:39 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Packer\AppData\Roaming\mozilla\Firefox\Profiles\mfzj1obm.default\extensions\firefox@ghostery.com
[2013.03.04 00:47:40 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\Packer\AppData\Roaming\mozilla\firefox\profiles\mfzj1obm.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.10.25 21:03:17 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Packer\AppData\Roaming\mozilla\firefox\profiles\mfzj1obm.default\extensions\elemhidehelper@adblockplus.org.xpi
[2013.02.15 03:16:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Packer\AppData\Roaming\mozilla\firefox\profiles\mfzj1obm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.03.03 15:02:37 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Packer\AppData\Roaming\mozilla\firefox\profiles\mfzj1obm.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2012.10.28 03:33:53 | 000,002,615 | ---- | M] () -- C:\Users\Packer\AppData\Roaming\mozilla\firefox\profiles\mfzj1obm.default\searchplugins\Web Search.xml
[2012.10.25 20:28:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.09 21:42:33 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.11 04:10:32 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.11 04:10:32 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.11 04:10:32 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.11 04:10:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.11 04:10:32 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.11 04:10:32 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Packer\AppData\Local\Google\Chrome\Application\26.0.1410.43\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Packer\AppData\Local\Google\Chrome\Application\26.0.1410.43\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Packer\AppData\Local\Google\Chrome\Application\26.0.1410.43\pdf.dll
CHR - plugin: Norton Identity Safe (Enabled) = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.2.1.36_0\npcoplgn.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Packer\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Pr\u00E4sentationen = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek\0.6_0\
CHR - Extension: Google Docs = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: TV = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\bppbpeijolfcampacpljolaegibfhjph\2.5_0\
CHR - Extension: Google-Suche = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Grepolis Report Converter = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\eediamimojgbnjfaalcnlonenfdcogop\2.1.9_0\
CHR - Extension: Mixcloud = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdcenekolminfbkcbchinlcgfhpmggpk\0.0.0.3_0\
CHR - Extension: Drive Notepad = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpgjomejfimnbmobcocilppikhncegaj\1.2_0\
CHR - Extension: IP-Adresse = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\jpnjjlbngpejmmhgcaagljaomgnginml\7.1_0\
CHR - Extension: Little Alchemy = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\knkapnclbofjjgicpkfoagdjohlfjhpd\0.0.15.7_0\
CHR - Extension: PDF Cloud Tools = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mjpieolhcmajmolkhbbeljknkcdcmffk\1.0.1.4_0\
CHR - Extension: Norton Identity Protection = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.3.2.10_0\
CHR - Extension: Google Mail = C:\Users\Packer\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.02.12 03:57:57 | 000,000,853 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security CBE\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000..\Run: [DAEMON Tools Lite] D:\Reda\Xtra Programme\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000..\Run: [SkyDrive] C:\Users\Packer\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2886150675-1149921084-1045049894-1000..\Run: [Spotify Web Helper] C:\Users\Packer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\Packer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Packer\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{08616EE5-2B8A-41DF-90E8-86D728DC70FA}: DhcpNameServer = 192.168.1.1 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A05A431-B686-441E-8D29-81A1A44D863E}: DhcpNameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7334A9C-6C1D-46B6-8E45-1006C0F1652F}: Domain = fh-biberach.de
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7334A9C-6C1D-46B6-8E45-1006C0F1652F}: NameServer = 192.168.2.130,193.196.3.3
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.05 19:49:09 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.05 19:49:09 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.05 19:49:09 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.05 19:49:09 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.05 19:49:09 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.05 19:49:09 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.05 19:49:09 | 000,391,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.05 19:49:09 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.05 19:49:09 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.05 19:49:09 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.05 19:49:09 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.05 19:49:09 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.05 19:49:09 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.05 19:49:09 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.05 19:49:09 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.05 19:49:09 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.05 19:49:09 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.05 19:49:09 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.05 19:49:09 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.05 19:49:09 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.05 19:49:09 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.05 19:49:09 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.05 19:49:09 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.05 19:49:09 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.05 19:49:09 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.05 19:49:09 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.05 19:49:09 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.05 19:49:09 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.05 19:49:09 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.05 19:49:09 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.05 19:49:09 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.05 19:49:08 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.05 19:49:08 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.05 19:49:08 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.05 19:49:08 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.05 19:49:08 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.05 19:49:08 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.05 19:49:08 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.05 19:49:08 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.05 19:49:08 | 000,526,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.05 19:49:08 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.05 19:49:08 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.05 19:49:08 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.05 19:49:08 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.05 19:49:08 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.05 19:49:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.05 19:49:08 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.05 19:49:08 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.05 19:49:08 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.05 19:49:08 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.05 19:49:08 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.05 19:49:08 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.05 19:49:08 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.05 19:49:08 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.05 19:49:08 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.05 19:49:08 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.05 19:49:08 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.05 19:49:08 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.05 19:49:08 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.05 19:49:08 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.05 19:49:08 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.05 19:49:08 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.05 19:49:08 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.05 19:49:08 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.05 19:49:08 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.05 19:49:08 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.05 19:49:08 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.05 19:49:08 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.05 18:14:38 | 000,192,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisRtl.dll
[2013.04.05 18:14:37 | 000,154,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisRtl.dll
[2013.04.05 18:14:37 | 000,060,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ahadmin.dll
[2013.04.05 18:14:37 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\admwprox.dll
[2013.04.05 18:14:37 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\admwprox.dll
[2013.04.05 18:14:37 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ahadmin.dll
[2013.04.05 18:14:37 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisreset.exe
[2013.04.05 18:14:37 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisreset.exe
[2013.04.05 18:14:37 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wamregps.dll
[2013.04.05 18:14:37 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iisrstap.dll
[2013.04.05 18:14:37 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wamregps.dll
[2013.04.05 18:14:37 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iisrstap.dll
[2013.04.05 17:38:21 | 002,986,440 | ---- | C] (Symantec Corporation) -- C:\Users\Packer\Desktop\NPE(1).exe
[2013.04.05 15:23:08 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\NPE
[2013.04.05 14:46:22 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\LogMeIn Rescue Applet
[2013.04.05 05:02:48 | 000,253,256 | ---- | C] (PC Tools) -- C:\Windows\SysNative\drivers\PCTSD64.sys
[2013.04.05 05:02:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PC Tools
[2013.04.05 05:01:56 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\BestPractices
[2013.04.05 05:01:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\BestPractices
[2013.04.05 04:52:26 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Roaming\TestApp
[2013.04.05 04:52:26 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools
[2013.04.05 04:30:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2013.04.05 04:29:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager
[2013.04.05 03:48:14 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
[2013.04.04 15:21:18 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\MigWiz
[2013.04.04 14:12:44 | 000,000,000 | ---D | C] -- C:\inetpub
[2013.04.04 13:42:05 | 000,000,000 | R--D | C] -- C:\Users\Packer\Documents\Scanned Documents
[2013.04.04 13:42:04 | 000,000,000 | ---D | C] -- C:\Users\Packer\Documents\Fax
[2013.04.04 06:54:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ShrewSoft VPN Client
[2013.04.04 06:54:39 | 000,000,000 | ---D | C] -- C:\Users\Packer\Documents\Shrew Soft VPN
[2013.04.03 20:18:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SkyDrive
[2013.04.03 20:18:14 | 000,000,000 | R--D | C] -- C:\Users\Packer\SkyDrive
[2013.04.03 20:18:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft SkyDrive
[2013.04.03 20:00:41 | 000,000,000 | --SD | C] -- C:\Users\Packer\Google Drive
[2013.04.03 19:51:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
[2013.04.03 10:08:50 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\Splashtop
[2013.04.03 09:50:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2013.04.03 09:50:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2013.04.03 09:50:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Splashtop
[2013.04.03 09:49:54 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\{DFCD66BE-CB4F-42AE-A6D3-E634BBBD94E9}
[2013.04.02 20:58:29 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\ElevatedDiagnostics
[2013.04.02 20:55:41 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\Apps
[2013.03.26 02:06:03 | 000,019,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys
[2013.03.20 23:11:24 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Roaming\LolClient
[2013.03.17 21:34:08 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Roaming\TS3Client
[2013.03.17 21:33:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client
[2013.03.15 16:12:23 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Roaming\Unity
[2013.03.15 15:48:38 | 000,000,000 | ---D | C] -- C:\Users\Packer\AppData\Local\Unity
[2013.03.15 04:03:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.15 04:02:23 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.15 04:02:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.06 19:55:02 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.06 19:55:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.06 19:17:00 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886150675-1149921084-1045049894-1000UA.job
[2013.04.06 17:28:21 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 17:28:21 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.06 17:20:26 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.06 17:19:59 | 3161,858,048 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.06 01:33:50 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2886150675-1149921084-1045049894-1000Core.job
[2013.04.05 20:01:19 | 002,236,083 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\Cat.DB
[2013.04.05 19:49:09 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.04.05 19:49:09 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.04.05 19:49:09 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.04.05 19:49:09 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.04.05 19:49:09 | 000,690,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.05 19:49:09 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.04.05 19:49:09 | 000,391,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.05 19:49:09 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.04.05 19:49:09 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.05 19:49:09 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.04.05 19:49:09 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.04.05 19:49:09 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.04.05 19:49:09 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.04.05 19:49:09 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.04.05 19:49:09 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.04.05 19:49:09 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.04.05 19:49:09 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.04.05 19:49:09 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.04.05 19:49:09 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.05 19:49:09 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.04.05 19:49:09 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.05 19:49:09 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.04.05 19:49:09 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.05 19:49:09 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.04.05 19:49:09 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.04.05 19:49:09 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.05 19:49:09 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.04.05 19:49:09 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.04.05 19:49:09 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.05 19:49:09 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.05 19:49:09 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.04.05 19:49:09 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.04.05 19:49:08 | 003,958,784 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.05 19:49:08 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.04.05 19:49:08 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.04.05 19:49:08 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.04.05 19:49:08 | 000,855,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.05 19:49:08 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.04.05 19:49:08 | 000,603,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.05 19:49:08 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.04.05 19:49:08 | 000,526,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.05 19:49:08 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.04.05 19:49:08 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.04.05 19:49:08 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.04.05 19:49:08 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.05 19:49:08 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.04.05 19:49:08 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.04.05 19:49:08 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.04.05 19:49:08 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.04.05 19:49:08 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.04.05 19:49:08 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.04.05 19:49:08 | 000,136,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.05 19:49:08 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.04.05 19:49:08 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.04.05 19:49:08 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.04.05 19:49:08 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.05 19:49:08 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.04.05 19:49:08 | 000,089,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.05 19:49:08 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.04.05 19:49:08 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.04.05 19:49:08 | 000,067,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.05 19:49:08 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.04.05 19:49:08 | 000,051,712 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.05 19:49:08 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.04.05 19:49:08 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.04.05 19:49:08 | 000,039,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.05 19:49:08 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.04.05 19:49:08 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.05 19:49:08 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.04.05 19:49:08 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.04.05 12:59:56 | 000,001,391 | ---- | M] () -- C:\Users\Packer\Desktop\Norton-Installations-dateien.lnk
[2013.04.05 12:59:56 | 000,001,232 | ---- | M] () -- C:\Users\Packer\Desktop\Norton Download Manager.lnk
[2013.04.05 06:07:05 | 001,865,784 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 06:07:05 | 000,802,350 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 06:07:05 | 000,736,822 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 06:07:05 | 000,181,016 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 06:07:05 | 000,147,578 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 05:04:33 | 002,462,841 | ---- | M] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013.04.05 04:52:26 | 000,000,574 | ---- | M] () -- C:\Users\Packer\Desktop\sd9setup.exe.lnk
[2013.04.05 04:04:22 | 000,001,055 | ---- | M] () -- C:\Users\Packer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2013.04.05 04:04:12 | 000,001,025 | ---- | M] () -- C:\Users\Packer\Desktop\Dropbox.lnk
[2013.04.04 20:13:21 | 000,002,192 | ---- | M] () -- C:\{C7A7B3B1-41E2-4128-AF94-2E3F61823854}
[2013.04.04 14:14:36 | 001,680,172 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.04 12:34:51 | 000,007,607 | ---- | M] () -- C:\Users\Packer\AppData\Local\Resmon.ResmonCfg
[2013.04.04 06:19:22 | 000,000,281 | ---- | M] () -- C:\Users\Packer\.JavaPowUpload.properties
[2013.04.03 20:00:41 | 000,001,723 | ---- | M] () -- C:\Users\Packer\Desktop\Google Drive.lnk
[2013.04.03 19:46:22 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.03 19:46:22 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.03 01:21:51 | 000,354,735 | ---- | M] () -- C:\Users\Packer\Desktop\Übergangsregelung Bachelor P 20130228.pdf
[2013.03.31 23:17:59 | 000,002,378 | ---- | M] () -- C:\Users\Packer\Desktop\Google Chrome.lnk
[2013.03.25 14:14:54 | 002,986,440 | ---- | M] (Symantec Corporation) -- C:\Users\Packer\Desktop\NPE(1).exe
[2013.03.25 01:31:16 | 000,014,818 | ---- | M] () -- C:\Windows\SysNative\drivers\NISx64\1403000.024\VT20130115.021
[2013.03.25 01:31:13 | 000,002,547 | ---- | M] () -- C:\Users\Public\Desktop\Norton Internet Security.lnk
[2013.03.17 21:33:40 | 000,000,815 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.05 19:49:09 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.05 19:49:08 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.05 05:02:56 | 002,462,841 | ---- | C] () -- C:\Windows\SysNative\drivers\Cat.DB
[2013.04.05 04:52:26 | 000,000,574 | ---- | C] () -- C:\Users\Packer\Desktop\sd9setup.exe.lnk
[2013.04.05 03:48:14 | 000,001,391 | ---- | C] () -- C:\Users\Packer\Desktop\Norton-Installations-dateien.lnk
[2013.04.05 03:48:14 | 000,001,232 | ---- | C] () -- C:\Users\Packer\Desktop\Norton Download Manager.lnk
[2013.04.04 20:13:18 | 000,002,192 | ---- | C] () -- C:\{C7A7B3B1-41E2-4128-AF94-2E3F61823854}
[2013.04.04 14:14:32 | 001,680,172 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.04 12:34:51 | 000,007,607 | ---- | C] () -- C:\Users\Packer\AppData\Local\Resmon.ResmonCfg
[2013.04.03 20:18:13 | 000,002,188 | ---- | C] () -- C:\Users\Packer\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013.04.03 20:00:41 | 000,001,723 | ---- | C] () -- C:\Users\Packer\Desktop\Google Drive.lnk
[2013.04.03 19:50:08 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.03 19:50:06 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.03 19:48:08 | 000,000,281 | ---- | C] () -- C:\Users\Packer\.JavaPowUpload.properties
[2013.04.03 01:21:50 | 000,354,735 | ---- | C] () -- C:\Users\Packer\Desktop\Übergangsregelung Bachelor P 20130228.pdf
[2013.03.17 21:33:40 | 000,000,815 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk
[2012.10.31 05:27:09 | 000,234,544 | ---- | C] () -- C:\Windows\RegBootClean64.exe
[2012.10.28 18:56:51 | 000,000,994 | ---- | C] () -- C:\Windows\eReg.dat
[2012.10.25 20:20:05 | 000,000,036 | ---- | C] () -- C:\Users\Packer\AppData\Local\housecall.guid.cache
[2011.09.05 09:19:56 | 000,000,176 | ---- | C] () -- C:\Windows\explorer.exe.config
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.10.30 19:33:42 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Asus WebStorage
[2012.11.10 13:40:14 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Command and Conquer 3 Tiberium Wars
[2012.10.27 21:39:47 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\DAEMON Tools Lite
[2013.04.06 17:27:57 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Dropbox
[2012.10.30 14:35:04 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\EeeStorageUploader
[2012.12.01 16:37:33 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Focus
[2012.11.05 05:50:55 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\iFunbox_UserCache
[2013.03.20 23:11:24 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\LolClient
[2013.02.17 03:13:04 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2013.02.18 03:14:41 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Meine Die Schlacht um Mittelerde™ II-Dateien
[2012.10.27 21:10:47 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\OpenCandy
[2012.12.29 11:35:56 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\redsn0w
[2013.04.03 21:13:44 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Spotify
[2012.10.30 14:35:59 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\temp
[2013.04.05 04:52:26 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\TestApp
[2013.04.02 20:40:49 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\TS3Client
[2013.03.15 16:12:23 | 000,000,000 | ---D | M] -- C:\Users\Packer\AppData\Roaming\Unity
 
========== Purity Check ==========
 
 

< End of report >

Code:
ATTFilter
OTL Extras logfile created on: 06.04.2013 19:51:01 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = D:\Reda\Xtra Programme\OTL
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 46,52% Memory free
7,85 Gb Paging File | 5,54 Gb Available in Paging File | 70,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 23,99 Gb Free Space | 20,61% Space Free | Partition Type: NTFS
Drive D: | 329,79 Gb Total Space | 230,99 Gb Free Space | 70,04% Space Free | Partition Type: NTFS
 
Computer Name: PACKER-PC | User Name: Packer | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"AutoUpdateDisableNotify" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{034D8802-31E0-4368-A25B-C5A53E773D27}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{05091475-672F-480D-838E-C7EC160B3FF9}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{0E9811B8-2E1F-4F88-9773-64DE6C20E25E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1371B2FE-19AF-4457-86B6-4A5D846DEE0C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{15DC2BA4-12A2-4340-A050-51C3D16845F8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3DC48E77-89B0-46CB-8166-655E282DAD29}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{44F1F6CB-51F6-4C82-8EB9-89C8779621E7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4DC827B6-7BC3-4004-B418-7A58486FD7F9}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{56602516-3574-4E71-9480-19381B19FC6F}" = lport=137 | protocol=17 | dir=in | app=system | 
"{71BC2502-2733-4507-B4F1-651E085AFC08}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{7428E16D-1C3B-4E49-8C1E-B0A9E3A823B6}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{77545DB7-FF91-4B0E-A23D-DCB4E197AF56}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{7789F9FF-9CB4-4AD9-8401-DE2760F97BA3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7A937537-A8D3-45E8-BF35-AB76C48FE9C4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7E7962FD-A0BB-4A90-8677-8F58306541BE}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8E1700E6-7489-4CC2-9469-51B6522A6293}" = rport=139 | protocol=6 | dir=out | app=system | 
"{991BC838-BC06-49C8-A9FD-836DD213B190}" = lport=139 | protocol=6 | dir=in | app=system | 
"{A87CF78A-C6F4-4768-8D37-54BF16FB49F6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{AF152021-3CEE-4944-AE63-E32037F9634F}" = rport=138 | protocol=17 | dir=out | app=system | 
"{BF7F4009-4CE4-470F-B292-445CE5C02123}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C393B2D5-47DD-4647-8D2D-F1A831E15C0C}" = lport=138 | protocol=17 | dir=in | app=system | 
"{C8B20AB5-4771-4E8A-84A6-07DD06905025}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{CB45714C-5B4F-4A00-BB83-08E944FBC9F2}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{CFA330FD-2460-405E-A35E-4548447FEF67}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D35BE3E3-BBD3-431F-9AD3-FFFDE76B0441}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D4296D99-F319-4A83-AF39-259EFC785A93}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{E04A4621-F48D-4C67-9080-A5369BAD5B85}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E1825345-05F2-4AA9-8802-C1C143D73200}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E76CF85B-A3CE-443D-BD29-E6D10592C028}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F6E69FE4-4771-43F8-BD70-3145B997B74C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F916118D-9323-4D4B-BAB4-14BBF86E6F5E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FAA95616-4E53-45CC-AE32-76EA0C93DF3C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{FB576225-B1DD-4572-A25B-B7BF2D202FCC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{FB984CC3-6424-4093-BDD2-C05B3A6CA837}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FCF4A916-F524-4EA6-9C7A-A4CB7A06208F}" = rport=137 | protocol=17 | dir=out | app=system | 
"{FF6D688A-8804-4A33-8073-A932D83E9E45}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00178A4E-6AF0-4A1A-9B15-712E6B2C2AD2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{037C69CC-BD97-4D1C-A3F0-8CE64B3D58F8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{0BDD848D-428A-4124-A92E-141FF9A922E8}" = protocol=17 | dir=in | app=d:\reda\spiele\civiliization 4\civilization4.exe | 
"{0CC720F7-F29D-4992-9E59-B5C820AA8E40}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{15455F79-45EA-4B56-9466-F5D6871D3D83}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{18A1CACB-917C-4C95-81AA-240828696687}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{1E381A29-14CC-420B-AC07-AB4651D7635F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1F069282-C500-41AD-9217-952D1D5C2030}" = protocol=17 | dir=in | app=c:\users\packer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{1F940613-EBA3-4BA4-B758-63E86D41099A}" = protocol=6 | dir=out | app=system | 
"{222825B9-6A5C-49B8-A7CD-92F8CBE4AF1E}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{323D8C19-E743-4176-8C65-6C554EFEEBC3}" = protocol=6 | dir=in | app=c:\users\packer\appdata\roaming\dropbox\bin\dropbox.exe | 
"{424162B5-8CA8-41CB-8B27-72C096456B15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4615917A-F07E-4EAA-A440-8677C4C75453}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4983D242-8F19-4D5F-82C4-86D678600477}" = protocol=17 | dir=in | app=d:\reda\spiele\battlefield2\battlefield 2\bf2.exe | 
"{4A4669AC-69BD-4818-B706-1A9CA7EA1E7F}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{50A8726E-1286-41AA-8B50-A66AA21AB9B3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{50CC41C7-15F1-40D5-AE8E-E33320EDE5AD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{52809C78-93E6-40A1-B411-0A811F92D3AC}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\dataproxy.exe | 
"{532FCEA3-F9BB-496A-95EF-F0D796C9C775}" = dir=in | app=d:\reda\spiele\command & conquer 3\retailexe\1.9\cnc3game.dat | 
"{540AEF08-0CCC-4B43-9198-653AAC927762}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6092DE9D-D10C-4BC9-9B23-0D2B13276F4A}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{66D2C28B-F09C-4A21-92C5-DEFF125C8AA1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{7115721E-E646-4358-8D61-018D0703DB9D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{723850FC-6E5C-4D64-94A6-8E649FE80378}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{7975B6D8-7497-4392-BECE-61D08D586FBA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7D95EDCD-F5EB-4E82-B6F8-92F780D07649}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7F80B52F-F930-4B14-B1B9-B5B623FCEA1D}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{82A44103-D164-4E88-BC32-2286C1494166}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{89B8876A-CF3B-4A76-8881-8DA3B5486761}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{8C5F72B2-56DF-4C10-968B-2D35409B2F66}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{8D1DA36C-2EC1-4234-A7C8-7A8038D3DBC6}" = protocol=6 | dir=in | app=d:\reda\spiele\civiliization 4\civilization4.exe | 
"{9010A147-93E9-4620-9735-82EEF637BD7F}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{95E1C883-E5B0-48D0-A2D2-2C79C90A572F}" = protocol=6 | dir=in | app=d:\reda\spiele\colonization 4\colonization.exe | 
"{96B2592C-2943-4F69-B274-6A5F43F7F8A9}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{AAAE82E1-C70F-41DF-8876-549E4206C119}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{AD422013-0B18-477D-825D-A81629A5DA8B}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{B2204F63-BE2E-4D8F-82DC-ED344A06ED7A}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srfeature.exe | 
"{B9F86FD2-5D6F-42C3-AE9C-48998BEC22FF}" = protocol=17 | dir=in | app=d:\reda\spiele\colonization 4\colonization.exe | 
"{BD366C38-EFAD-4348-8191-EFCF1C390E8A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C4E9079A-CF9B-4628-8123-AC88CA1B9674}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C53583EE-FB57-4070-8F16-667E375191C8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{CD690B51-ED94-4412-B773-AA9E6F25C3D9}" = dir=in | app=c:\users\packer\appdata\local\microsoft\skydrive\skydrive.exe | 
"{CEDF5D2C-ED0C-4220-B7CC-DFE6274F0BC8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D2879927-4C34-41C8-BDB6-F9B50285E6E5}" = protocol=6 | dir=in | app=d:\reda\spiele\ut3\binaries\ut3.exe | 
"{D417FEB0-0AE9-46F6-BAF4-01A2E01E239B}" = protocol=6 | dir=in | app=d:\reda\spiele\battlefield2\battlefield 2\bf2.exe | 
"{D75BEF09-4EA8-477B-A251-D557B92012B8}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D9FA7979-FE01-4970-A18C-F0E61DE9878F}" = dir=in | app=c:\program files (x86)\splashtop\splashtop remote\server\srserver.exe | 
"{E1D63712-4ADB-4AD1-BACD-9DD1E3336BCA}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{E2DAC44C-65D4-4B91-A2E5-C328D4F9458C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{E326D65E-5765-4CB2-8B6E-A72A08450F6F}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{E921BB12-5A72-48AB-A6BE-BF5AED9BA1D4}" = protocol=17 | dir=in | app=d:\reda\spiele\ut3\binaries\ut3.exe | 
"{F38A0AF9-7B5C-4571-9C0B-A26725F4C2FC}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{F6CA98C1-B95C-4BE0-93EE-9201B7508156}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"TCP Query User{085A49A2-B89D-44B9-85C3-6CF7CFE4C08A}D:\reda\spiele\quake 3 arena\quake3.exe" = protocol=6 | dir=in | app=d:\reda\spiele\quake 3 arena\quake3.exe | 
"TCP Query User{10E08FFE-3402-4EEE-8B77-A96136C6A516}C:\users\packer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\packer\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{17ECA71F-3668-482A-BABE-52441436BED0}D:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe" = protocol=6 | dir=in | app=d:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe | 
"TCP Query User{18D8D189-7010-4489-9CAC-4A539435FB8F}C:\users\packer\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe" = protocol=6 | dir=in | app=c:\users\packer\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe | 
"TCP Query User{7EF88A62-9A70-487E-A4F1-0DBC21AB986E}D:\reda\spiele\css\css\hl2.exe" = protocol=6 | dir=in | app=d:\reda\spiele\css\css\hl2.exe | 
"TCP Query User{8A2BECC5-F58D-41F5-9861-B122C886A834}D:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe" = protocol=6 | dir=in | app=d:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe | 
"TCP Query User{9AA65B02-ABB4-4654-93BB-D14DAF256218}D:\reda\spiele\battlefield2\battlefield 2\bf2.exe" = protocol=6 | dir=in | app=d:\reda\spiele\battlefield2\battlefield 2\bf2.exe | 
"TCP Query User{A526997F-36DB-4C58-9AC1-47AAF37789EE}D:\reda\spiele\warcraft 3\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\reda\spiele\warcraft 3\warcraft iii\war3.exe | 
"TCP Query User{B5C3AEC1-0761-4C7E-8EBF-5D45C08BD3CA}D:\reda\spiele\warcraft 3\warcraft iii\war3.exe" = protocol=6 | dir=in | app=d:\reda\spiele\warcraft 3\warcraft iii\war3.exe | 
"TCP Query User{C4C4B218-09D6-473F-BB73-9422496DE41A}C:\users\packer\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\packer\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{CCA96253-E61A-4F43-A10C-39C220B1F66A}D:\reda\spiele\enemy territory - quake wars\etqw.exe" = protocol=6 | dir=in | app=d:\reda\spiele\enemy territory - quake wars\etqw.exe | 
"TCP Query User{D0175636-6F9E-4453-96B2-A14FEA9DD138}D:\reda\spiele\flatout2\flatout2.exe" = protocol=6 | dir=in | app=d:\reda\spiele\flatout2\flatout2.exe | 
"TCP Query User{DC62903D-747C-45D9-87AA-B402072AF9F0}D:\reda\spiele\game of thrones\binaries\win32\shippingpc-agotgame.exe" = protocol=6 | dir=in | app=d:\reda\spiele\game of thrones\binaries\win32\shippingpc-agotgame.exe | 
"TCP Query User{F877FD52-76BD-48DC-A43E-2CC1DB5A8569}D:\reda\iphone\tiny umbrella\tinyumbrella-6.00.01.exe" = protocol=6 | dir=in | app=d:\reda\iphone\tiny umbrella\tinyumbrella-6.00.01.exe | 
"UDP Query User{27B81399-3D56-47B0-9576-A5DC389A1453}D:\reda\spiele\warcraft 3\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\reda\spiele\warcraft 3\warcraft iii\war3.exe | 
"UDP Query User{28526246-191F-41B8-81C6-029E7FFE81EC}D:\reda\iphone\tiny umbrella\tinyumbrella-6.00.01.exe" = protocol=17 | dir=in | app=d:\reda\iphone\tiny umbrella\tinyumbrella-6.00.01.exe | 
"UDP Query User{2D2C432F-37AE-4F08-82DA-B3620480AC92}D:\reda\spiele\battlefield2\battlefield 2\bf2.exe" = protocol=17 | dir=in | app=d:\reda\spiele\battlefield2\battlefield 2\bf2.exe | 
"UDP Query User{372DC93E-56C1-446F-8A50-54286BD640A7}C:\users\packer\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\packer\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{43D32180-71CA-4AF3-9653-F5F3DB93A3E8}D:\reda\spiele\game of thrones\binaries\win32\shippingpc-agotgame.exe" = protocol=17 | dir=in | app=d:\reda\spiele\game of thrones\binaries\win32\shippingpc-agotgame.exe | 
"UDP Query User{49A1924E-351A-4457-8A4A-2B8830ED53CA}D:\reda\spiele\flatout2\flatout2.exe" = protocol=17 | dir=in | app=d:\reda\spiele\flatout2\flatout2.exe | 
"UDP Query User{660D222C-CD64-451E-9ADB-403F6704A884}D:\reda\spiele\enemy territory - quake wars\etqw.exe" = protocol=17 | dir=in | app=d:\reda\spiele\enemy territory - quake wars\etqw.exe | 
"UDP Query User{79F9D1B0-C10C-4E24-B768-55078B0A77C4}D:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe" = protocol=17 | dir=in | app=d:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe | 
"UDP Query User{8C8E9F72-BC9A-41D3-AFFB-AAC4AAEF18F3}D:\reda\spiele\css\css\hl2.exe" = protocol=17 | dir=in | app=d:\reda\spiele\css\css\hl2.exe | 
"UDP Query User{9105E99D-48FF-4FDC-8032-48EC61B2471C}D:\reda\spiele\quake 3 arena\quake3.exe" = protocol=17 | dir=in | app=d:\reda\spiele\quake 3 arena\quake3.exe | 
"UDP Query User{AD1A7279-CAC5-449E-B413-BA69496FF25C}D:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe" = protocol=17 | dir=in | app=d:\reda\spiele\warcraft iii   frozen throne v1.20e lan\war3.exe | 
"UDP Query User{B91EF315-54B4-4FE9-9259-FE7EC416C1D5}C:\users\packer\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\packer\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{BB4E163E-892B-4E48-B827-DF384A3C62C0}C:\users\packer\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe" = protocol=17 | dir=in | app=c:\users\packer\appdata\local\logmein rescue applet\lmir0004.tmp\lmi_rescue.exe | 
"UDP Query User{D720B2AF-FE51-4CE4-9E17-8EFA0A85DB5F}D:\reda\spiele\warcraft 3\warcraft iii\war3.exe" = protocol=17 | dir=in | app=d:\reda\spiele\warcraft 3\warcraft iii\war3.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{2E414A76-E6A7-3504-4235-29EAB3FE1F7A}" = ATI AVIVO64 Codecs
"{3768263E-8BE8-4CEF-9463-6D36F731824B}" = Windows Live Family Safety
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96CCD84C-3F80-C618-6202-568608213C7E}" = ccc-utility64
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FDB61EAE-7C1D-7EB6-E1EE-14528E3EB266}" = ATI Catalyst Install Manager
"2e730c18-03e8-4d1d-8fc2-0ee3ea04a765" = Shotty - Kleines aber eindrucksvolles Screenshot Tool
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Elantech" = ETDWare PS/2-x64 7.0.5.11_WHQL
"EPSON WF-2540 Series" = EPSON WF-2540 Series Printer Uninstall
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Shrew Soft VPN Client" = Shrew Soft VPN Client
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"USB2.0 UVC VGA WebCam" = USB2.0 UVC VGA WebCam
"VLC media player" = VLC media player 2.0.2
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{011162D5-6853-9D60-2BD4-1F3D01966A59}" = CCC Help English
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{05CF7905-AD18-769E-7717-1DC8AF388BEA}" = CCC Help Hungarian
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{1382CAD9-2A6A-F826-96DF-27CC6CC7B3B0}" = CCC Help Czech
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F4C4124-6D6C-4282-63B8-F9468E4404BC}" = Catalyst Control Center InstallProxy
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron Flash Media Controller Driver
"{28452235-8D43-464B-EDB2-18DA5542722D}" = CCC Help Portuguese
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{3BD37E91-C31A-CB8A-C48C-21CE58723AEF}" = CCC Help Polish
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4377F918-E6C9-4ECA-A7F5-754B310B7ED8}" = Sid Meier's Civilization 4
"{45235788-142C-44BE-8A4D-DDE9A84492E5}" = AGEIA PhysX v7.09.13
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{47A1A0D5-37DE-7A02-F411-8DFBA338CCC2}" = CCC Help Swedish
"{47B4F3BD-1FCB-914B-397A-7220136A175F}" = CCC Help Japanese
"{4AB8B41B-3AF1-46BE-99B0-0ACD3B300C0A}" = Junk Mail filter update
"{4D38B420-FDA9-282A-DBBA-3E8E9158A5F4}" = Catalyst Control Center Localization All
"{54F09E50-C837-468D-AEB0-8F0C110B40D8}" = Game of Thrones
"{590744B2-5816-412C-8911-BB8266CF439E}_is1" = Risen 2 Dark Waters Version v1.0
"{597535B3-348A-8FBF-1C39-C21E634C1E8A}" = CCC Help Norwegian
"{5A166C0B-9557-4364-A057-F946D674E6AC}" = Windows Live Mail
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69A7B958-4617-9924-F32B-7C1FF3C7EE6C}" = Catalyst Control Center Graphics Previews Common
"{6B96DADA-1A27-4A04-8CB2-CC45168D05FA}" = Windows Live Fotogalerie
"{73AA1842-2960-328C-E51E-CEC0B23950C2}" = Catalyst Control Center Graphics Previews Vista
"{75CE15F1-3508-D4AA-6EB4-AB9D55FAD076}" = CCC Help Russian
"{76246D4D-C095-5B94-9EFA-0F6DFF804BB1}" = CCC Help Greek
"{77CC4640-98F0-603A-2CDB-A981F09FED6D}" = CCC Help French
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D1C43EB-EAE9-5D8C-FEF4-E00AF6B9500F}" = CCC Help Finnish
"{81821BF8-DA20-4F8C-AA87-F70A274828D4}" = Windows Live Writer
"{81BEA2F5-4F9B-4AF5-A9B2-3210F71931D3}" = Catalyst Control Center - Branding
"{835686C5-8650-49EB-8CA0-4528B4035495}" = Windows Live Call
"{837B6259-6FF5-4E66-87C1-A5A15ED36FF4}" = Windows Live Messenger
"{83E2CFA9-E0EB-4E08-9F85-43E577FF3D60}" = Windows Live Anmelde-Assistent
"{886EA01E-D4B4-D2E1-CEA2-213E9C06DFF5}" = CCC Help Spanish
"{88799CBD-90A6-67FB-310E-79CAB1479F0F}" = CCC Help Chinese Traditional
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8C1E2925-14F8-45AA-B999-1E2A74BF5607}" = Windows Live Sync
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{8FFC5648-FAF8-43A3-BC8F-42BA1E275C4E}" = Choice Guard
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUSR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUSR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUSR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PRJPROR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010
"{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUSR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010
"{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{96DCEE2F-98EE-4F80-8C0F-7C04D1FB9D7F}" = JMicron Ethernet Adapter NDIS Driver
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8847D7-DF68-2325-250A-96BE101FCF69}" = CCC Help Italian
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA8F54E5-393C-B09B-B641-7CE1D1E1933F}" = CCC Help Dutch
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI - Deutsch
"{B653A2EC-D816-4498-A4FD-651047AB9DC9}" = Boingo Wi-Fi
"{B8174E5B-B515-3423-1273-4B4B6B483C4B}" = CCC Help Chinese Standard
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{BBED4F90-7AE5-40BF-AFB7-1B495692F4AB}" = syncables desktop SE
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C1234B72-5EAF-807C-46E8-59A1C9FEF6CA}" = CCC Help Turkish
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CFBCE791-2D53-4FCE-B3FB-D6E01F4112E8}" = Sid Meier's Civilization 4
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D5CCDB0C-00B7-3A4F-3877-6C57920F05D8}" = CCC Help Korean
"{DA8D3A2D-5FD5-82D1-C9A8-801079EE0FD0}" = CCC Help Thai
"{DAB623DC-33F2-E22E-7B24-2270E8AB1EB3}" = ccc-core-static
"{DDA92568-FE0E-E2F4-35A5-7CD99ADACF26}" = CCC Help Danish
"{DF5F687F-8018-4542-9F98-7084E9022917}" = Windows Live Essentials
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EC6A04DE-135E-AC5C-AA19-8E350AA5B6D4}" = CCC Help German
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{EF36A836-BF89-4A4F-B079-057B0C68C1E0}" = Sid Meier's Civilization IV Colonization
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F69E83CF-B440-43F8-89E6-6EA80712109B}" = Windows Live Communications Platform
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Anti-Twin 2012-10-30 18.39.26" = Anti-Twin (Installation 30.10.2012)
"ASUS WebStorage" = ASUS WebStorage
"DAEMON Tools Lite" = DAEMON Tools Lite
"GhostMouse_is1" = GhostMouse
"Imperialism II" = Imperialism II
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"K_Series_ScreenSaver_EN" = K_Series_ScreenSaver_EN
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NIS" = Norton Internet Security CBE
"Office14.PRJPROR" = Microsoft Project Professional 2010
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"Security Task Manager" = Security Task Manager 1.8d
"Splashtop Software Updater" = Splashtop Software Updater
"VLC media player" = VLC media player 2.0.4
"WinLiveSuite_Wave3" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2886150675-1149921084-1045049894-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Google Chrome" = Google Chrome
"InstallShield_{FDBBAF14-5ED8-49B7-A5BE-1C35668B074D}" = Unreal Tournament 3 (LG)
"SkyDriveSetup.exe" = Microsoft SkyDrive
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.04.2013 03:27:05 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2013 03:27:05 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 2012
 
Error - 02.04.2013 03:27:05 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 2012
 
Error - 02.04.2013 03:27:06 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2013 03:27:06 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 3011
 
Error - 02.04.2013 03:27:06 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 3011
 
Error - 02.04.2013 03:45:03 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 02.04.2013 03:45:03 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1079839
 
Error - 02.04.2013 03:45:03 | Computer Name = Packer-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1079839
 
Error - 02.04.2013 15:10:14 | Computer Name = Packer-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
[ System Events ]
Error - 31.03.2013 14:58:27 | Computer Name = Packer-PC | Source = bowser | ID = 8003
Description = 
 
Error - 31.03.2013 18:04:56 | Computer Name = Packer-PC | Source = bowser | ID = 8003
Description = 
 
Error - 01.04.2013 06:20:56 | Computer Name = Packer-PC | Source = bowser | ID = 8003
Description = 
 
Error - 01.04.2013 06:25:48 | Computer Name = Packer-PC | Source = bowser | ID = 8003
Description = 
 
Error - 01.04.2013 15:29:14 | Computer Name = Packer-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.04.2013 15:29:14 | Computer Name = Packer-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.04.2013 17:04:20 | Computer Name = Packer-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.04.2013 17:04:20 | Computer Name = Packer-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.04.2013 17:06:39 | Computer Name = Packer-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
Error - 01.04.2013 17:06:39 | Computer Name = Packer-PC | Source = ACPI | ID = 327690
Description = ACPI: ACPI-BIOS versucht, in einen ungültigen PCI-Operationsbereich
 (0x4) zu schreiben. Wenden Sie sich an den Systemhersteller, um technische Unterstützung
 zu erhalten.
 
 
< End of report >


Alt 06.04.2013, 19:33   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________
--> Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet

Alt 10.04.2013, 20:44   #7
Packer
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-07 20:24:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0003 465,76GB
Running: lkce4w10.exe; Driver: C:\Windows\TEMP\ufdiapoc.sys


---- User code sections - GMER 2.1 ----

.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess          000000007713fc90 5 bytes JMP 000000010010091c
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory        000000007713fdf4 5 bytes JMP 0000000100100048
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                 000000007713fe88 5 bytes JMP 00000001001002ee
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread              000000007713ffe4 5 bytes JMP 00000001001004b2
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory      0000000077140018 5 bytes JMP 00000001001009fe
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread              0000000077140048 5 bytes JMP 0000000100100ae0
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread           0000000077140064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant              000000007714077c 5 bytes JMP 000000010010012a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject  000000007714086c 5 bytes JMP 0000000100100758
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx            0000000077140884 5 bytes JMP 0000000100100676
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                0000000077140dd4 5 bytes JMP 00000001001003d0
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread          0000000077141900 5 bytes JMP 0000000100100594
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation      0000000077141bc4 5 bytes JMP 000000010010083a
.text   C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe[1644] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread             0000000077141d50 5 bytes JMP 000000010010020c
.text   C:\Users\Packer\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe[3896] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                            0000000076581492 7 bytes JMP 000000010019059e
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                        000000007713fc90 5 bytes JMP 000000010009091c
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                      000000007713fdf4 5 bytes JMP 0000000100090048
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                               000000007713fe88 5 bytes JMP 00000001000902ee
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                            000000007713ffe4 5 bytes JMP 00000001000904b2
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                    0000000077140018 5 bytes JMP 00000001000909fe
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                            0000000077140048 5 bytes JMP 0000000100090ae0
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                         0000000077140064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                            000000007714077c 5 bytes JMP 000000010009012a
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                000000007714086c 5 bytes JMP 0000000100090758
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                          0000000077140884 5 bytes JMP 0000000100090676
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                              0000000077140dd4 5 bytes JMP 00000001000903d0
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                        0000000077141900 5 bytes JMP 0000000100090594
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                    0000000077141bc4 5 bytes JMP 000000010009083a
.text   C:\Program Files (x86)\iTunes\iTunesHelper.exe[3108] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                           0000000077141d50 5 bytes JMP 000000010009020c
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                 000000007713fc90 5 bytes JMP 000000010028091c
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                               000000007713fdf4 5 bytes JMP 0000000100280048
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                        000000007713fe88 5 bytes JMP 00000001002802ee
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                     000000007713ffe4 5 bytes JMP 00000001002804b2
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                             0000000077140018 5 bytes JMP 00000001002809fe
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                     0000000077140048 5 bytes JMP 0000000100280ae0
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                  0000000077140064 5 bytes JMP 000000010002004c
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                     000000007714077c 5 bytes JMP 000000010028012a
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                         000000007714086c 5 bytes JMP 0000000100280758
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                   0000000077140884 5 bytes JMP 0000000100280676
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                       0000000077140dd4 5 bytes JMP 00000001002803d0
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                 0000000077141900 5 bytes JMP 0000000100280594
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                             0000000077141bc4 5 bytes JMP 000000010028083a
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                    0000000077141d50 5 bytes JMP 000000010028020c
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                        0000000076581492 7 bytes JMP 000000010029059e
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                   000000007605524f 7 bytes JMP 0000000100280f52
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                       00000000760553d0 7 bytes JMP 0000000100290210
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                      0000000076055677 1 byte JMP 0000000100290048
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                      0000000076055679 5 bytes {JMP 0xffffffff8a23a9d1}
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                             000000007605589a 7 bytes JMP 0000000100280ca6
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                             0000000076055a1d 7 bytes JMP 00000001002903d8
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                        0000000076055c9b 7 bytes JMP 000000010029012c
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                          0000000076055d87 7 bytes JMP 00000001002902f4
.text   C:\Program Files (x86)\ASUS\SmartLogon\smartlogon.exe[6980] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                         0000000076057240 7 bytes JMP 0000000100280e6e
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess                                                                              000000007713fc90 5 bytes JMP 00000001004f091c
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory                                                                            000000007713fdf4 5 bytes JMP 00000001004f0048
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent                                                                                     000000007713fe88 5 bytes JMP 00000001004f02ee
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread                                                                                  000000007713ffe4 5 bytes JMP 00000001004f04b2
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory                                                                          0000000077140018 5 bytes JMP 00000001004f09fe
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread                                                                                  0000000077140048 5 bytes JMP 00000001004f0ae0
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread                                                                               0000000077140064 5 bytes JMP 000000010002004c
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant                                                                                  000000007714077c 5 bytes JMP 00000001004f012a
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject                                                                      000000007714086c 5 bytes JMP 00000001004f0758
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx                                                                                0000000077140884 5 bytes JMP 00000001004f0676
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver                                                                                    0000000077140dd4 5 bytes JMP 00000001004f03d0
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread                                                                              0000000077141900 5 bytes JMP 00000001004f0594
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation                                                                          0000000077141bc4 5 bytes JMP 00000001004f083a
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread                                                                                 0000000077141d50 5 bytes JMP 00000001004f020c
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206                                                                000000007605524f 7 bytes JMP 00000001004f0f52
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380                                                                    00000000760553d0 7 bytes JMP 0000000100500210
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149                                                                   0000000076055677 1 byte JMP 0000000100500048
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151                                                                   0000000076055679 5 bytes {JMP 0xffffffff8a4aa9d1}
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542                                                                          000000007605589a 7 bytes JMP 00000001004f0ca6
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382                                                                          0000000076055a1d 7 bytes JMP 00000001005003d8
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370                                                                     0000000076055c9b 7 bytes JMP 000000010050012c
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231                                                                       0000000076055d87 7 bytes JMP 00000001005002f4
.text   D:\download\lkce4w10.exe[5540] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123                                                      0000000076057240 7 bytes JMP 00000001004f0e6e
.text   D:\download\lkce4w10.exe[5540] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882                                                                     0000000076581492 7 bytes JMP 00000001005004bc

---- Threads - GMER 2.1 ----

Thread  C:\Windows\System32\svchost.exe [992:1352]                                                                                                                   000007fef95759a0
Thread  C:\Windows\System32\svchost.exe [992:2588]                                                                                                                   000007fef75b20c0
Thread  C:\Windows\System32\svchost.exe [992:2592]                                                                                                                   000007fef75b26a8
Thread  C:\Windows\System32\svchost.exe [992:3980]                                                                                                                   000007fefc781a70
Thread  C:\Windows\System32\svchost.exe [992:4160]                                                                                                                   000007fef83044e0
Thread  C:\Windows\System32\svchost.exe [992:2736]                                                                                                                   000007fef5aa42c8
Thread  C:\Windows\System32\svchost.exe [992:2720]                                                                                                                   000007fef1705fd0
Thread  C:\Windows\System32\svchost.exe [992:2768]                                                                                                                   000007fef17063ec
Thread  C:\Windows\System32\svchost.exe [992:4000]                                                                                                                   000007fef87a88f8
Thread  C:\Windows\System32\svchost.exe [992:5876]                                                                                                                   000007fefa358a4c
Thread  C:\Windows\System32\svchost.exe [992:2612]                                                                                                                   000007fef75b29dc
Thread  C:\Windows\system32\svchost.exe [1392:3328]                                                                                                                  000007fef8cd2888
Thread  C:\Windows\system32\svchost.exe [1392:1724]                                                                                                                  000007fef8cd2a40
Thread  C:\Program Files\Windows Media Player\wmpnetwk.exe [3504:1408]                                                                                               000007fefb0b2a7c
Thread  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2392:1076]                                                                          000007feef2ccc10
Thread  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2392:2644]                                                                          000007feef18b564
Thread  C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe [2392:2752]                                                                          000007feef18b564

---- EOF - GMER 2.1 ----

Mbar hatnichts gefunden....
Kann das an den einstellungen liegen die ich 2 tage vor eröffnen des Themas gemacht habe oder bin ich einfach nur paranoid?

Alt 10.04.2013, 22:17   #8
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Ich hab doch vorher drauf hingewiesen bei den Punkten die du genau lesen solltest; die Logs sollten immer gepostet werden egal ob Fund oder kein Fund. MBAR bitte nachreichen
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.04.2013, 05:17   #9
Packer
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


Entschuldige bitte. Hier die log vom scann

Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org

Database version: v2013.04.08.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16521
Packer :: PACKER-PC [administrator]

08.04.2013 18:19:47
mbar-log-2013-04-08 (18-19-47).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 29017
Time elapsed: 17 minute(s), 36 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)

ausserdem noch die system log zur sicherheit

Code:
ATTFilter
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.729000 GHz
Memory total: 4215812096, free: 1698525184

------------ Kernel report ------------
     04/08/2013 17:58:52
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kdcom.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\CLFS.SYS
\SystemRoot\system32\CI.dll
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\system32\drivers\ACPI.sys
\SystemRoot\system32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\msisadrv.sys
\SystemRoot\system32\drivers\pci.sys
\SystemRoot\system32\drivers\vdrvroot.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\system32\DRIVERS\compbatt.sys
\SystemRoot\system32\DRIVERS\BATTC.SYS
\SystemRoot\system32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\system32\drivers\pciide.sys
\SystemRoot\system32\drivers\PCIIDEX.SYS
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\system32\DRIVERS\iaStor.sys
\SystemRoot\system32\drivers\atapi.sys
\SystemRoot\system32\drivers\ataport.SYS
\SystemRoot\system32\drivers\msahci.sys
\SystemRoot\system32\drivers\amdxata.sys
\SystemRoot\system32\drivers\fltmgr.sys
\SystemRoot\system32\drivers\NISx64\1403000.024\SYMDS64.SYS
\SystemRoot\system32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\AsDsm.sys
\SystemRoot\system32\drivers\NISx64\1403000.024\SYMEFA64.SYS
\SystemRoot\System32\Drivers\Ntfs.sys
\SystemRoot\System32\Drivers\msrpc.sys
\SystemRoot\System32\Drivers\ksecdd.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\system32\drivers\volsnap.sys
\SystemRoot\System32\Drivers\spldr.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\hwpolicy.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\system32\DRIVERS\disk.sys
\SystemRoot\system32\DRIVERS\CLASSPNP.SYS
\SystemRoot\system32\drivers\cdrom.sys
\SystemRoot\system32\drivers\NISx64\1403000.024\ccSetx64.sys
\SystemRoot\system32\drivers\NISx64\1403000.024\Ironx64.SYS
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\vga.sys
\SystemRoot\System32\drivers\VIDEOPRT.SYS
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\DRIVERS\RDPCDD.sys
\SystemRoot\system32\drivers\rdpencdd.sys
\SystemRoot\system32\drivers\rdprefmp.sys
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\DRIVERS\wfplwf.sys
\SystemRoot\system32\DRIVERS\pacer.sys
\SystemRoot\system32\DRIVERS\vwififlt.sys
\SystemRoot\system32\DRIVERS\SymIMv.sys
\SystemRoot\system32\DRIVERS\vfilter.sys
\SystemRoot\system32\DRIVERS\netbios.sys
\SystemRoot\system32\DRIVERS\wanarp.sys
\SystemRoot\system32\drivers\termdd.sys
\SystemRoot\System32\Drivers\NISx64\1403000.024\SYMNETS.SYS
\??\C:\Windows\system32\Drivers\SYMEVENT64x86.SYS
\SystemRoot\system32\drivers\NISx64\1403000.024\SRTSPX64.SYS
\SystemRoot\system32\DRIVERS\rdbss.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\system32\drivers\mssmbios.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys
\??\C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys
\SystemRoot\System32\drivers\discache.sys
\SystemRoot\System32\Drivers\dfsc.sys
\SystemRoot\system32\DRIVERS\blbdrive.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\BASHDefs\20130322.001\BHDrvx64.sys
\SystemRoot\system32\DRIVERS\tunnel.sys
\SystemRoot\system32\DRIVERS\atikmpag.sys
\SystemRoot\system32\DRIVERS\atikmdag.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\dxgmms1.sys
\SystemRoot\system32\drivers\HDAudBus.sys
\SystemRoot\system32\DRIVERS\HECIx64.sys
\SystemRoot\system32\drivers\usbehci.sys
\SystemRoot\system32\drivers\USBPORT.SYS
\SystemRoot\system32\DRIVERS\athrx.sys
\SystemRoot\system32\DRIVERS\vwifibus.sys
\SystemRoot\system32\DRIVERS\jmcr.sys
\SystemRoot\system32\DRIVERS\SCSIPORT.SYS
\SystemRoot\system32\DRIVERS\JME.sys
\SystemRoot\system32\DRIVERS\i8042prt.sys
\SystemRoot\system32\DRIVERS\ETD.sys
\SystemRoot\system32\DRIVERS\mouclass.sys
\SystemRoot\system32\DRIVERS\kbfiltr.sys
\SystemRoot\system32\DRIVERS\kbdclass.sys
\SystemRoot\system32\DRIVERS\GEARAspiWDM.sys
\SystemRoot\system32\DRIVERS\CmBatt.sys
\SystemRoot\system32\DRIVERS\intelppm.sys
\SystemRoot\system32\DRIVERS\ATK64AMD.sys
\SystemRoot\system32\drivers\CompositeBus.sys
\SystemRoot\system32\DRIVERS\AgileVpn.sys
\SystemRoot\system32\DRIVERS\rasl2tp.sys
\SystemRoot\system32\DRIVERS\ndistapi.sys
\SystemRoot\system32\DRIVERS\ndiswan.sys
\SystemRoot\system32\DRIVERS\raspppoe.sys
\SystemRoot\system32\DRIVERS\raspptp.sys
\SystemRoot\system32\DRIVERS\rassstp.sys
\SystemRoot\system32\drivers\swenum.sys
\SystemRoot\system32\drivers\ks.sys
\SystemRoot\system32\DRIVERS\dtsoftbus01.sys
\SystemRoot\system32\DRIVERS\umbus.sys
\SystemRoot\system32\DRIVERS\usbhub.sys
\SystemRoot\System32\Drivers\NDProxy.SYS
\SystemRoot\system32\drivers\AtihdW76.sys
\SystemRoot\system32\drivers\portcls.sys
\SystemRoot\system32\drivers\drmk.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\system32\drivers\CHDRT64.sys
\SystemRoot\system32\DRIVERS\usbccgp.sys
\SystemRoot\system32\DRIVERS\USBD.SYS
\SystemRoot\system32\DRIVERS\snp2uvc.sys
\SystemRoot\system32\DRIVERS\STREAM.SYS
\SystemRoot\system32\DRIVERS\sncduvc.SYS
\SystemRoot\system32\DRIVERS\hidusb.sys
\SystemRoot\system32\DRIVERS\HIDCLASS.SYS
\SystemRoot\system32\DRIVERS\HIDPARSE.SYS
\SystemRoot\system32\DRIVERS\kbdhid.sys
\SystemRoot\system32\DRIVERS\mouhid.sys
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\Drivers\dump_iaStor.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\drivers\Dxapi.sys
\SystemRoot\system32\DRIVERS\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\lltdio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\SystemRoot\system32\DRIVERS\ndisuio.sys
\SystemRoot\system32\DRIVERS\rspndr.sys
\SystemRoot\system32\DRIVERS\TurboB.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\Drivers\secdrv.SYS
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\Drivers\NISx64\1403000.024\SRTSP64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\IPSDefs\20130405.001\IDSvia64.sys
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130406.008\EX64.SYS
\??\C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.1.1.2\Definitions\VirusDefs\20130406.008\ENG64.SYS
\??\C:\Windows\TEMP\ufdiapoc.sys
\SystemRoot\system32\drivers\WudfPf.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\mbamswissarmy.sys
\Windows\System32\ntdll.dll
\Windows\System32\smss.exe
\Windows\System32\apisetschema.dll
\Windows\System32\autochk.exe
\Windows\System32\urlmon.dll
\Windows\System32\user32.dll
\Windows\System32\psapi.dll
\Windows\System32\gdi32.dll
\Windows\System32\iertutil.dll
\Windows\System32\shlwapi.dll
\Windows\System32\usp10.dll
\Windows\System32\advapi32.dll
\Windows\System32\clbcatq.dll
\Windows\System32\msvcrt.dll
\Windows\System32\oleaut32.dll
\Windows\System32\imm32.dll
----------- End -----------
<<<1>>>
Upper Device Name: \Device\Harddisk0\DR0
Upper Device Object: 0xfffffa8004e90790
Upper Device Driver Name: \Driver\Disk\
Lower Device Name: \Device\Ide\IAAStorageDevice-1\
Lower Device Object: 0xfffffa8004bdd050
Lower Device Driver Name: \Driver\iaStor\
Driver name found: iaStor
Initialization returned 0x0
Load Function returned 0x0
Downloaded database version: v2013.04.08.04
Downloaded database version: v2013.03.25.01
Initializing...
Done!
<<<2>>>
Device number: 0, partition: 2
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xfffffa8004e90790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
--------- Disk Stack ------
DevicePointer: 0xfffffa8004e902c0, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xfffffa8004e90790, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
DevicePointer: 0xfffffa8004bda9d0, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xfffffa8004bdd050, DeviceName: \Device\Ide\IAAStorageDevice-1\, DriverName: \Driver\iaStor\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\Disk\
Upper DeviceData: 0xfffff8a006819520, 0xfffffa8004e90790, 0xfffffa800d2aa1e0
Lower DeviceData: 0xfffff8a01b6a5a10, 0xfffffa8004bdd050, 0xfffffa800d21e9b0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning directory: C:\Windows\system32\drivers...
<<<2>>>
Device number: 0, partition: 2
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Done!
Drive 0
Scanning MBR on drive 0...
Inspecting partition table:
MBR Signature: 55AA
Disk Signature: 237A506

Partition information:

    Partition 0 type is Other (0x1c)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 64  Numsec = 40960000

    Partition 1 type is Primary (0x7)
    Partition is ACTIVE.
    Partition starts at LBA: 40960064  Numsec = 244193280
    Partition file system is NTFS
    Partition is bootable

    Partition 2 type is Extended with LBA (0xf)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 285155328  Numsec = 691615744

    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0

Disk Size: 500107862016 bytes
Sector size: 512 bytes

Scanning physical sectors of unpartitioned space on drive 0 (1-63-976753168-976773168)...
Done!
Performing system, memory and registry scan...
Done!
Scan finished
=======================================


---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.01.0.1022

(c) Malwarebytes Corporation 2011-2012

OS version: 6.1.7601 Windows 7 Service Pack 1 x64

Account is Administrative

Internet Explorer version: 10.0.9200.16521

File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 1.729000 GHz
Memory total: 4215812096, free: 2663137280

=======================================

Alt 11.04.2013, 08:45   #10
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Standard

Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


aswMBR

Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung)
    Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten".
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. (Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen )
    Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS-Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort.

Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung

Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none).




TDSS-Killer

Downloade dir bitte TDSSKiller TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe - Einstellen wie in der Anleitung zu TDSSKiller beschrieben.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und klicke auf Continue.
    TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern (Meistens C:\)
    Als Beispiel: C:\TDSSKiller.<Version_Datum_Uhrzeit>log.txt
Poste den Inhalt bitte in jedem Fall hier in deinen Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet
besitzer, blöd, bruder, drucker, einfach, eingeschränkt, fake, festgestellt, folge, gefährlich, gruppe, hohe, internet, jahre, karte, kreditkarte, langsam, laptop, nichts, norton, ordner, problem, programme, rechner, server, sicherheit, sniffing, traffic, verbindung, zertifikate


« PC-Kauf von privat - überprüfung auf viren und schädlinge und trojaner | Mydirtyhobby.de...? »


Ähnliche Themen: Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet


  1. Kritische OpenSSL-Lücke erlaubt gefälschte Server-Zertifikate
    Nachrichten - 09.07.2015 (0)
  2. Android SMS Trojaner |Google FAKE Installer (Downloadlink von Dropbox)
    Smartphone, Tablet & Handy Security - 06.07.2014 (0)
  3. Windows 7: 2 Rechner mit fake-Java-update und nicht eingrenzbarer Audio-Werbung in chrome befallen
    Log-Analyse und Auswertung - 10.02.2014 (22)
  4. Windows 7 64 bit - Rechner sehr langsam nach Installation eines fake Adobe-Updates
    Log-Analyse und Auswertung - 14.12.2013 (9)
  5. trojan.fake.ms wurde von malwarebytes erkannt auf einen xp rechner
    Plagegeister aller Art und deren Bekämpfung - 16.08.2013 (11)
  6. Savings Sidekick und Babylon object installer gefunden, Rechner verlangsamt, bluescreens
    Log-Analyse und Auswertung - 05.04.2013 (16)
  7. Trusted Shop Fake Mail mit Virus-PDF
    Log-Analyse und Auswertung - 26.02.2013 (3)
  8. Trojan.FakeMS, Rechner gesperrt, GVU Trojaner (BSI) Webcam-Fake, Zahlung: PaysafeCard, UKash
    Log-Analyse und Auswertung - 30.11.2012 (1)
  9. Fake-Mail 1&1 Telecom, Exploit.JS.pdfka.ggb, Rechner infiziert trotz Abwehr durch Kaspersky?
    Log-Analyse und Auswertung - 29.10.2012 (9)
  10. Trusted Installer
    Alles rund um Windows - 26.03.2012 (17)
  11. verursacht Trojaner auf meinem Rechner kryptische Zeichen auf Server?
    Log-Analyse und Auswertung - 09.01.2012 (0)
  12. 'server.exe' entzieht adminrechte - Wiederherstellen der Rechte?
    Log-Analyse und Auswertung - 09.10.2010 (5)
  13. Trojan.fake av auf dem Rechner
    Log-Analyse und Auswertung - 29.05.2010 (1)
  14. Neuaugesetzt und eingerichtet, was is überflüssig, fehlt?
    Log-Analyse und Auswertung - 15.01.2010 (21)
  15. Fake AV spammt Rechner zu
    Plagegeister aller Art und deren Bekämpfung - 09.03.2009 (4)
  16. Mein Rechner als Spam Server... und nach Neuinstall immernoch
    Plagegeister aller Art und deren Bekämpfung - 08.02.2007 (11)
  17. trusted zone eintrag
    Log-Analyse und Auswertung - 13.02.2005 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet - Guten Morgen Vorab möchte ich mich bedanken das ihr euch zeit für mich nehmt! Ich habe folgendes Problem, den Laptop den ich von meinem Bruder übernommen habe (er ist für - Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet...
Archiv
Du betrachtest: Rechte eingeschränkt, Fake Zertifikate,Trusted Installer GROOVEEX.DLL und Server auf dem Rechner eingerichtet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55