Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC verweigert Windows-Update

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 25.04.2013, 18:32   #1
Baldoius
 

PC verweigert Windows-Update - Standard

PC verweigert Windows-Update



Hallihallo!

Nach dem mir die Gratislizenz von AviraInternetSecurity 2012 ausgelaufen ist, habe ich es deinstalliert - soweit so gut. Auch eine Installation von Avira Free hat nicht geschadet.
Jetzt hab ich aber zwei Probleme
  • Windows verweigert Windows-Update
  • Avira Desktop lässt sich nicht "aktivieren"
Ich bin total am Ende meiner Weisheit.
Ich hab schon Fix-It von Microsoft versucht - nix.
Da Avira im Moment nicht funktioniert hab ich mal das Microsoft Essentials
eingeschaltet.....

Hoffe dass ihr mir helfen könnt.....



Der Spass geht weiter....siehe anhang....
Angehängte Grafiken
Dateityp: png Unbenannt.png (6,3 KB, 197x aufgerufen)

Alt 26.04.2013, 06:45   #2
Psychotic
/// Malwareteam
 
PC verweigert Windows-Update - Standard

PC verweigert Windows-Update



Um eine genauere Analyse zu ermöglichen, befolge bitte diesen Link:

An alle Hilfesuchenden! Was muss ich vor Eröffnung eines Themas beachten?

Hinweis: Poste die erstellten Logfiles hier in deinem Thema - erstelle kein neues!

Falls bereits installierte Antivirensoftware Funde gemeldet hat: Füge unbedingt die entsprechenden Logdateien bei!


Wichtig:Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).
__________________

__________________

Alt 26.04.2013, 16:34   #3
Baldoius
 

PC verweigert Windows-Update - Standard

PC verweigert Windows-Update



Hallo

Ich bestätige die Regeln des Trojanerboards!
dass ihr mir helfen wollt!

Witzigerweise funktioniert Windows Update wieder (vorhin hat er nämlich gemeckert, dass Updates da seien), aber Avira kann ich immer noch nicht updaten.....

Hier mal die Logs:

Otl.txt

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 26.04.2013 16:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 64,30% Memory free
11,83 Gb Paging File | 9,07 Gb Available in Paging File | 76,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 145,65 Gb Free Space | 61,08% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 330,38 Gb Free Space | 99,30% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-X73S | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.26 16:29:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2013.04.04 14:50:32 | 000,532,040 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2013.03.19 08:12:28 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.05 21:41:44 | 000,418,024 | ---- | M] (BillP Studios) -- C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2010.10.06 06:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 06:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.08.17 23:55:42 | 005,732,992 | -H-- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.10 03:46:38 | 000,600,868 | ---- | M] () -- C:\Program Files (x86)\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2009.10.07 22:28:20 | 000,200,704 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\gpgate.dll
MOD - [2009.10.07 22:24:06 | 001,339,392 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\fcnv.dll
MOD - [2009.10.07 22:22:12 | 006,803,456 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\fpdf.dll
MOD - [2009.10.07 22:22:04 | 001,183,744 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\FCRTL.dll
MOD - [2009.10.07 22:18:56 | 000,020,992 | ---- | M] () -- C:\Program Files (x86)\ImageConverter Plus\MemHandler.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | -H-- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.09.12 21:21:48 | 000,022,072 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV:64bit: - [2012.07.11 20:54:58 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe -- (LBTServ)
SRV:64bit: - [2010.11.30 22:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.30 00:00:56 | 000,149,504 | -H-- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2010.10.26 23:24:36 | 000,403,536 | -H-- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Program Files\Logitech\SolarApp\L4301_Solar.exe -- (L4301_Solar)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV:64bit: - [2009.07.14 03:39:47 | 000,010,240 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\TCPSVCS.EXE -- (simptcp)
SRV - [2013.04.25 17:53:28 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.13 18:25:17 | 000,115,608 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.04.04 14:50:32 | 000,701,512 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2013.04.04 14:50:32 | 000,418,376 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2013.02.25 15:47:33 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.02.25 15:47:19 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.26 16:09:22 | 001,225,312 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2012.11.26 16:09:20 | 000,659,040 | ---- | M] (Secunia) [Disabled | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2012.08.18 12:38:26 | 000,022,016 | ---- | M] (Apache Software Foundation) [Disabled | Stopped] -- C:\xampp\apache\bin\httpd.exe -- (Apache2.4)
SRV - [2012.07.20 20:08:04 | 008,186,368 | ---- | M] () [Disabled | Stopped] -- C:\xampp\mysql\bin\mysqld.exe -- (mysql)
SRV - [2012.05.11 09:24:22 | 000,632,320 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- c:\xampp\FileZillaFTP\FileZillaServer.exe -- (FileZilla Server)
SRV - [2012.03.19 23:44:20 | 000,276,248 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010.10.06 06:04:12 | 002,655,768 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 06:04:08 | 000,325,656 | -H-- | M] (Intel Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.06.07 08:39:36 | 005,395,968 | ---- | M] (hMailServer) [Disabled | Stopped] -- C:\Program Files (x86)\hMailServer\Bin\hMailServer.exe -- (hMailServer)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 19:39:38 | 000,096,896 | -H-- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.11.24 10:55:54 | 000,099,720 | ---- | M] (Global Graphics Software Ltd) [Disabled | Stopped] -- C:\Windows\SysWOW64\DCMessages.exe -- (DCMessages)
SRV - [2009.07.14 03:14:42 | 000,009,216 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysWOW64\TCPSVCS.EXE -- (simptcp)
SRV - [2009.06.16 02:30:42 | 000,084,536 | -H-- | M] (ASUS) [Disabled | Stopped] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2006.12.14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006.12.14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006.12.14 01:46:16 | 000,057,344 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004.03.30 17:15:24 | 000,090,183 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\PortReporter\portreporter.exe -- (PortReporter)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2013.03.06 15:13:37 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | Disabled | Unknown] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.26 15:56:51 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.02.26 15:56:50 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Unknown] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.12.19 15:47:20 | 000,132,008 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.19 23:32:04 | 014,745,600 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.03.01 02:02:00 | 000,028,992 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.09.27 12:36:26 | 000,136,192 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv05.sys -- (acedrv05)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.07.22 18:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011.07.12 23:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011.04.13 15:04:38 | 000,045,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.12.13 15:12:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.11.30 00:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 15:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 17:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.19 23:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 00:53:12 | 001,147,232 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\netr28x.sys -- (netr28x)
DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.08.24 11:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.11 08:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.10.05 03:34:00 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 11:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ElbyCDFL.sys -- (ElbyCDFL)
DRV:64bit: - [2006.10.18 02:00:00 | 000,052,760 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV - [2010.07.26 22:57:20 | 000,017,024 | -H-- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | -H-- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
DRV - [2007.02.16 02:57:06 | 000,040,648 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys -- (ElbyCDFL)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-CH
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A3 89 27 EF D1 20 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.ch"
FF - prefs.js..extensions.enabledAddons: %7B888d99e7-e8b5-46a3-851e-1ec45da1e644%7D:17.0.0
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: %7B00F0643E-B367-4779-B45D-7046EBA37A88%7D:13.0.1.9979
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.7
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.6
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.1.0-git-20121231-0404: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1200112.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922:  File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@spoon.net/Spoon Plugin 3.33:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@greentube.com/GreenWebPlayer: C:\Games\GreenWebPlayer\npgreenwebplayer.dll (Greentube Internet Entertainment Solutions GmbH)
FF - HKCU\Software\MozillaPlugins\@stonetrip.com/ShiVaWebPlayer,version=1.8.0.0: C:\Users\*****\AppData\Roaming\..\LocalLow\StoneTrip\Web Player\npShiVa3D.dll ()
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{00F0643E-B367-4779-B45D-7046EBA37A88}: C:\Program Files (x86)\Steganos Password Manager 2012\spmplugin3 [2012.12.10 07:40:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.13 18:25:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.07 16:38:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\extension@preispilot.com: C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\koq680jp.default\extensions\extension@preispilot.com
 
[2011.08.07 13:03:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2013.04.25 17:36:04 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions
[2013.04.07 11:55:58 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.04.03 15:25:09 | 000,000,000 | ---D | M] (WOT) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013.04.13 18:25:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\koq680jp.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013.03.03 06:55:08 | 000,134,804 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.12.24 12:51:14 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.12.29 09:45:25 | 000,111,107 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\extension@preispilot.com.xpi
[2013.04.25 17:36:04 | 000,532,430 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.28 21:16:41 | 000,030,502 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{888d99e7-e8b5-46a3-851e-1ec45da1e644}.xpi
[2013.02.15 19:55:24 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.26 09:01:56 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2013.02.07 08:09:42 | 000,698,764 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\extensions\{fe272bd1-5f76-4ea4-8501-a05d35d823fc}.xpi
[2013.02.25 07:07:03 | 000,002,341 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\koq680jp.default\searchplugins\anderes-wortde.xml
[2013.02.16 15:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.10 07:40:10 | 000,000,000 | ---D | M] (Steganos Password Manager) -- C:\PROGRAM FILES (X86)\STEGANOS PASSWORD MANAGER 2012\SPMPLUGIN3
[2013.04.13 18:25:18 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.26 07:03:16 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.26 07:03:16 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.01.26 07:03:16 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.26 07:03:16 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.26 07:03:16 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.26 07:03:16 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: SweetIM Search (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Advanced SystemCare 6 (Enabled) = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\Plugin/ASCPlugin_Protect.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: GreenWebPlayer (Enabled) = C:\Games\GreenWebPlayer\npgreenwebplayer.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Advanced SystemCare 6 Opera Plugin (Enabled) = C:\Program Files (x86)\IObit\Advanced SystemCare 6\BrowerProtect\np_Asc_plugin.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: Zylom Plugin (Enabled) = C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
CHR - plugin: ShiVa3D Plugin (Enabled) = C:\Users\*****\AppData\Roaming\..\LocalLow\StoneTrip\Web Player\npShiVa3D.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google Search = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Advanced SystemCare Surfing Protection = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfengeggddojhakldhlpjdlddgkkjkdd\1.0.0_0\
CHR - Extension: Gmail = C:\Users\*****\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.03.25 06:58:42 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Steganos Password Manager Toolbar) - {9C65D12D-CF9D-454D-8049-61965D8C6FFF} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files (x86)\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPath = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O9 - Extra Button: Steganos Password Manager - {024538B9-3F39-49FF-9503-975F743210FA} - C:\Program Files (x86)\Steganos Password Manager 2012\SPMIEToolbar.dll (Steganos Software GmbH)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.210 88.84.16.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = ackermann-home.ch
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52ACCD0C-CD6E-4B80-B520-286DEEC015E3}: NameServer = 192.168.0.220,192.168.0.210
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CC6F69AF-BEC2-436E-AA09-0D9DE562E21B}: NameServer = 127.0.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: DhcpNameServer = 192.168.0.210 88.84.16.108
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3B07140-174D-4590-A16C-E4C23E71385D}: NameServer = 192.168.0.220,192.168.0.210
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.12.24 09:00:08 | 000,000,000 | ---D | M] - C:\Autodesk -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.26 16:32:30 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board-Dateien
[2013.04.26 16:29:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.26 07:12:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LTC
[2013.04.26 07:11:39 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AF Signal Generator
[2013.04.26 07:11:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AF Signal Generator
[2013.04.26 07:11:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AF Signal Generator
[2013.04.26 06:44:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.04.25 19:26:23 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.04.25 18:57:03 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\SUPERAntiSpyware.com
[2013.04.25 18:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2013.04.25 18:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2013.04.25 18:56:53 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2013.04.25 17:59:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Bagger-Simulator 2011
[2013.04.25 17:55:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.04.25 17:51:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bagger-Simulator 2011
[2013.04.25 17:51:21 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Bagger-Simulator 2011
[2013.04.25 17:43:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bagger-Simulator 2011
[2013.04.25 17:33:18 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Avira
[2013.04.25 17:32:37 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.04.25 17:32:37 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.04.25 17:32:37 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.04.13 08:20:11 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2013.04.13 08:20:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Hide Folder
[2013.04.13 08:20:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Hide Folder
[2013.04.05 15:01:06 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\SimCity
[2013.04.05 14:34:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SimCity™
[2013.04.05 14:33:51 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\EAInstaller
[2013.04.05 14:23:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Origin
[2013.04.05 14:23:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2013.04.05 14:23:04 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Origin
[2013.04.05 14:21:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.04.05 14:21:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.04.05 14:21:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2013.03.29 20:38:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ravensburger
[2013.03.29 20:37:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger
[2013.03.28 19:00:56 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Speech Macros
[2013.03.28 19:00:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WSRMacros
[2013.03.27 17:05:53 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\MigWiz
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.26 16:32:36 | 000,058,709 | ---- | M] () -- C:\Users\*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.04.26 16:32:04 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable
[2013.04.26 16:30:20 | 000,377,856 | ---- | M] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe
[2013.04.26 16:29:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.04.26 16:29:27 | 000,050,477 | ---- | M] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.04.26 16:28:46 | 000,003,677 | ---- | M] () -- C:\Windows\scad3.INI
[2013.04.26 16:28:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.26 16:26:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 16:26:44 | 000,009,920 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.26 16:23:31 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.26 16:22:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.26 07:12:35 | 000,001,177 | ---- | M] () -- C:\Users\*****\Desktop\LTspice IV.lnk
[2013.04.26 06:46:33 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.26 06:46:01 | 000,000,422 | ---- | M] () -- C:\Windows\tasks\Wise Care 365.job
[2013.04.26 06:45:48 | 467,787,775 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.26 06:44:23 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.26 05:37:36 | 000,556,480 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.25 19:28:24 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.25 18:56:55 | 000,001,810 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.25 17:51:22 | 000,001,980 | ---- | M] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011.lnk
[2013.04.25 17:51:22 | 000,001,229 | ---- | M] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011 Anleitung.lnk
[2013.04.25 17:19:14 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.04.13 18:28:11 | 001,672,432 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.13 18:28:11 | 000,723,122 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.13 18:28:11 | 000,668,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.13 18:28:11 | 000,156,670 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.13 18:28:11 | 000,129,150 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.13 08:20:11 | 000,000,970 | ---- | M] () -- C:\Users\*****\Desktop\Free Hide Folder.lnk
[2013.04.11 14:05:52 | 000,007,665 | ---- | M] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2013.04.11 09:51:40 | 000,008,606 | ---- | M] () -- C:\Users\*****\Desktop\195XtpMVSGt9hE3y_18378.jpg
[2013.04.05 14:35:21 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\SimCity™.lnk
[2013.04.05 14:21:12 | 000,000,985 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.29 20:38:33 | 000,000,230 | ---- | M] () -- C:\Windows\5Freunde.ini
[2013.03.29 20:38:32 | 000,002,176 | ---- | M] () -- C:\Users\Public\Desktop\Fünf Freunde auf Schatzsuche.lnk
[2013.03.28 19:06:30 | 000,000,103 | ---- | M] () -- C:\Users\*****\Desktop\ruhezustand.bat
[2013.03.28 18:38:00 | 000,001,494 | ---- | M] () -- C:\Users\*****\Desktop\Mozilla Firefox.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.26 16:32:30 | 000,058,709 | ---- | C] () -- C:\Users\*****\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten  - Trojaner-Board.htm
[2013.04.26 16:32:04 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable
[2013.04.26 16:30:19 | 000,377,856 | ---- | C] () -- C:\Users\*****\Desktop\gmer_2.1.19163.exe
[2013.04.26 16:29:18 | 000,050,477 | ---- | C] () -- C:\Users\*****\Desktop\Defogger.exe
[2013.04.26 16:26:16 | 000,003,677 | ---- | C] () -- C:\Windows\scad3.INI
[2013.04.26 07:12:35 | 000,001,177 | ---- | C] () -- C:\Users\*****\Desktop\LTspice IV.lnk
[2013.04.26 05:37:08 | 000,556,480 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.25 18:56:55 | 000,001,810 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2013.04.25 17:51:22 | 000,001,980 | ---- | C] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011.lnk
[2013.04.25 17:51:22 | 000,001,229 | ---- | C] () -- C:\Users\*****\Desktop\Bagger-Simulator 2011 Anleitung.lnk
[2013.04.25 17:32:39 | 000,002,072 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.04.13 08:20:11 | 000,000,970 | ---- | C] () -- C:\Users\*****\Desktop\Free Hide Folder.lnk
[2013.04.11 14:05:52 | 000,007,665 | ---- | C] () -- C:\Users\*****\AppData\Local\recently-used.xbel
[2013.04.11 09:51:38 | 000,008,606 | ---- | C] () -- C:\Users\*****\Desktop\195XtpMVSGt9hE3y_18378.jpg
[2013.04.05 14:34:01 | 000,001,278 | ---- | C] () -- C:\Users\Public\Desktop\SimCity™.lnk
[2013.04.05 14:21:12 | 000,000,985 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.03.29 20:38:32 | 000,002,176 | ---- | C] () -- C:\Users\Public\Desktop\Fünf Freunde auf Schatzsuche.lnk
[2013.03.29 20:38:32 | 000,000,230 | ---- | C] () -- C:\Windows\5Freunde.ini
[2013.03.28 19:06:30 | 000,000,103 | ---- | C] () -- C:\Users\*****\Desktop\ruhezustand.bat
[2013.03.28 19:00:32 | 000,000,963 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Speech Recognition Macros.lnk
[2013.03.28 18:36:56 | 000,001,494 | ---- | C] () -- C:\Users\*****\Desktop\Mozilla Firefox.lnk
[2012.12.26 17:12:01 | 000,668,057 | ---- | C] () -- C:\Users\*****\wartung.xcf
[2012.12.18 07:45:48 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2012.12.16 19:17:46 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2012.12.11 20:36:02 | 000,000,678 | ---- | C] () -- C:\Windows\DesktopSchneeFree.ini
[2012.11.15 13:55:36 | 000,116,380 | ---- | C] () -- C:\Windows\GXTranscoder v2 Uninstaller.exe
[2012.11.03 09:01:40 | 000,246,028 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat
[2012.10.30 18:26:23 | 000,456,192 | ---- | C] () -- C:\Windows\SetACL.exe
[2012.10.23 19:13:00 | 000,438,272 | ---- | C] () -- C:\Windows\SysWow64\PaintX.dll
[2012.09.25 12:21:40 | 000,000,045 | ---- | C] () -- C:\Users\*****\.edu.xtec.properties
[2012.09.23 07:51:23 | 000,087,704 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2012.09.20 04:50:16 | 000,089,069 | ---- | C] () -- C:\Users\*****\test.png
[2012.08.29 04:54:41 | 000,000,048 | ---- | C] () -- C:\Users\*****\.jupload.properties
[2012.07.06 16:41:01 | 000,015,760 | ---- | C] () -- C:\Windows\SysWow64\DCMessagesPS.dll
[2012.07.06 16:41:01 | 000,000,737 | ---- | C] () -- C:\Windows\SysWow64\oemsetup.ini
[2012.04.17 18:34:00 | 000,532,480 | ---- | C] () -- C:\Windows\SysWow64\CddbPlaylist2Sony.dll
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.19 23:25:58 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.03.19 22:21:14 | 013,212,672 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.12.17 08:01:00 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.12.17 08:01:00 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.12.17 08:01:00 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.11.06 11:16:39 | 000,000,880 | ---- | C] () -- C:\Users\*****\.recently-used.xbel.fss
[2011.09.30 17:06:06 | 001,650,326 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.27 12:32:40 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2011.08.21 10:06:18 | 000,000,680 | RHS- | C] () -- C:\Users\*****\ntuser.pol
[2011.08.19 17:40:11 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.08.18 16:57:37 | 000,007,670 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011.08.17 14:56:59 | 000,000,128 | ---- | C] () -- C:\Users\*****\Alle.fss
[2011.08.07 12:19:57 | 000,012,288 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.26 17:26:46 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.07.26 17:26:46 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.07.26 17:26:46 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.07.26 17:26:46 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.06.22 12:41:40 | 000,014,051 | ---- | C] () -- C:\Windows\SysWow64\RaCoInst.dat
[2011.06.22 12:41:37 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.dll
[2011.06.22 12:41:37 | 000,000,451 | ---- | C] () -- C:\Windows\SysWow64\DiagFunc.ini
[2011.06.22 12:35:04 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.03.09 18:09:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\.minecraft
[2011.10.28 20:50:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\aicon
[2013.01.15 18:42:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\AltiumDesignerSummer09
[2011.09.22 16:35:11 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Anvil Studio
[2011.12.09 06:35:30 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASCOMP Software
[2012.09.08 17:33:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Ashampoo
[2011.11.04 18:40:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ASUS WebStorage
[2013.03.14 18:01:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Audacity
[2012.03.06 18:30:51 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Autodesk
[2012.02.07 18:25:21 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Blender Foundation
[2011.10.05 18:47:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Canon
[2013.03.06 18:44:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Clickteam
[2012.01.04 13:45:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\concept design
[2013.03.24 10:16:32 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DesktopIconForAmazon
[2013.01.15 20:23:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Dev-Cpp
[2012.07.01 16:27:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\DVDVideoSoft
[2012.05.08 17:50:47 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\engadven
[2011.12.12 17:47:06 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\EurekaLog
[2012.08.25 07:09:38 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FileZilla
[2012.07.01 08:32:46 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Firefly Studios
[2012.08.25 07:01:20 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FlashFXP
[2011.12.18 11:01:39 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Franzis
[2012.12.09 17:20:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Free MP3 WMA OGG Converter
[2011.09.22 16:04:37 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GetRightToGo
[2011.10.16 10:25:03 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\GlarySoft
[2012.07.06 16:42:23 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Global Graphics
[2012.04.16 09:00:22 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\gtk-2.0
[2012.12.11 20:51:19 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Home Sweet Home Christmas
[2013.01.24 07:28:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQ-Profile
[2013.01.24 07:22:05 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ICQM
[2012.12.24 07:22:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IObit
[2011.08.08 16:31:01 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\iPodder
[2011.09.03 09:21:59 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2013.03.24 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\KeePass
[2011.08.11 19:09:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Leadertech
[2013.02.07 09:03:29 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Lindy
[2012.01.08 15:09:09 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\MAGIX
[2011.12.18 09:58:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Need for Speed World
[2013.04.26 06:01:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Notepad++
[2011.09.17 15:34:43 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Nuance
[2012.12.18 07:45:45 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OCS
[2013.02.09 08:20:55 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2012.12.18 07:45:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Opera
[2013.04.05 14:24:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Origin
[2012.07.01 16:26:33 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Philipp Winterberg
[2011.09.18 08:24:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\PlayFirst
[2012.09.26 12:23:02 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ProtectDISC
[2012.08.08 18:59:34 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\QuickScan
[2011.09.24 12:44:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\RavensburgerTipToi
[2011.08.17 19:30:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Samsung
[2012.06.02 18:43:28 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\SoftGrid Client
[2011.12.12 17:01:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Softplicity
[2012.01.06 17:48:36 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Software Informer
[2011.10.29 08:10:50 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Solveig Multimedia
[2012.12.10 18:59:44 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Steganos
[2012.07.05 06:41:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StoneTrip
[2012.12.12 19:23:53 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\StreamTorrent
[2012.09.18 19:27:56 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TeamViewer
[2011.11.03 22:59:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\temp
[2011.08.07 13:24:13 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Thunderbird
[2011.09.09 17:59:25 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TS3Client
[2011.09.09 17:57:16 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\ts3overlay
[2013.01.03 17:35:24 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wargaming.net
[2012.08.28 16:14:40 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Webocton - Scriptly
[2011.09.20 18:00:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wildlife Park 2
[2011.09.21 17:18:48 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Wildlife Park 2 - Abenteuer auf der Ranch
[2013.03.27 07:19:07 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\WinPatrol
[2011.08.08 15:32:15 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\Zeon
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 119 bytes -> C:\ProgramData\Temp:5C321E34

< End of report >
         
--- --- ---


Extras.txt

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 26.04.2013 16:33:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\****\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy
 
5,91 Gb Total Physical Memory | 3,80 Gb Available Physical Memory | 64,30% Memory free
11,83 Gb Paging File | 9,07 Gb Available in Paging File | 76,67% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 238,47 Gb Total Space | 145,65 Gb Free Space | 61,08% Space Free | Partition Type: NTFS
Drive D: | 332,70 Gb Total Space | 330,38 Gb Free Space | 99,30% Space Free | Partition Type: NTFS
 
Computer Name: ASUS-X73S | User Name: **** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0C52BD39-CE83-4D08-A0E1-4D7DD3B5C055}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1354FFD8-C43B-4C4A-A176-A496BB82AC57}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{18C59779-E34C-4A0B-B1C2-E9F74C4C3E01}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{1B1B4F22-73CB-41A6-A130-F9E1030CD0E5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{27C3C985-D678-42C3-A3D4-9FCDEBCAEF95}" = rport=137 | protocol=17 | dir=out | app=system | 
"{3766F919-9C65-4A71-B009-B6ABA23013FE}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{44DDB1F6-C98E-40A3-8ADA-38D8B42CE7E0}" = rport=139 | protocol=6 | dir=out | app=system | 
"{506984D9-DE61-4E40-9679-2D3BDE5A3CB8}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{52AD3C9B-FF9A-4CB6-AE61-BF7D4F34218E}" = rport=138 | protocol=17 | dir=out | app=system | 
"{5E316A5E-FE5F-4ECF-BBD8-8CE56D188F1A}" = lport=445 | protocol=6 | dir=in | app=system | 
"{5ED0E8E5-1CF3-42DE-94F0-A0EE25EFC5A6}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{609CB0BC-AE3E-4427-A317-1E9EA53D47E2}" = lport=138 | protocol=17 | dir=in | app=system | 
"{66FDBFCC-BF9D-4F47-A401-265D032F6D78}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{6D8D8A91-F7F5-4ADF-8488-304D195EC39A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{78E66EB0-B4CE-49EA-B158-52EABC84B842}" = lport=137 | protocol=17 | dir=in | app=system | 
"{7D4A9835-E85F-4359-8285-A205313C8097}" = lport=3306 | protocol=6 | dir=in | name=mysql server | 
"{8C8898D9-8936-4C85-9287-33BF732EC53C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{9EF19B17-7BEA-4B1D-B771-C6598E9E8583}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A72233AF-337A-40D3-BCE9-4CBCFF8C6B0B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{B68832B1-FB7C-4F51-8F3F-C2226EA8CDAD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B6DF1D72-D79C-474C-8590-99A11E372B3C}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C4C7BBE5-D323-40B4-8C4F-D09E960E66CA}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{E40810E3-B466-49CC-862C-262C2A9DFD86}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{E88157B5-66E2-4965-BEDB-9E78D1AC8F1F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA828933-6992-41F6-B3AC-8AFD775F8D90}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FCE9A7E1-49D9-457D-B41E-80558B7FF46F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{FCF0F2AF-6B8D-488D-BD55-2F98AE5444B0}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FD31D710-03EE-45A2-940D-055F9F2123BE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02BA9C06-CF22-4DBE-953A-95133ECF98F0}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{044B7A42-6B69-46C0-AA7E-FC2FBF63393F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0633A6BC-3D34-48D4-AED0-76FAFD1042C3}" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{07D57583-FD04-4433-82A9-6A935B0E0128}" = protocol=17 | dir=in | app=c:\icpdas\hmiworks_standard\bin\hmiworks_standard.exe | 
"{099EB733-C8A4-4C4F-AE8A-7A385490ECF5}" = protocol=6 | dir=out | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{09B8E06B-44E6-4AC6-B2EA-587E65C7B3D3}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{0A2E5E47-A0A7-43B5-8A11-56E623F213F3}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{0A609099-1FAD-4974-92A1-C685A71C0FC7}" = protocol=6 | dir=in | svc=msiscsi | app=%systemroot%\system32\svchost.exe | 
"{0B07B5A9-2A0E-462B-9FA7-A78CA3CF1E63}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{0C4B143D-03B9-4A0A-AD17-C7AB9388919C}" = protocol=6 | dir=out | app=system | 
"{0D0BD425-AB0C-4B2D-A3CD-0E56368E653A}" = protocol=6 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{113FBE06-F6BB-48E1-B16A-F7157918D3B6}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe | 
"{11EA12D6-461A-4C69-91E7-8E5385E9DA37}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{19320639-2E27-497F-922D-801F85D35718}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{23618935-C3FE-4204-90D9-F76A3A557702}" = dir=in | app=c:\program files (x86)\microsoft games\microsoft flight\flight.exe | 
"{24DCBDAA-02F1-4A96-8E92-19D974D736DE}" = protocol=17 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{29544FC4-5240-4D7B-BADF-8C3F5A24F25C}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{2DDA6028-9F3B-4686-84A0-6596A0AF6F7D}" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"{2F9A62DF-8173-4368-9350-EE240E1766AE}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{391CD310-DCC5-4F42-B7C9-04A62BF4FA5A}" = protocol=17 | dir=in | app=c:\program files\smartftp client\smartftp.exe | 
"{3B4B1419-745D-4CC1-9BC2-67D07775D97A}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4008E305-D35A-49DA-80BF-29B31EA269BC}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\game.exe | 
"{47337177-E4FE-4F0F-8071-495EE6861915}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{48EF5628-BBEA-4D8B-8513-C5465FCF35EF}" = protocol=6 | dir=in | app=c:\icpdas\hmiworks_standard\bin\hmiworks_standard.exe | 
"{50BCBB85-98A6-42A7-9783-1FD39CA804FF}" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"{52E974FB-A34C-4495-B131-3E13655FA94A}" = protocol=6 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe | 
"{54821D7A-C83E-42D7-BCA6-C1CAC5B55786}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{54DC93AA-A8AE-4E55-9FC5-7E608B310DFD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{56B5F0C7-6A62-4FFE-B96F-41ABEF55F736}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{597D78C0-C6FC-424F-8C5E-0F560CA39ABF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5AC853EB-A017-45D3-BB13-7FD54DF1D645}" = protocol=6 | dir=in | app=c:\programme\ftp-uploader\ftpuploader.exe | 
"{5E57F353-21EB-455C-A330-69C0F6CB9BCB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{68A54052-58F3-40DC-89BD-75EC11C20645}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{69765F74-F265-4982-AC0B-8BCBCC2F7741}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{698AB5BD-DA21-462D-BF68-89EA467151C9}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\game.exe | 
"{69FE9373-6926-4C75-AB31-28D172855BF7}" = protocol=6 | dir=in | app=c:\users\dario\appdata\roaming\icqm\icq.exe | 
"{6C245CC5-4473-4A7C-985E-1C9D1FC6D1C2}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe | 
"{7363D4E7-8334-4271-8B15-27E787C741FD}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7455DC69-B15F-4FF0-BA58-6AE442DE914E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{74ADA3B2-3F69-4F25-B62E-9320F6B33043}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\game.exe | 
"{8648F8DE-448A-4024-8485-C1488757A09F}" = protocol=17 | dir=in | app=c:\programme\ftp-uploader\ftpuploader.exe | 
"{88BB7955-427F-47A8-9DFC-AC010E90F957}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{89CEE6C7-E8DB-4605-A0DC-C221147C6129}" = protocol=17 | dir=in | app=c:\users\dario\appdata\roaming\icqm\icq.exe | 
"{926FBB88-EDC2-4BB0-BBA6-1F193BD98FDA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{961503CE-8363-4ADC-B927-84809DB68888}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{B01B7767-875B-41AB-9F23-037B6AEAC681}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012.exe | 
"{B43E4EC5-73E7-42E8-9781-61F0E689DA84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{B6B7785D-BDEE-42AD-B451-A0F99A12D8B6}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{B88223CC-E2BC-4C87-A315-06940EC6FF74}" = protocol=17 | dir=in | app=c:\icpdas\hmiworks_standard\bin\eflash.exe | 
"{BAE61A5C-7F5B-4135-9D3A-C4F8785A39E1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{BAF6A631-C1CE-4464-BE80-55E1ABF9788B}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BCB49AC7-3DAD-4D66-837F-419FA363C275}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{C36A71F9-4DCE-4525-829A-B61A910CE7C3}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{C84B4ACE-6368-4F85-AF61-914E128520A4}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{D2213CFA-DA17-4ABF-9B58-51CF263EF9C6}" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"{D37E3E91-26A7-4897-9492-71702FE4BA10}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D410DF20-0A49-448D-93CB-E01C2E2A9E7E}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D8A6F2CB-69C6-466C-8560-5E3B63CA2847}" = protocol=6 | dir=in | app=c:\program files (x86)\firefly studios\stronghold legends\strongholdlegends.exe | 
"{D8F961C4-10FB-4E73-8825-FEA920F256E8}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{D90718F1-BE66-4033-8D89-B74132BC3858}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{D97B7A45-A9B4-4ABB-B803-55A39E15A329}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{DB8959CD-1902-4FF3-BC1C-96D6EF5EAECD}" = protocol=6 | dir=in | app=c:\icpdas\hmiworks_standard\bin\eflash.exe | 
"{E2B7FC12-33CD-4211-BC11-4C67CAD08B43}" = protocol=17 | dir=in | app=c:\program files (x86)\skiregion simulator 2012\skiregionsimulator2012game.exe | 
"{E889D922-5D92-4B39-878F-A62A024EC8D9}" = protocol=17 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{EC3B4687-10CC-418C-ACDD-5AF791194969}" = protocol=6 | dir=in | app=c:\program files (x86)\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{F0C898BA-3110-49DE-97B3-B1B8475BD7B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"TCP Query User{0D051C03-653A-4AEA-BCAB-416367A51692}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=6 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
"TCP Query User{4A34CBB2-428F-4F4B-AFC4-69D9BA3C59AC}C:\xampp\apache\bin\httpd.exe" = protocol=6 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{0C654612-BD51-4BD7-B2A8-384217075949}C:\xampp\apache\bin\httpd.exe" = protocol=17 | dir=in | app=c:\xampp\apache\bin\httpd.exe | 
"UDP Query User{656571D9-2889-4719-ACD9-07E9E4A2FD60}C:\program files (x86)\google\google earth\plugin\geplugin.exe" = protocol=17 | dir=in | app=c:\program files (x86)\google\google earth\plugin\geplugin.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX870_series" = Canon MX870 series MP Drivers
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{3ED4AD02-F631-4A4C-AAC8-2325996E5A56}" = Microsoft IntelliPoint 8.1
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4BB7A109-FDB5-45E3-9DB9-ECB2EA7B80EE}" = WinPatrol
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{91CAD9F2-9826-4585-87E6-5E3CA0A6CADF}" = SmartFTP Client German (Germany) MUI
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}" = ASUS Power4Gear Hybrid
"{A5D535DC-C407-414F-B212-2DB432C741EB}" = SmartFTP Client
"{A8A0B1C1-FBC7-4790-8E26-9DA1A6A95452}" = Oracle VM VirtualBox 4.2.6
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Optimus" = NVIDIA Optimus 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B77EFA0B-9BD3-4122-9F9A-15A963B5EA24}" = Intel(R) Turbo Boost Technology Monitor 2.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBFC6AAE-DCCB-4C23-B01C-3EDDDC03298B}" = Debugging Tools for Windows (x64)
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CCleaner" = CCleaner
"Elantech" = ETDWare PS/2-X64 8.0.5.0_WHQL
"GIMP-2_is1" = GIMP 2.8.0
"HMIWorks Standard Edition_is1" = HMIWorks Standard v2.05 Update 10 (for TouchPAD series)
"Loksim3D_is1" = Loksim3D
"MediaInfo" = MediaInfo 0.7.61
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.1" = Microsoft IntelliPoint 8.1
"SolarApp" = Logitech Solar App 1.0
"sp6" = Logitech SetPoint 6.32
"VLC media player" = VLC media player 2.1.0-git-20121231-0404
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03CC9D58-B132-4CC0-A521-4F3660AA43C7}" = Movie Maker
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0ABBF310-94E4-4AE8-A6BD-10345A3F6439}" = Google Drive
"{0D8E6567-7082-48DB-A305-293873AC8B39}_is1" = Preispilot für Firefox
"{0F5AEBB0-43F3-4571-ACE7-A7942E8AA179}" = Microsoft Application Compatibility Toolkit 5.6
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812EU}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20071984-5EB1-4881-8EDB-082532ACEC6D}" = Heroes of Might and Magic V
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{26A24AE4-039D-4CA4-87B4-2F83217021FF}" = Java 7 Update 21
"{2B81872B-A054-48DA-BE3B-FA5C164C303A}" = ASUS FancyStart
"{30F99474-EBE3-4134-A02B-F6CD38CFE243}" = Photo Gallery
"{38253529-D97D-4901-AE53-5CC9736D3A2E}" = ASUS AI Recovery
"{3A3701BF-11E1-467D-AB26-43B03F34FF7A}" = MAGIX Speed burnR (MSI)
"{3CBD94C1-BA15-488C-888B-D8DD296CC6DC}" = Fotogalerie
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4BA6784F-3B10-473A-B9F5-33A36AC354D5}" = Google SketchUp 8
"{4C278A1B-D7CA-4F9D-A74D-CB9866EB137A}" = Steganos Password Manager 2012
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{5C26044C-4264-4E8A-AD7F-4685CBFE7EAB}" = gDoc Installer
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66A405D2-BA14-4594-BF36-B3B544F0754E}" = Stronghold Legends
"{66FF4C48-0083-4E60-8556-B883AB200091}" = Heroes of Might & Magic V: Hammers of Fate
"{66FF4C48-0083-4E60-8556-B883AB200092}" = Heroes of Might and Magic V - Tribes of the East
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7FC7AD70-1DF3-4B84-9AA2-4FB680F45572}_is1" = Hex-Editor MX
"{825DCEAE-BCCE-4699-84FD-F8C23008240B}" = Altium Designer - Board Level Libraries
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8492053E-1FD0-4657-8CB0-52D0C7F3F476}" = gDoc Installer
"{878CADF7-5BD6-4A29-A6F4-AC51C0CE8068}" = Alcor Micro USB Card Reader
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8DC197D6-F4AB-44E0-ACF7-210355E6F389}" = Windows Speech Recognition Macros
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90850407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003
"{95120000-003F-0407-0000-0000000FF1CE}" = Microsoft Office Excel Viewer
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9BF3C220-0401-4945-A46F-63AFE6F4C114}" = Altium Designer Summer 09
"{A23CE7C7-29B6-444C-8D9D-EA6F4097A1C7}" = MAGIX Screenshare
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"{BCC899FE-2DAA-460C-A5FB-60291E73D9C3}" = Microsoft SQL Server Compact 3.5 ENU
"{BF6379E6-9936-46B0-B6AC-C56EE3987D2E}" = inSSIDer
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C4F932E5-0072-498A-8766-423035842D2D}" = Vision Runtime Dependencies
"{C61EB330-EE5C-11D5-99DD-0050DA44D4BE}" = Kommissar Kugelblitz 3
"{C649ED6C-2D44-40BA-AE75-0AADD5E411E5}" = Wildlife Park 2 Horses
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"{D09605BE-5587-4B0C-86C8-69B5092CB80F}" = Debugging Tools for Windows (x86)
"{D5E3232E-BE61-45FA-96BB-700349EFF048}" = RippMe
"{D85FFE92-BF14-4E9B-BCCD-E5C16069E65F}_is1" = FireJump
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E46C4D1B-39D0-4A9F-0001-6529DDC11226}" = CDRWIN 9 Basic
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EABCE84D-314C-4D47-8B8D-2743B45A4686}" = gDoc
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{ED6C77F9-4D7E-447C-9EC0-9A212D075535}" = Movie Maker
"{EED40EDB-B279-42EB-8D42-7E3D521F6E67}" = MySQL Server 5.5
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6367FD3-B168-4BBC-AF25-2359CEF69C43}" = MAGIX Video easy 3 HD Download-Version
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFD35D1F-F7C8-47AE-AF3E-E569F025CD7D}" = MySQL Server 5.5
"3Planesoft Screensaver Manager_is1" = 3Planesoft Screensaver Manager 1.4
"Abloadtool" = Abloadtool
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 12.0
"AF Signal Function Generator" = AF Signal Function Generator
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"Asus Vibe2.0" = AsusVibe2.0
"ASUS WebStorage" = ASUS WebStorage
"AsusScr_K3 Series_ENG_Basic" = AsusScr_K3 Series_ENG_Basic
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Audacity_is1" = Audacity 2.0.3
"Avira AntiVir Desktop" = Avira Free Antivirus
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"Bagger-Simulator 2011" = Bagger-Simulator 2011
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CloneCD" = CloneCD
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.3.1
"Debut" = Debut Video Capture Software
"Dev-C++" = Dev-C++ 5 beta 9 release (4.9.9.2)
"Earth Screensaver HD" = Earth Screensaver HD 
"FarmingSimulator2009GoldDE_is1" = Landwirtschafts-Simulator 2009 Gold
"FarmingSimulator2011DE_is1" = Landwirtschafts Simulator 2011
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"FFmpeg for Audacity_is1" = FFmpeg v0.6.2 for Audacity
"File-Upload.net" = File-Upload.net
"Flash Decompiler Trillix_is1" = Flash Decompiler Trillix
"Free Hide Folder" = Free Hide Folder
"ftp-uploader" = ftp-uploader
"Fünf Freunde auf Schatzsuche" = Fünf Freunde auf Schatzsuche
"Game Cam" = Game Cam 2.6.1.0
"GDC" = GDC 0.24.svn.r229
"GFWL_{4D5308D2-DC8E-4658-A37C-351000058100}" = Microsoft Flight
"giants_editor_5.0.1_is1" = GIANTS Editor 5.0.1
"Google Chrome" = Google Chrome
"GXTranscoder v2" = GXTranscoder v2
"hMailServer_is1" = hMailServer 5.3.3-B1879
"Home Sweet Home - Christmas Edition_is1" = Home Sweet Home - Christmas Edition
"ImageConverter Plus_is1" = ImageConverter Plus 8.0
"Inno Setup 5_is1" = Inno Setup Version 5.5.2
"Install Creator" = Install Creator
"InstallForge" = InstallForge
"InstallShield_{B98A34C0-A6A2-4087-B272-557C1C6D0A07}" = Microsoft Flight Simulator X Demo
"InstallShield_{CCD663AE-610D-4BDF-AAB0-E914B044527D}" = OpenMG Secure Module 4.7.00
"IrfanView" = IrfanView (remove only)
"Juice" = Juice 2.2
"jZip" = jZip
"KeePassPasswordSafe2_is1" = KeePass Password Safe 2.21
"LTspice IV" = LTspice IV
"MAGIX_MSI_Video_easy_3" = MAGIX Video easy 3 HD Download-Version
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Max und die Geheimformel" = Max und die Geheimformel
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"Mozilla Thunderbird 17.0.5 (x86 de)" = Mozilla Thunderbird 17.0.5 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Notepad++" = Notepad++
"OpenMG HotFix4.7-07-13-22-01" = OpenMG Limited Patch 4.7-07-14-05-01
"OpenTTD" = OpenTTD 1.2.3
"Origin" = Origin
"Picasa 3" = Picasa 3
"PicGrab_is1" = PicGrab 2.8.0
"Pic-Upload.de" = Pic-Upload.de
"Ravensburger tiptoi" = Ravensburger tiptoi
"Santa Claus 3D Screensaver_is1" = Santa Claus 3D Screensaver 1.1
"Schriftenbibliothek_is1" = Schriftenbibliothek
"Secunia PSI" = Secunia PSI (3.0.0.6001)
"Shockwave" = Shockwave
"SkiRegionSimulator2012DE_is1" = Skiregion Simulator 2012
"SmartFTP Client 4.1 (x64) Setup Files" = SmartFTP Client Setup Files 4.1 (x64) (remove only)
"Sparfuchs_is1" = Sparfuchs
"SpywareBlaster_is1" = SpywareBlaster 5.0
"ST6UNST #1" = Der Restaurant-Manager 1.5  Vollversion.de Edition
"Steinbruch-Simulator 2012 Patch 1.10_is1" = Steinbruch-Simulator 2012 Patch 1.10
"Steinbruch-Simulator 2012_is1" = Steinbruch-Simulator 2012
"SuperTux_is1" = SuperTux 0.1.3
"TKKG10" = TKKG10
"TmNationsForever_is1" = TmNationsForever
"Two Worlds Pinball" = Two Worlds Pinball
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 2.0.5
"Webocton - Scriptly_is1" = Webocton - Scriptly 0.8.95.6
"White Christmas 3D Screensaver and Animated Wallpaper_is1" = White Christmas 3D Screensaver and Animated Wallpaper 1.0
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.11 (32-Bit)
"xampp" = XAMPP 1.8.1
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Extreme Tux Racer" = Extreme Tux Racer
"gwp-DEFAULT" = GreenWebPlayer
"ICQ" = ICQ 8.0 (build 5989, für aktuellen Benutzer)
"sc13-CH_MAIN" = Ski Challenge 13 (CH)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.04.2013 13:15:03 | Computer Name = ASUS-X73S.****************** | Source = Schedule | ID = 0
Description = 
 
Error - 25.04.2013 23:37:27 | Computer Name = ASUS-X73S.****************** | Source = Schedule | ID = 0
Description = 
 
Error - 25.04.2013 23:45:41 | Computer Name = ASUS-X73S.****************** | Source = MsiInstaller | ID = 10005
Description = 
 
Error - 25.04.2013 23:55:51 | Computer Name = ASUS-X73S.****************** | Source = NtServicePack | ID = 921877
Description = 
 
Error - 25.04.2013 23:56:13 | Computer Name = ASUS-X73S.****************** | Source = NtServicePack | ID = 921877
Description = 
 
Error - 25.04.2013 23:56:20 | Computer Name = ASUS-X73S.****************** | Source = NtServicePack | ID = 921877
Description = 
 
Error - 26.04.2013 00:50:27 | Computer Name = ASUS-X73S.****************** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second
 
Error - 26.04.2013 00:50:27 | Computer Name = ASUS-X73S.****************** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 15584
 
Error - 26.04.2013 00:50:27 | Computer Name = ASUS-X73S.****************** | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 15584
 
Error - 26.04.2013 01:06:35 | Computer Name = ASUS-X73S.****************** | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: LiveUpdt.exe, Version: 2.0.0.0, Zeitstempel:
 0x4a6d7c8e  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b8f  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0002e3be  ID des fehlerhaften Prozesses:
 0x151c  Startzeit der fehlerhaften Anwendung: 0x01ce423bcfbc5367  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdt.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 10d73a0c-ae2f-11e2-bb72-14dae90d9b4d
 
[ System Events ]
Error - 26.04.2013 00:43:55 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7023
Description = Der Dienst "IPsec-Richtlinien-Agent" wurde mit folgendem Fehler beendet:
   %%10106
 
Error - 26.04.2013 00:44:07 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10010
Description = 
 
Error - 26.04.2013 00:45:07 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Dienst "Bonjour"" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1.
 
Error - 26.04.2013 00:45:50 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Microsoft Antimalware Service erreicht.
 
Error - 26.04.2013 00:45:50 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Microsoft Antimalware Service" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1053
 
Error - 26.04.2013 00:46:33 | Computer Name = ASUS-X73S.****************** | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   acedrv05
 
Error - 26.04.2013 00:47:02 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description = 
 
Error - 26.04.2013 01:12:25 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description = 
 
Error - 26.04.2013 10:27:56 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description = 
 
Error - 26.04.2013 10:37:56 | Computer Name = ASUS-X73S.****************** | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         
--- --- ---

[/CODE]

Deffoger

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:32 on 26/04/2013 (Dario)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         
GMER folgt

GMER

Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-26 18:24:16
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD64 rev.01.0 596.17GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\******\AppData\Local\Temp\pxloypoc.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                                                      fffff800033ef000 65 bytes [00, 00, 15, 02, 46, 69, 6C, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 626                                                                                      fffff800033ef042 4 bytes [00, 00, 00, 00]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable                                                                                                         fffff96000133e00 7 bytes [40, 96, F3, FF, 01, A2, F0]
.text     C:\Windows\System32\win32k.sys!W32pServiceTable + 8                                                                                                     fffff96000133e08 3 bytes [C0, 06, 02]

---- User code sections - GMER 2.1 ----

.text     C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              00000000772f1465 2 bytes [2F, 77]
.text     C:\Program Files (x86)\BillP Studios\WinPatrol\WinPatrol.exe[3108] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                             00000000772f14bb 2 bytes [2F, 77]
.text     ...                                                                                                                                                     * 2
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  00000000772f1465 2 bytes [2F, 77]
.text     C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe[5684] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                 00000000772f14bb 2 bytes [2F, 77]
.text     ...                                                                                                                                                     * 2

---- Threads - GMER 2.1 ----

Thread    C:\Program Files\Windows Media Player\wmpnetwk.exe [4016:4884]                                                                                          000007fefbc82a7c

---- Registry - GMER 2.1 ----

Reg       HKLM\SYSTEM\CurrentControlSet\Control\Session Manager@PendingFileRenameOperations                                                                       ????????? ???????u????????????????V?????????&????????????????????-??? ??????????????????????????????????+??????????????????????0F1??? ???????u?????????????,?????????? ?&????????????????????x????&??????????????e??PSI - Top Instance??PS???????????????e???????q??????????????????????s8???&???????d??????????????????????? ???????|???????????>?:????????????&????????????????????-???&?? ????o???????????????????s???&????????????????????????????????????T??????z????????????6??????V???????L??12-19-2012??????H?lt Ihre Google-Software auf dem neuesten Stand. Falls dieser Service deaktiviert oder angehalten wird, wird Ihre Google-Software nicht aktualisiert. Das hei?t, dass eventuell auftretende Sicherheitsl?cken nicht behoben und bestimmte Funktionen m?glicherweise nicht ausgef?hrt werden k?nnen. Dieser Service deinstalliert sich selbst, wenn er nicht von einer Google-Software verwendet wird.???????&???????\??????????????????????\\?\Root#SUN_VBOXNETFLTMP#0000#{cac88484-7515-4c03-82e6-71a87abac361}??????????????????????????
Reg       HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0025d3b2962e                                                                             
Reg       HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0025d3b2962e (not active ControlSet)                                                         
Reg       HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@SIGN.MEDIA=7B01554 On s'entra\xffeene (D)\setup.exe  1

---- EOF - GMER 2.1 ----
         
__________________

Alt 28.04.2013, 08:40   #4
Baldoius
 

PC verweigert Windows-Update - Standard

PC verweigert Windows-Update



hat an dem thema niemand intersee.............

Alt 28.04.2013, 13:31   #5
Psychotic
/// Malwareteam
 
PC verweigert Windows-Update - Standard

PC verweigert Windows-Update





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.


Ich kann hier momentan nichts entdecken...


Schritt 1: Scan mit TDSS-Killer



Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.

Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.




Schritt 2: adwCleaner


Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 3: SecurityCheck


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 30.04.2013, 08:44   #6
Psychotic
/// Malwareteam
 
PC verweigert Windows-Update - Standard

PC verweigert Windows-Update



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
--> PC verweigert Windows-Update

Antwort

Themen zu PC verweigert Windows-Update
aktiviere, aktivieren, ausgelaufen, deinstalliert, desktop, essen, essentials, fix-it, free, funktionier, funktioniert, installation, microsoft, microsoft essentials, probleme, security, total, versuch, versucht, verweigert, windows, windows-update




Ähnliche Themen: PC verweigert Windows-Update


  1. Windows 7 Update Code 8008005 Unbekannte Fehler bei Windows Update
    Log-Analyse und Auswertung - 08.02.2015 (15)
  2. Windows 7: Internet: Proxy-Server verweigert die Verbindung
    Log-Analyse und Auswertung - 19.09.2014 (15)
  3. Windows 7 verweigert Zugriff auf Dateien trotz Administrator-Rechten
    Plagegeister aller Art und deren Bekämpfung - 19.09.2014 (15)
  4. Windows 7 verweigert mir Zugriff auf Dateien, trotz Vollzugriff
    Alles rund um Windows - 23.08.2014 (4)
  5. Windows 8.1: Avira hat Malware gefunden-Aktion: Zugriff verweigert
    Log-Analyse und Auswertung - 19.08.2014 (5)
  6. Windows 7: Firefox fehlermeldung : Proxy-Server verweigert die Verbindung, Internet Explorer falsche Startseite, viel werbung
    Log-Analyse und Auswertung - 22.04.2014 (23)
  7. Popup meldung zu MS13-052 Windows Update Security Update zu .net 4
    Log-Analyse und Auswertung - 26.03.2014 (9)
  8. Windows Vista -wStub xxxxxxx Zugriff verweigert
    Alles rund um Windows - 11.12.2013 (2)
  9. Obskure grafische Meldung zu MS13-052 Windows Update Security Update zu .net 4
    Plagegeister aller Art und deren Bekämpfung - 22.11.2013 (3)
  10. Windows Update funktioniert nicht / Firefox Update mischt auch mit
    Alles rund um Windows - 18.01.2013 (2)
  11. Windows Server 2008R2 - Firewall Zugriff verweigert und Gefunden Adware.Adon und InstallCore.D
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (16)
  12. WLan Zugriff verweigert, Windows udate abgeschaltet, keine Admin rechte mehr -> Trojanerbefall?
    Log-Analyse und Auswertung - 26.07.2010 (1)
  13. C:\Windows\system32\shell.dell Zugriff verweigert!
    Plagegeister aller Art und deren Bekämpfung - 04.06.2010 (15)
  14. Signatur-Update von McAfee macht Windows-PCs unbenutzbar [Update]
    Nachrichten - 22.04.2010 (0)
  15. Bitdefender-Update legt Windows-Rechner lahm [Update]
    Nachrichten - 22.03.2010 (0)
  16. Festplattenzugriff über Arbeitsplatz war verweigert; C:\WINDOWS\system32\olhrwef.exe
    Log-Analyse und Auswertung - 23.08.2009 (11)
  17. Windows verweigert Zugriff
    Alles rund um Windows - 08.11.2007 (4)

Zum Thema PC verweigert Windows-Update - Hallihallo! Nach dem mir die Gratislizenz von AviraInternetSecurity 2012 ausgelaufen ist, habe ich es deinstalliert - soweit so gut. Auch eine Installation von Avira Free hat nicht geschadet. Jetzt hab - PC verweigert Windows-Update...
Archiv
Du betrachtest: PC verweigert Windows-Update auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.