| |
| |||||||
Log-Analyse und Auswertung: BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\''Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
08.04.2013, 20:37
| #1 |
| |  BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' Hey liebes trojaner-board Team, schonmal vielen Dank im Vorraus, ist echt eine super Sache hier! Also, ich habe mir jedenfalls gerade einen neuen PC zugelegt, alles ordnungsgemäß installiert und funktioniert auch alles einwandfrei. Zum Schluss habe ich eben nochmal mit Avira antivir eine Vollständige Systemprüfung durchgeführt. Und wie der Titel schon sagt, wurde der "BOO/Whistler.DB" Bootvirus in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' entdeckt. (HD1 ist nicht die Systempartition sondern bei mir E:\ wo ich alle meine Daten speichere und I ist hier meine Externe Festplatte, die zur Datensicherung von E:\ dient.) Natürlich habe ich mich erstmal selbst ein wenig informiert und bin schließlich auf den Avira bootwizard gestoßen und habe den Bootsektor mit der gebrannten CD dann überschrieben. Nach dem 1. mal hat es garnichts genützt, beim 2. mal anscheinend schon, denn dann hat weder Windows Defender mit Schnellüberprüfung, noch Aviras Komplettsuchlauf den besagten Bootvirus, noch irgendeinen anderen Schädling entdeckt. Jetzt habe ich dennoch ein bisschen Angst, dass noch irgendetwas Schädliches vorhanden ist, wäre schon ärgerlich bei einem komplett neuen PC. So, ich hoffe mal, dass ich nichts vergessen habe. Hier die 3 benötigten Scans: OTL.txt Code:
ATTFilter OTL logfile created on: 08.04.2013 20:53:31 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16521) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 78,04% Memory free 15,92 Gb Paging File | 12,94 Gb Available in Paging File | 81,30% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 58,58 Gb Total Space | 23,90 Gb Free Space | 40,80% Space Free | Partition Type: NTFS Drive D: | 200,01 Gb Total Space | 175,04 Gb Free Space | 87,52% Space Free | Partition Type: NTFS Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe PRC - [2013.04.03 12:54:59 | 000,920,472 | ---- | M] (Mozilla Corporation) -- D:\Mozilla Firefox\firefox.exe PRC - [2013.03.31 03:38:37 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe PRC - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013.03.30 19:54:31 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.04 15:22:01 | 000,291,648 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe PRC - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2012.02.01 17:29:56 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe ========== Modules (No Company Name) ========== MOD - [2013.04.03 12:54:59 | 003,143,576 | ---- | M] () -- D:\Mozilla Firefox\mozjs.dll MOD - [2013.03.31 03:38:37 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll MOD - [2013.03.30 23:44:44 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\1c402ca365b68a2616ea3a5194d38310\IAStorCommon.ni.dll MOD - [2013.03.30 23:43:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.03.30 23:43:57 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.03.30 23:43:53 | 000,489,472 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\8c78244854f84b69701fcee19b543645\IAStorUtil.ni.dll MOD - [2013.03.30 23:43:50 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll MOD - [2013.03.30 23:43:45 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.03.30 23:43:18 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.03.30 23:43:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.03.30 23:43:14 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.03.30 23:43:05 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.30 12:45:56 | 000,122,880 | ---- | M] () -- D:\MSI Afterburner\Bundle\OSDServer\RTSSHooks.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.12.11 08:59:08 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2013.03.31 03:38:37 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.03.30 19:55:26 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.03.30 19:54:33 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2013.03.07 16:29:15 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.23 22:57:38 | 000,366,552 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- D:\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.07.09 01:40:10 | 000,104,912 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2012.05.10 16:20:34 | 000,165,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service) SRV - [2012.04.20 15:16:12 | 000,635,104 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R) SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.08.30 16:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.03.04 08:42:06 | 000,127,568 | ---- | M] (Qualcomm Atheros Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2013.02.22 08:44:18 | 002,210,376 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2013.01.23 22:57:32 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.17 22:15:12 | 000,066,800 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt) DRV:64bit: - [2012.12.21 14:53:58 | 000,017,480 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\epmntdrv.sys -- (epmntdrv) DRV:64bit: - [2012.12.21 14:53:58 | 000,009,800 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\EuGdiDrv.sys -- (EuGdiDrv) DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.12.04 15:21:10 | 000,791,608 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc) DRV:64bit: - [2012.12.04 15:21:10 | 000,020,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs) DRV:64bit: - [2012.12.04 15:21:09 | 000,358,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub) DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 16:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.05 13:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.03 20:23:56 | 000,084,736 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2012.02.03 20:23:56 | 000,059,520 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2012.02.01 17:16:40 | 000,568,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.11.02 11:48:26 | 000,021,616 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 05:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid) DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2013.04.07 20:57:03 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2013.04.07 20:52:54 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv) DRV - [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.12.21 14:54:00 | 000,014,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\epmntdrv.sys -- (epmntdrv) DRV - [2012.12.21 14:53:58 | 000,009,160 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\EuGdiDrv.sys -- (EuGdiDrv) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2006.07.19 13:04:00 | 000,014,608 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\atBIOS\AtiTool\atillk64.sys -- (atillk64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 24 7A 8B 35 6E 2D CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: foxyproxy%40eric.h.jung:4.1.3 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: D:\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: B:\java\jre7\bin\plugin2\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: B:\Mozilla Firefox\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: B:\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: B:\Mozilla Thunderbird\components FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: B:\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: D:\Mozilla Firefox\components [2013.04.03 12:54:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: D:\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: D:\Mozilla Thunderbird\components [2013.03.31 01:24:03 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: D:\Mozilla Thunderbird\plugins [2013.03.31 00:17:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Extensions [2013.03.31 17:35:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions [2013.03.31 17:35:05 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Manu\AppData\Roaming\mozilla\Firefox\Profiles\qu7f4cso.default\extensions\foxyproxy@eric.h.jung [2013.03.31 01:01:03 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Manu\AppData\Roaming\mozilla\firefox\profiles\qu7f4cso.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - D:\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - Startup: C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Manu\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - D:\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8AE74B7-2DF4-47A9-824E-79235F413517}: NameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - D:\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{0895bac7-9950-11e2-9bf0-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{0895bac7-9950-11e2-9bf0-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Run.exe O33 - MountPoints2\{61d90c3e-999f-11e2-9dac-902b349a10e2}\Shell - "" = AutoRun O33 - MountPoints2\{61d90c3e-999f-11e2-9dac-902b349a10e2}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.08 20:51:06 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe [2013.04.08 00:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Sync Framework [2013.04.07 23:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamSpeak 3 Client [2013.04.07 23:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\TeamViewer [2013.04.07 22:28:55 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2013.04.07 22:28:51 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner [2013.04.05 19:30:32 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.05 18:49:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\LOLReplay [2013.04.03 03:41:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD [2013.04.03 01:14:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2013.04.01 15:37:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Trymedia [2013.04.01 15:30:20 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Monolith Productions [2013.04.01 15:27:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FEAR [2013.04.01 15:00:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.01 14:57:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam [2013.04.01 14:28:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando [2013.04.01 14:16:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Wars Republic Commando [2013.04.01 13:49:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Office [2013.04.01 04:17:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2013.04.01 04:16:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2013.04.01 04:16:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2013.04.01 04:16:34 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2013.04.01 04:16:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition [2013.04.01 04:14:53 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2013.04.01 04:14:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2013.04.01 04:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft Help [2013.04.01 04:13:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help [2013.04.01 01:37:49 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2013.04.01 01:37:17 | 000,000,000 | ---D | C] -- C:\ProgramData\AMD [2013.04.01 01:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies [2013.04.01 01:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies [2013.04.01 01:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center [2013.04.01 01:36:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2013.04.01 01:29:11 | 000,000,000 | ---D | C] -- C:\Program Files\ATI [2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Apple Computer [2013.04.01 01:10:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple Computer [2013.04.01 01:10:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:10:20 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:10:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:09:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Apple [2013.04.01 01:09:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:09:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:09:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:09:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.04.01 00:31:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.04.01 00:30:59 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.01 00:30:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite [2013.04.01 00:30:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.04.01 00:29:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited [2013.04.01 00:13:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ [2013.04.01 00:13:39 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQM [2013.04.01 00:13:25 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile [2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.04.01 00:12:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++ [2013.04.01 00:12:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Notepad++ [2013.03.31 21:32:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\LolClient [2013.03.31 20:00:42 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop\Games [2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\PMB Files [2013.03.31 17:44:47 | 000,000,000 | ---D | C] -- C:\ProgramData\PMB Files [2013.03.31 17:44:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pando Networks [2013.03.31 16:49:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.03.31 16:49:34 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software [2013.03.31 16:48:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VIA [2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Program Files\VIA [2013.03.31 16:48:42 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SRSLabs [2013.03.31 16:48:37 | 009,208,088 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioVIA64.dll [2013.03.31 16:48:37 | 000,908,056 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPOShell64.dll [2013.03.31 16:48:37 | 000,394,104 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\MaxxAudioAPO30.dll [2013.03.31 16:48:37 | 000,086,016 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQPropPageExt.dll [2013.03.31 16:48:36 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64H.dll [2013.03.31 16:48:36 | 002,099,480 | ---- | C] (Waves Audio Ltd.) -- C:\Windows\SysNative\WavesGUILib64.dll [2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64H.dll [2013.03.31 16:48:36 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EED64A.dll [2013.03.31 16:48:36 | 000,248,952 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\Dts2APO.dll [2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64H.dll [2013.03.31 16:48:36 | 000,137,056 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEL64A.dll [2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64H.dll [2013.03.31 16:48:36 | 000,120,160 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEA64A.dll [2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64H.dll [2013.03.31 16:48:36 | 000,075,104 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEG64A.dll [2013.03.31 16:48:36 | 000,070,776 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\VtSrdAPO.dll [2013.03.31 16:48:36 | 000,055,416 | ---- | C] (TODO: <Company name>) -- C:\Windows\SysNative\PropPageExt.dll [2013.03.31 16:47:03 | 000,000,000 | ---D | C] -- C:\Program Files\Realtek [2013.03.31 16:46:54 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEP64H.dll [2013.03.31 16:46:54 | 000,433,504 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EED64H.dll [2013.03.31 16:46:54 | 000,372,056 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64H.dll [2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DHT64.dll [2013.03.31 16:46:54 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RH3DAA64.dll [2013.03.31 16:46:54 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64H.dll [2013.03.31 16:46:54 | 000,141,152 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEL64H.dll [2013.03.31 16:46:54 | 000,123,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEA64H.dll [2013.03.31 16:46:54 | 000,097,624 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64H.dll [2013.03.31 16:46:54 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64H.dll [2013.03.31 16:46:54 | 000,074,592 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\R4EEG64H.dll [2013.03.31 16:11:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek [2013.03.31 16:11:13 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp [2013.03.31 14:30:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.31 14:29:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2013.03.31 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\WindowsUpdate [2013.03.31 14:08:13 | 000,000,000 | R--D | C] -- C:\Users\Manu\Dropbox [2013.03.31 14:05:43 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox [2013.03.31 14:05:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Dropbox [2013.03.31 13:54:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities [2013.03.31 13:54:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Canon [2013.03.31 04:14:27 | 000,000,000 | ---D | C] -- C:\Windows\pss [2013.03.31 04:09:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\vlc [2013.03.31 04:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.03.31 04:03:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\WinRAR [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.31 04:02:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2013.03.31 03:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3Filter [2013.03.31 03:37:01 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\appmgmt [2013.03.31 03:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\LG Electronics [2013.03.31 03:24:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Logitech [2013.03.31 02:38:46 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd [2013.03.31 02:38:44 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Leadertech [2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logitech [2013.03.31 02:37:57 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Logishrd [2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun [2013.03.31 02:21:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.03.31 01:58:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe AIR [2013.03.31 01:57:52 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Adobe [2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe [2013.03.31 01:55:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.03.31 01:52:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Adobe [2013.03.31 01:52:15 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Adobe [2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Thunderbird [2013.03.31 01:24:09 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Thunderbird [2013.03.31 00:30:42 | 000,000,000 | -H-D | C] -- C:\Windows\SysNative\CanonIJ Uninstaller Information [2013.03.31 00:30:40 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonBJ [2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Macromedia [2013.03.31 00:28:46 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Macromedia [2013.03.31 00:26:18 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Macromed [2013.03.31 00:26:17 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\Macromed [2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Mozilla [2013.03.31 00:17:33 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Mozilla [2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.03.31 00:17:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2013.03.31 00:07:13 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VS Revo Group [2013.03.30 22:45:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 9.2.1 Home Edition [2013.03.30 22:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EaseUS Partition Master 9.2.1 Home Edition [2013.03.30 22:24:17 | 000,000,000 | ---D | C] -- C:\Users\Manu\Documents\temp [2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\ATI [2013.03.30 22:19:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\ATI [2013.03.30 21:52:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.03.30 21:51:19 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.03.30 21:28:58 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Adobe [2013.03.30 20:00:49 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Avira [2013.03.30 19:57:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.30 19:57:56 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.30 19:57:56 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.30 19:57:56 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.30 19:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.03.30 19:41:37 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Diagnostics [2013.03.30 19:29:35 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Programs [2013.03.30 19:26:21 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Google [2013.03.30 18:16:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Intel Corporation [2013.03.30 18:16:05 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Intel Corporation [2013.03.30 18:11:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIGABYTE [2013.03.30 18:02:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GIGABYTE [2013.03.30 18:02:06 | 000,084,736 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronXHCI.sys [2013.03.30 18:02:06 | 000,059,520 | ---- | C] (Etron Technology Inc) -- C:\Windows\SysNative\drivers\EtronHub3.sys [2013.03.30 18:02:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Etron Technology [2013.03.30 18:00:25 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel [2013.03.30 18:00:14 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Atheros_L1e [2013.03.30 17:59:34 | 000,083,968 | ---- | C] (QSound Labs, Inc.) -- C:\Windows\SysNative\nQAPO.dll [2013.03.30 17:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VIA [2013.03.30 17:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.03.30 17:59:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.03.30 17:59:02 | 000,000,000 | ---D | C] -- C:\Program Files\Intel [2013.03.30 17:58:44 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll [2013.03.30 17:58:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\postureAgent [2013.03.30 17:58:22 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel [2013.03.30 17:58:22 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\InstallShield [2013.03.30 17:57:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller [2013.03.30 17:56:14 | 000,000,000 | -HSD | C] -- C:\Windows\Installer [2013.03.30 17:56:06 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Google [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\Searches [2013.03.30 17:48:33 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2013.03.30 17:48:26 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Identities [2013.03.30 17:48:24 | 000,000,000 | R--D | C] -- C:\Users\Manu\Contacts [2013.03.30 17:48:23 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\VirtualStore [2013.03.30 17:48:18 | 000,000,000 | --SD | C] -- C:\Users\Manu\AppData\Roaming\Microsoft [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Videos [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Saved Games [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Pictures [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Music [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Links [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Favorites [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Downloads [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Documents [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\Desktop [2013.03.30 17:48:18 | 000,000,000 | R--D | C] -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Vorlagen [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Verlauf [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Temporary Internet Files [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Startmenü [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\SendTo [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Recent [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Netzwerkumgebung [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Lokale Einstellungen [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Videos [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Musik [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Eigene Dateien [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Documents\Eigene Bilder [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Druckumgebung [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Cookies [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\AppData\Local\Anwendungsdaten [2013.03.30 17:48:18 | 000,000,000 | -HSD | C] -- C:\Users\Manu\Anwendungsdaten [2013.03.30 17:48:18 | 000,000,000 | -H-D | C] -- C:\Users\Manu\AppData [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Temp [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Local\Microsoft [2013.03.30 17:48:18 | 000,000,000 | ---D | C] -- C:\Users\Manu\AppData\Roaming\Media Center Programs [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Recovery [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Programme [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente [2013.03.30 17:48:15 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten [2013.03.30 17:48:14 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution [2013.03.30 17:40:13 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch [2013.03.30 17:39:43 | 000,000,000 | -HSD | C] -- C:\System Volume Information [2013.03.30 17:39:21 | 000,000,000 | ---D | C] -- C:\Windows\Panther [2013.03.27 17:38:06 | 007,163,744 | ---- | C] (Dolby Laboratories) -- C:\Windows\SysNative\EEP64A.dll [2013.03.13 05:35:44 | 000,127,568 | ---- | C] (Qualcomm Atheros Co., Ltd.) -- C:\Windows\SysNative\drivers\L1C62x64.sys [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.08 20:51:09 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Manu\Desktop\OTL.exe [2013.04.08 20:50:32 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.08 20:18:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.08 20:13:07 | 000,000,000 | ---- | M] () -- C:\Users\Manu\defogger_reenable [2013.04.08 20:12:15 | 000,050,477 | ---- | M] () -- C:\Users\Manu\Desktop\Defogger.exe [2013.04.08 19:13:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 19:13:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.08 19:10:22 | 001,618,552 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.08 19:10:22 | 000,698,912 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.08 19:10:22 | 000,653,750 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.08 19:10:22 | 000,149,052 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.08 19:10:22 | 000,121,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.08 19:06:01 | 000,341,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 19:05:50 | 2114,703,359 | -HS- | M] () -- C:\hiberfil.sys [2013.04.08 01:31:05 | 000,000,614 | ---- | M] () -- C:\Users\Manu\Desktop\VLC media player.lnk [2013.04.07 23:49:21 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.07 22:28:51 | 000,000,606 | ---- | M] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk [2013.04.07 20:52:46 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys [2013.04.07 20:52:28 | 000,002,725 | ---- | M] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk [2013.04.07 20:29:53 | 000,001,055 | ---- | M] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.04.05 18:49:37 | 000,000,685 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.04.01 01:37:44 | 000,002,128 | ---- | M] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk [2013.04.01 01:10:21 | 000,001,449 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 00:32:56 | 000,000,355 | ---- | M] () -- C:\Users\Manu\Desktop\Computer.lnk [2013.04.01 00:31:28 | 000,000,654 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.01 00:30:59 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.04.01 00:29:02 | 000,000,667 | ---- | M] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.04.01 00:13:48 | 000,001,806 | ---- | M] () -- C:\Users\Manu\Desktop\ICQ.lnk [2013.03.31 14:04:44 | 001,591,896 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.31 13:54:20 | 000,002,130 | ---- | M] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk [2013.03.31 05:04:40 | 000,001,133 | -H-- | M] () -- C:\Windows\EPMBatch.ept [2013.03.31 04:48:52 | 000,000,675 | ---- | M] () -- C:\Users\Manu\Desktop\eclipse.lnk [2013.03.31 04:04:39 | 000,000,882 | ---- | M] () -- C:\Users\Manu\Desktop\CCleaner.lnk [2013.03.31 02:54:36 | 000,002,411 | ---- | M] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.03.31 01:15:21 | 000,005,766 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.03.30 22:18:59 | 000,000,000 | ---- | M] () -- C:\Windows\ativpsrm.bin [2013.03.30 21:21:29 | 000,001,290 | ---- | M] () -- C:\Users\Manu\Desktop\dfrgui.lnk [2013.03.30 21:20:02 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.30 21:07:19 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.30 19:57:58 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.30 19:55:57 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.03.30 19:55:57 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.03.30 19:55:57 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.03.30 18:00:48 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.30 17:58:09 | 000,000,010 | ---- | M] () -- C:\Windows\GSetup.ini [2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2013.03.30 17:42:18 | 000,177,271 | ---- | M] () -- C:\Windows\SysNative\license.rtf [7 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.08 20:13:07 | 000,000,000 | ---- | C] () -- C:\Users\Manu\defogger_reenable [2013.04.08 20:12:13 | 000,050,477 | ---- | C] () -- C:\Users\Manu\Desktop\Defogger.exe [2013.04.08 19:05:52 | 000,341,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.08 14:45:30 | 000,002,557 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SyncToy 2.1(x64).lnk [2013.04.08 01:31:05 | 000,000,614 | ---- | C] () -- C:\Users\Manu\Desktop\VLC media player.lnk [2013.04.07 23:49:21 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\TeamSpeak 3 Client.lnk [2013.04.07 22:28:51 | 000,000,606 | ---- | C] () -- C:\Users\Manu\Desktop\MSI Afterburner.lnk [2013.04.07 20:52:28 | 000,002,725 | ---- | C] () -- C:\Users\Manu\Desktop\EasyTune 6.lnk [2013.04.05 18:49:37 | 000,000,685 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\LOLRecorder.lnk [2013.04.01 01:37:44 | 000,002,128 | ---- | C] () -- C:\Users\Manu\Desktop\Catalyst Control Center.lnk [2013.04.01 01:10:21 | 000,001,449 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:09:48 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.04.01 00:32:56 | 000,000,355 | ---- | C] () -- C:\Users\Manu\Desktop\Computer.lnk [2013.04.01 00:31:28 | 000,000,654 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.04.01 00:29:02 | 000,000,667 | ---- | C] () -- C:\Users\Public\Desktop\CDBurnerXP.lnk [2013.04.01 00:29:02 | 000,000,605 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk [2013.04.01 00:13:48 | 000,001,806 | ---- | C] () -- C:\Users\Manu\Desktop\ICQ.lnk [2013.03.31 14:05:50 | 000,001,055 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013.03.31 13:54:20 | 000,002,130 | ---- | C] () -- C:\Users\Manu\Desktop\MP Navigator EX 4.0.lnk [2013.03.31 04:48:52 | 000,000,675 | ---- | C] () -- C:\Users\Manu\Desktop\eclipse.lnk [2013.03.31 04:04:39 | 000,000,882 | ---- | C] () -- C:\Users\Manu\Desktop\CCleaner.lnk [2013.03.31 03:38:37 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.31 03:19:55 | 000,000,988 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.31 02:54:22 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll [2013.03.31 02:54:22 | 000,002,411 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini [2013.03.31 02:13:42 | 001,591,896 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.03.31 01:55:11 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.03.31 01:48:42 | 001,202,688 | ---- | C] () -- C:\Windows\SysNative\ac3filter64.acm [2013.03.31 01:48:42 | 000,965,120 | ---- | C] () -- C:\Windows\SysWow64\ac3filter.acm [2013.03.31 01:24:03 | 000,000,776 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk [2013.03.31 01:12:27 | 000,005,766 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysWow64\CNC1748D.TBL [2013.03.31 00:30:25 | 000,012,800 | ---- | C] () -- C:\Windows\SysNative\CNC1748D.TBL [2013.03.31 00:17:16 | 000,000,681 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.03.30 22:56:21 | 000,001,133 | -H-- | C] () -- C:\Windows\EPMBatch.ept [2013.03.30 22:45:52 | 003,376,640 | ---- | C] () -- C:\Windows\SysNative\BootMan.exe [2013.03.30 22:45:52 | 003,316,736 | ---- | C] () -- C:\Windows\SysNative\¸´¼þ BootMan.exe [2013.03.30 22:45:52 | 002,468,520 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2013.03.30 22:45:52 | 000,100,936 | ---- | C] () -- C:\Windows\SysNative\setupempdrvx64.exe [2013.03.30 22:45:52 | 000,087,112 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2013.03.30 22:45:52 | 000,019,840 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2013.03.30 22:45:52 | 000,017,480 | ---- | C] () -- C:\Windows\SysNative\epmntdrv.sys [2013.03.30 22:45:52 | 000,016,256 | ---- | C] () -- C:\Windows\SysNative\EuEpmGdi.dll [2013.03.30 22:45:52 | 000,014,920 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2013.03.30 22:45:52 | 000,009,800 | ---- | C] () -- C:\Windows\SysNative\EuGdiDrv.sys [2013.03.30 22:45:52 | 000,009,160 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2013.03.30 22:18:59 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2013.03.30 21:43:54 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2013.03.30 21:43:08 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2013.03.30 21:21:29 | 000,001,290 | ---- | C] () -- C:\Users\Manu\Desktop\dfrgui.lnk [2013.03.30 21:20:02 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf [2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf [2013.03.30 21:07:19 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf [2013.03.30 19:57:58 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.30 18:14:02 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2013.03.30 18:02:20 | 000,031,272 | ---- | C] () -- C:\Windows\SysNative\AppleChargerSrv.exe [2013.03.30 18:02:20 | 000,021,616 | ---- | C] () -- C:\Windows\SysNative\drivers\AppleCharger.sys [2013.03.30 18:00:48 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf [2013.03.30 17:59:11 | 000,015,128 | ---- | C] () -- C:\Windows\SysNative\drivers\IntelMEFWVer.dll [2013.03.30 17:54:46 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2013.03.30 17:49:08 | 000,001,413 | ---- | C] () -- C:\Users\Manu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2013.03.30 17:42:10 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.03.30 17:41:59 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.03.30 17:39:43 | 2114,703,359 | -HS- | C] () -- C:\hiberfil.sys [2012.09.28 21:45:06 | 000,247,296 | ---- | C] () -- C:\Windows\SysWow64\rtvcvfw32.dll [2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.04.20 14:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.01 00:29:05 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Canneverbe Limited [2013.04.01 17:02:52 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\DAEMON Tools Lite [2013.04.08 19:07:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Dropbox [2013.04.01 16:13:19 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQ-Profile [2013.04.01 00:15:00 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\ICQM [2013.03.31 02:38:44 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Leadertech [2013.03.31 21:32:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\LolClient [2013.04.01 00:13:08 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Notepad++ [2013.04.07 23:48:26 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\TeamViewer [2013.03.31 01:24:09 | 000,000,000 | ---D | M] -- C:\Users\Manu\AppData\Roaming\Thunderbird ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 08.04.2013 20:53:31 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Manu\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,96 Gb Total Physical Memory | 6,21 Gb Available Physical Memory | 78,04% Memory free
15,92 Gb Paging File | 12,94 Gb Available in Paging File | 81,30% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 58,58 Gb Total Space | 23,90 Gb Free Space | 40,80% Space Free | Partition Type: NTFS
Drive D: | 200,01 Gb Total Space | 175,04 Gb Free Space | 87,52% Space Free | Partition Type: NTFS
Drive E: | 672,83 Gb Total Space | 386,67 Gb Free Space | 57,47% Space Free | Partition Type: NTFS
Computer Name: MANU-PC | User Name: Manu | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- D:\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "D:\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{031F1983-C75E-4569-A535-840F0351AC1F}" = lport=56225 | protocol=6 | dir=in | name=pando media booster |
"{0341519C-068A-4FB8-83EE-FDF5773B840E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{14179E81-E3AD-4BA7-91E7-186B78011952}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{18D2567E-258F-4892-AA97-CC97AB27C5F8}" = lport=56225 | protocol=6 | dir=in | name=pando media booster |
"{1CF4F6A6-2F63-421F-93DD-590330F7D754}" = rport=445 | protocol=6 | dir=out | app=system |
"{1DB22F07-EC34-4D55-95D5-B90C0C8EF894}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{23D60832-4260-47BE-94B6-83513048D8E2}" = lport=138 | protocol=17 | dir=in | app=system |
"{35A06E48-BD5F-4759-8D15-544D0EFD400E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{3A1050B1-1E4A-4E52-A568-A06469876BB8}" = lport=137 | protocol=17 | dir=in | app=system |
"{44F048B9-F3AF-4D7C-B72A-10CC8E92FAEF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4C1A1B06-973D-4080-80B0-6ACC1229C836}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4F275EFE-156F-4F5D-BC70-8BC93D265CE3}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D793D1C-0CBD-4681-8A9C-F048421F4C0F}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7F2C8771-26B7-4A63-874C-938CF85304CC}" = lport=139 | protocol=6 | dir=in | app=system |
"{9073E733-204D-4188-8E32-7B1120B04790}" = lport=56225 | protocol=17 | dir=in | name=pando media booster |
"{999582A1-66C0-42E4-B85A-7A56CC4C9795}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{A320B3FA-D083-4179-B54A-03906C39092B}" = rport=138 | protocol=17 | dir=out | app=system |
"{A73F3FFC-034E-4897-A50B-57102C398418}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B479781A-403D-4234-8AA4-7CE3B59C0717}" = rport=137 | protocol=17 | dir=out | app=system |
"{BC6619D7-975C-4E3D-BF95-748D38443B6B}" = lport=56225 | protocol=17 | dir=in | name=pando media booster |
"{C6833C73-F311-453B-8817-604D02F0FB71}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{D4958789-9510-4DB3-8AEF-F814E3794866}" = rport=139 | protocol=6 | dir=out | app=system |
"{D9A8EFDD-F31B-41AB-A9F6-68934CB51934}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F96377A7-DDEB-4B0E-881F-B77432C64415}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FE1552AE-6AAE-4047-962B-853E2BE1EBF3}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A8AC594-1273-4289-9855-47BEF9A326D7}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe |
"{10308AF5-2D14-454E-ABF4-AE2DD84BD517}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{1E6F47F8-23C8-4F9E-80B9-4DDE79473E7D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EE68ED4-8812-4848-B956-A85818A0D49B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1F987AAC-AA6B-45F3-865B-FE4D594C393C}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{22BFBAB9-36E4-4EE2-846A-D796DFAA3E61}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{311FD73B-DFA0-4A15-A598-4E7A3B400CC3}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3266EE77-60A1-48D5-B2B8-BC2D4EC018F0}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\icqm\icq.exe |
"{372F294B-5536-4544-A879-661581BEC0B9}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{3A17983A-B0A2-47F8-B67E-731CA9A25211}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3B83DC43-D6B3-4A4B-926A-AFAB02A634A9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{457B8609-2F05-46D1-A979-4630E9C6C537}" = protocol=17 | dir=in | app=d:\fear\fear.exe |
"{4A897B08-3EE8-4BEF-B4D0-2B64197041A0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4AFAD137-95A4-4EA5-B1EB-108CF670D808}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{54719C49-B718-406A-A928-3B462830EF09}" = protocol=17 | dir=in | app=d:\steam\steamapps\nighty3991\counter-strike source\hl2.exe |
"{5686905E-6543-40DB-862E-627800D86507}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{58687D5D-70F2-49C4-B5D5-C9C5B7525B9E}" = dir=in | app=d:\itunes\itunes.exe |
"{6A127504-B811-4AC9-9AF9-859EDD0CAD40}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{6E37BF52-1A16-4794-A131-6466771E15F9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{7B533DD0-0EA0-4F7D-A14B-2EFBD452F2FB}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{7EC24F1B-3028-4DC3-BD2F-B3B12A0B7D75}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{825EC11F-8B2C-4452-B637-D07D9E20AB9B}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{83BB6836-2AC7-4E81-926E-B6932377B6E7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{85554CB0-7100-43F9-900F-B7A490451B02}" = protocol=6 | dir=in | app=d:\fear\fear.exe |
"{8654B13D-47CA-4E74-BE11-C59D0F051B28}" = protocol=17 | dir=in | app=d:\microsoft office\office14\groove.exe |
"{8773C718-E881-4829-89B5-5338AC43871D}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{8CED9914-3EED-47D3-AFDD-28C128E9E90C}" = protocol=6 | dir=in | app=d:\microsoft office\office14\groove.exe |
"{9A0D55D3-4A94-4DFA-BCA2-5ED3482A47D7}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9FEC1BDB-01F2-4F5E-8BE2-614230BC100B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{AB98FC86-2AC9-411F-80E7-172D45B0381D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AE7B9EC9-BAA9-498F-8863-D701400CC1D3}" = protocol=17 | dir=in | app=c:\users\manu\appdata\roaming\icqm\icq.exe |
"{B1885A38-78A9-4EA7-919B-955F4899E852}" = protocol=6 | dir=in | app=d:\steam\steamapps\nighty3991\counter-strike source\hl2.exe |
"{B60EDBA3-DAF2-4A3F-9D6A-C0584D2BB681}" = protocol=17 | dir=in | app=d:\fear\fearmp.exe |
"{B80F148A-9091-444A-9B44-5A151E62556E}" = protocol=6 | dir=in | app=c:\users\manu\appdata\roaming\dropbox\bin\dropbox.exe |
"{BE975D38-61F2-4BEF-BC79-95325B0013FE}" = protocol=6 | dir=in | app=d:\fear\fearmp.exe |
"{C5BBA117-4CC2-445A-B440-6FE68E0B1581}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C6670353-8479-471E-BECE-18B440CED54B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{CD009C05-744E-48FF-A094-FCC402EC76F0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D073E1BA-A6B5-40CE-B668-DE0A4CD0F7B9}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D3768177-3557-410B-921F-655E76B11B4D}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{D6871115-5D8E-4992-9FA9-DEFBDE30E941}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E754E7AC-9B60-4047-9ACF-28FD00B7921E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E86DCA81-61C8-4E94-B3C9-20F1361F35E4}" = protocol=6 | dir=out | app=system |
"{FA321214-3BCF-4B64-8867-CED9C4452D22}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{4A549C80-9E6C-435B-AB67-2ECD98A43989}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe |
"TCP Query User{A500811B-8289-4148-BF87-2FD08977160D}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{1EA2B7A5-47CD-4B25-9FA0-1D3C2070692F}C:\program files (x86)\gigabyte\@bios\gwflash.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\@bios\gwflash.exe |
"UDP Query User{57A77C1A-1D12-485E-B711-A1D756D9FC4F}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{03AC245F-4C64-425C-89CF-7783C1D3AB2C}" = Microsoft Sync Framework 2.0 Provider Services (x64) ENU
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{14297226-E0A0-3781-8911-E9D529552663}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729
"{1701BD02-09B9-B25B-8290-C7D6A33C5A75}" = AMD Catalyst Install Manager
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2394E621-62FE-72DF-057F-F51EB4BD2077}" = AMD Accelerated Video Transcoding
"{26A24AE4-039D-4CA4-87B4-2F86417017FF}" = Java 7 Update 17 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5B97A291-F6D0-C734-922E-765BF8AF3106}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{64A3A4F4-B792-11D6-A78A-00B0D0170170}" = Java SE Development Kit 7 Update 17 (64-bit)
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7C8B4C37-0C40-2BEA-C6F3-56EAD395BC56}" = ccc-utility64
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{88DAAF05-5A72-46D2-A7C5-C3759697E943}" = SyncToy 2.1 (x64)
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}" = Microsoft Sync Framework 2.0 Core Components (x64) ENU
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{A2585A63-ADD2-3F54-9819-125E680CC7E1}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{A44E3BC0-77C3-3F36-2034-4F8F578B7D1B}" = AMD Media Foundation Decoders
"{F4404AFD-2EF3-40C1-8C09-29E5F3B6972B}" = Intel® Trusted Connect Service Client
"CCleaner" = CCleaner
"Logitech Gaming Software" = Logitech Gaming Software 8.45
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{10621ADB-04B8-94B5-0520-E799FBCFE366}" = CCC Help German
"{15E63A3E-5FEC-FC64-C09D-757F2753DA10}" = CCC Help Italian
"{16F3A269-C49C-3EA8-76B6-3006007CE201}" = CCC Help Portuguese
"{1A44135B-3127-9AEE-5686-F64DA4F262CA}" = Catalyst Control Center Graphics Previews Common
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{29EF24BB-EF96-0D83-4142-2488827609B1}" = CCC Help Dutch
"{2B653229-9854-4989-B780-D978F5F13EAB}" = FEAR
"{2F2AE1BD-90B2-F4C0-3D32-4653B5B65AB1}" = Catalyst Control Center InstallProxy
"{2F56F921-7281-17D7-C628-EDC320DB1AF3}" = CCC Help French
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{33126DA3-B1C3-A57F-B8DD-8D10B00698DC}" = Catalyst Control Center
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5070FEB6-D861-648C-95EA-D08B15139677}" = CCC Help Turkish
"{507A4C55-8DAF-1607-0B3B-36F975039B2D}" = CCC Help Korean
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{56BB049F-DAD3-4D9E-BC83-E4D778EAE0BD}" = CCC Help Norwegian
"{5AF4B3C4-C393-48D7-AC7E-8E7615579548}" = Adobe AIR
"{5DE28421-7661-5A77-F667-5FDC46170AD8}" = CCC Help Swedish
"{5EA47F98-C7D2-2C53-0316-CF59E197116D}" = CCC Help Finnish
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6A7DF5D8-2DDA-56C0-CC4A-667EC297787D}" = CCC Help Thai
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A8A86CF-71B4-4517-919F-43E493547346}" = CCC Help Danish
"{7D5BFB15-8BC7-2170-144F-7F585FE9FDF1}" = CCC Help Japanese
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E77E37C-1806-ADFD-C98B-5F1465781D8F}" = CCC Help Chinese Traditional
"{8A0B485A-639F-751F-7CA9-744F15BC54F8}" = CCC Help Czech
"{8BFFC140-7C6F-CCB0-B85B-2AE63922C919}" = CCC Help Hungarian
"{8E4F1F84-B054-5875-ABF4-1246B3CFD48E}" = CCC Help Russian
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93DE6349-A17B-8CA8-181F-6DB7A2E1F1C7}" = Catalyst Control Center Localization All
"{9580813D-94B1-4C28-9426-A441E2BB29A5}" = Counter-Strike: Source
"{97E21DF5-574A-67C2-6ECC-0AC11F0ABF3C}" = CCC Help Polish
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA12545D-5EB8-4078-AFD9-8E8DC0AE3A76}" = GIGABYTE VGA @BIOS
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B051D1F8-8A3D-096B-1BC5-15F111F4EE2D}" = CCC Help Greek
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{B56BA529-977E-4276-0325-A94BF57E1B65}" = CCC Help Spanish
"{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"{DFAE9340-E8BB-4433-9A08-C8334DAFE1B9}" = Star Wars Republic Commando
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E04810F9-4BAC-C803-82F1-241041A44897}" = CCC Help English
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{ED2A4AA9-11F8-8338-0B18-CD9C543E876E}" = CCC Help Chinese Standard
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"AC3Filter_is1" = AC3Filter 2.5b
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"Afterburner" = MSI Afterburner 2.3.1
"Avira AntiVir Desktop" = Avira Free Antivirus
"DAEMON Tools Lite" = DAEMON Tools Lite
"EaseUS Partition Master Home Edition_is1" = EaseUS Partition Master 9.2.1 Home Edition
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0626.1
"InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1
"InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"LOLReplay" = LOLReplay
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"Notepad++" = Notepad++
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"ICQ" = ICQ 8.0 (build 6008, für aktuellen Benutzer)
"Mozilla Firefox 20.0 (x86 de)" = Mozilla Firefox 20.0 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 08.04.2013 14:46:46 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 5008
Error - 08.04.2013 14:46:46 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 5008
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 6006
Error - 08.04.2013 14:46:47 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6006
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7005
Error - 08.04.2013 14:46:48 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7005
Error - 08.04.2013 14:46:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
Error - 08.04.2013 14:46:49 | Computer Name = Manu-PC | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8003
[ System Events ]
Error - 08.04.2013 11:25:39 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 11:26:11 | Computer Name = Manu-PC | Source = WMPNetworkSvc | ID = 866300
Description =
Error - 08.04.2013 11:31:46 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 08.04.2013 11:31:46 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 11:36:18 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 08.04.2013 11:36:18 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 13:06:07 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Intel(R) Management and Security Application Local Management Service erreicht.
Error - 08.04.2013 13:06:07 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Management and Security Application Local Management
Service" wurde aufgrund folgenden Fehlers nicht gestartet: %%1053
Error - 08.04.2013 13:06:28 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473536.
Error - 08.04.2013 13:06:28 | Computer Name = Manu-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
< End of report >
Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-08 21:11:01
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD10 rev.01.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Manu\AppData\Local\Temp\kwtdypog.sys
---- Threads - GMER 2.1 ----
Thread C:\Windows\System32\spoolsv.exe [1340:2312] 000007fef9f910c8
Thread C:\Windows\System32\spoolsv.exe [1340:2320] 000007fef72a6144
Thread C:\Windows\System32\spoolsv.exe [1340:2324] 000007fef6de5fd0
Thread C:\Windows\System32\spoolsv.exe [1340:2328] 000007fef9e93438
Thread C:\Windows\System32\spoolsv.exe [1340:2332] 000007fef6de63ec
Thread C:\Windows\System32\spoolsv.exe [1340:2340] 000007fef8f35e5c
Thread C:\Windows\system32\taskhost.exe [1892:1192] 000007fef9e61f38
Thread C:\Windows\system32\taskhost.exe [1892:1248] 000007fef9e02740
Thread C:\Windows\system32\taskhost.exe [1892:2136] 000007fef8ef1010
Thread C:\Windows\system32\taskhost.exe [1892:1316] 000007fef9b95170
Thread C:\Windows\System32\svchost.exe [2432:4232] 000007fef5df9688
Thread C:\Windows\system32\svchost.exe [3616:3652] 000007fef2378470
Thread C:\Windows\system32\svchost.exe [3616:3656] 000007fef2382418
Thread C:\Windows\system32\svchost.exe [3616:2616] 000007fef0f6f130
Thread C:\Windows\system32\svchost.exe [3616:3096] 000007fef0f64734
Thread C:\Windows\system32\svchost.exe [3616:3124] 000007fef6de5fd0
Thread C:\Windows\system32\svchost.exe [3616:3364] 000007fef6de63ec
Thread C:\Windows\system32\svchost.exe [3616:4596] 000007fef0f64734
Thread C:\Windows\system32\svchost.exe [3616:1576] 000007fef9975124
---- EOF - GMER 2.1 ----
 Ok kleine Ergänzung: Der Bootvirus ist wohl noch auf der externen Festplatte, obwohl ich diese per Windows-Schnellformatierung formatiert habe und sie theoretisch leer ist. Ist die Externe angeschlossen, erhalte ich beim Scan Virenwarnungen in beiden Verzeichnissen, wenn ich einen Virenscan ohne die Externe starte ist alles clean! Geändert von Manu39 (08.04.2013 um 20:44 Uhr) |
| Themen zu BOO/Whistler.DB in 'Masterbootsektor HD1' und 'Bootsektor 'I:\'' |
| antivir, autorun, avira, bho, bonjour, canon, error, firefox, flash player, helper, iexplore.exe, install.exe, installation, launch, logfile, manuel, mozilla, pando media booster, plug-in, realtek, registry, rundll, schädling, security, super, svchost.exe, taskhost.exe, teamspeak, trojaner-board, usb, virus, windows, windows xp |
Baum-Darstellung