Probleme mit PWS:Win32/Zbot.gen!AJ - Trojaner

Bass1988 · 09.05.2013, 13:13

Einen schönen guten Tag wünsche ich euch

Ich bin mittels Google auf dieses schöne Forum gestoßen und war erstaunt über die tolle Hilfe.
Ich habe seit gestern Schwierigkeiten mit dem Trojaner PWS:Win32/Zbot.gen!AJ
Dieser Trojaner gibt mir immer wieder ein Fenster mit einem "angeblichen Javaupdate" auf den Desktop. Das einzigste, was ich da noch tun konnte, war über den Taskmanager diesen Prozess zu beenden, weil ich auf keinen fall auf irgendeine Schaltfläche in diesem Fenster klicken wollte.
Leider habe ich keine Ahnung, wie ich mir den eingefangen habe. Ich surfe wenn überhaupt nur auf Seiten meines Vertrauens über normale Games bzw. als angehender Musiker in Foren oder Intrumentenshops.

Ich wäre euch sehr dankbar, wenn mir jemand helfen könnte, da ich mit meinem Latein leider am Ende bin.

Defogger:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 13:28 on 09/05/2013 (Admin)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL.txt:

Code:

ATTFilter

OTL Logfile:

	Code: 

 ATTFilter

  
	OTL logfile created on: 09.05.2013 13:41:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop\Troja
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 74,08% Memory free
23,54 Gb Paging File | 21,46 Gb Available in Paging File | 91,17% Paging File free
Paging file location(s): c:\pagefile.sys 16000 16000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,47 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 596,35 Gb Free Space | 64,02% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.09 13:13:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Desktop\Troja\OTL.exe
PRC - [2013.04.21 22:37:42 | 000,107,832 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrB.exe
PRC - [2013.04.21 22:37:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.05.20 10:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.07.31 03:23:46 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
PRC - [2009.07.07 13:13:38 | 000,241,789 | ---- | M] (Creative Technology Ltd) -- D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.02.13 19:57:19 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.01.10 20:33:41 | 000,491,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\346a7a67978cead8e2ff52c6d80bbeb7\IAStorUtil.ni.dll
MOD - [2013.01.10 20:33:41 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\500a8ae2a5d27132d87ccac9f97b0069\IAStorCommon.ni.dll
MOD - [2013.01.10 20:16:53 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:16:34 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:16:26 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll
MOD - [2013.01.10 20:16:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:16:21 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:16:21 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.10 20:16:18 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.11.30 02:53:00 | 000,073,728 | ---- | M] () -- C:\Windows\SysWOW64\CmdRtr.DLL
MOD - [2009.11.30 02:41:00 | 000,177,664 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL
MOD - [2009.03.17 05:39:46 | 000,148,992 | R--- | M] () -- C:\Windows\SysWOW64\OemSpiE.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.07 20:47:49 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.05.04 01:35:30 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.04.21 22:37:42 | 000,107,832 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrB.exe -- (PnkBstrB)
SRV - [2013.04.21 22:37:34 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.04.16 14:03:53 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.27 12:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 12:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Disabled | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 13:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Disabled | Stopped] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.17 15:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2012.05.21 12:17:56 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.04.25 17:54:49 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2012.04.25 17:54:42 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2012.04.05 12:34:26 | 002,143,552 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011.09.27 21:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\LogiShrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.05.20 10:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2011.02.22 12:14:40 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.22 12:14:34 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.07.31 03:23:46 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.04 08:48:30 | 000,117,248 | ---- | M] (Razer USA Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rzudd.sys -- (rzudd)
DRV:64bit: - [2013.01.20 16:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.09.29 00:35:03 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.09.29 00:35:03 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.05.21 12:04:20 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.02 08:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,076,056 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LEqdUsb.sys -- (LEqdUsb)
DRV:64bit: - [2011.09.02 08:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.09.02 08:30:24 | 000,015,128 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidEqd.sys -- (LHidEqd)
DRV:64bit: - [2011.08.08 13:07:36 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2011.08.01 15:59:06 | 000,052,584 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.07.29 05:40:57 | 000,079,104 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.07.29 05:40:56 | 000,056,960 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.05.20 09:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.21 20:17:04 | 000,471,144 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.10.19 16:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.06.11 14:37:14 | 000,015,368 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2009.12.04 06:58:20 | 000,644,696 | R--- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\t3.sys -- (t3)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.10.02 12:53:48 | 000,187,912 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MAudioFastTrack.sys -- (MAUSBFASTTRACK)
DRV:64bit: - [2009.08.21 10:52:09 | 000,079,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2012.11.13 22:53:00 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\Razer\Razer Game Booster\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2012.03.29 16:32:12 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 2A 7E 59 E0 FC 22 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=113480&babsrc=SP_ss&mntrId=9c7e0885000000000000bc5ff40d9164
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "hxxp://search.babylon.com/?affID=113480&babsrc=HP_ss&mntrId=9c7e0885000000000000bc5ff40d9164"
FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=9c7e0885000000000000bc5ff40d9164&q="
FF - prefs.js..network.proxy.autoconfig_url: "data:text/javascript,function%20FindProxyForURL(url%2C%20host)%20%7Bif%20(url.indexOf('discoverymedia.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fsongza.com*')%20%7C%7C%20host%20%3D%3D%20's.hulu.com'%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fgrooveshark.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fretro.grooveshark.com*')%20%7C%7C%20(url.indexOf('turntable.fm')%20!%3D%20-1%20%26%26%20url.indexOf('static.turntable.fm')%20%3D%3D%20-1%20%26%26%20url.indexOf('s3.amazonaws.com')%20%3D%3D%20-1%20%26%26%20url.indexOf('ping.chartbeat.net')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dactive')%20!%3D%20-1%20%26%26%20url.indexOf('amazonaws.com')%20%3D%3D%20-1)%20%7C%7C%20(url.indexOf('proxmate%3Dus')%20!%3D%20-1)%20%7C%7C%20url.indexOf('play.google.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.mtv.com*')%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fmedia.mtvnservices.com*')%20%7C%7C%20host%20%3D%3D%20'www.pandora.com'%20%7C%7C%20url.indexOf('vevo.com')%20!%3D%20-1%20%7C%7C%20shExpMatch(url%2C%20'http%3A%2F%2Fwww.iheart.com*')%20%7C%7C%20url.indexOf('southparkstudios.com')%20!%3D%20-1)%20%7B%20return%20'PROXY%20ab-us02.personalitycores.com%3A8000%3B%20PROXY%20ab-us09.personalitycores.com%3A8000%3B%20PROXY%20ab-us03.personalitycores.com%3A8000%3B%20PROXY%20ab-us06.personalitycores.com%3A8000%3B%20PROXY%20ab-us07.personalitycores.com%3A8000%3B%20PROXY%20ab-us10.personalitycores.com%3A8000%3B%20PROXY%20ab-us13.personalitycores.com%3A8000%3B%20PROXY%20ab-us01.personalitycores.com%3A8000%3B%20PROXY%20ab-us08.personalitycores.com%3A8000%3B%20PROXY%20ab-us11.personalitycores.com%3A8000%3B%20PROXY%20ab-us12.personalitycores.com%3A8000'%3B%7D%20%20else%20%7B%20return%20'DIRECT'%3B%20%7D%7D"
FF - prefs.js..network.proxy.type: 2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}: C:\Program Files\Logitech\FlowScroll\LogiSmoothFirefoxExt [2012.10.19 15:05:44 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.07 20:47:49 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.05.07 20:47:49 | 000,000,000 | ---D | M]
 
[2012.04.30 16:32:42 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2013.05.01 21:11:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\p99v2nan.default\extensions
[2013.05.01 21:11:06 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\p99v2nan.default\extensions\ich@maltegoetz.de
[2013.04.01 01:08:14 | 000,370,423 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\p99v2nan.default\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi
[2013.05.07 20:47:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2013.05.07 20:47:49 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.04 00:13:25 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.13 19:37:14 | 000,002,313 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.11.04 00:13:25 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.04 00:13:25 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.04 00:13:25 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.04 00:13:25 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.04 00:13:25 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\LogiSmooth.dll (Logitech, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Logitech Flow Scroll) - {E11DB59D-5008-42ff-9069-535843BC0BE1} - C:\Programme\Logitech\FlowScroll\32-bit\LogiSmooth.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Razer Synapse] C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe (Razer USA Ltd)
O4 - HKLM..\Run: [SPIRunE] C:\Windows\SysWow64\SpiRunE.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VolPanel] D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKCU..\Run: [Steam] D:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 1.7.0_04)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_04-windows-i586.cab (Java Plug-in 10.17.2)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADE8D36F-2A4D-4B02-8CF6-5CDBC0B7273A}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (C:\PROGRA~1\LUCIDL~1\VIRTU\x86\APPINI~1.DLL) - C:\Programme\Lucidlogix Technologies\VIRTU\x86\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\icq.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\protoolsse.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\uninstall pro tools.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27:64bit: - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\AcroRd32.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\dtlite.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\excel.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\groove.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\icq.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\infopath.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msaccess.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\msoxmled.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mspub.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\mstore.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\onenote.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\outlook.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\powerpnt.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\protoolsse.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\skype.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\sptdinst-x64.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\uninstall pro tools.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O27 - HKLM IFEO\winword.exe: Debugger - C:\Program Files (x86)\TuneUp Utilities 2012\TUAutoReactivator64.exe (TuneUp Software)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{33d5ab55-8f20-11e1-a89a-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{33d5ab55-8f20-11e1-a89a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\ASRSetup.exe
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell - "" = AutoRun
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell\AutoRun\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell\configure\command - "" = G:\SETUP.EXE
O33 - MountPoints2\{e6e6e0f1-90bb-11e1-aabb-bc5ff40d9164}\Shell\install\command - "" = G:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.09 13:09:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\Desktop\Troja
[2013.05.07 20:47:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.05.05 05:01:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ymovy
[2013.05.05 05:01:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Ebcue
[2013.05.01 21:01:56 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2013.05.01 21:01:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2013.04.28 23:52:46 | 000,000,000 | ---D | C] -- C:\Users\Admin\Tracing
[2013.04.28 23:51:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Windows Live
[2013.04.28 23:51:01 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Windows Live
[2013.04.28 23:50:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Windows Live
[2013.04.28 23:35:12 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\microsoft
[2013.04.28 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Bioshock2
[2013.04.28 23:35:11 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bioshock2
[2013.04.28 23:31:32 | 000,000,000 | -HSD | C] -- C:\ProgramData\SecuROM
[2013.04.28 23:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
[2013.04.28 23:30:52 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.04.28 23:30:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.04.24 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Bioshock
[2013.04.24 00:13:17 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2013.04.24 00:12:11 | 000,000,000 | RH-D | C] -- C:\Users\Admin\AppData\Roaming\SecuROM
[2013.04.23 22:50:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Media Center Programs
[2013.04.22 02:34:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\Witcher 2
[2013.04.22 02:34:04 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\The Witcher 2
[2013.04.22 01:49:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2
[2013.04.21 22:39:15 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.18 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Unity
[2013.04.18 21:42:20 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\Unity
[2013.04.16 14:03:58 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.09 13:28:09 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.05.09 13:27:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.09 10:47:23 | 008,565,480 | ---- | M] () -- C:\Users\Admin\Desktop\David Guetta feat Sia - Titanium (AURORABRIVIDO acoustic cover) on iTunes.mp3
[2013.05.09 10:46:10 | 007,921,764 | ---- | M] () -- C:\Users\Admin\Desktop\Assassins Creed III - Lindsey Stirling.mp3
[2013.05.09 10:44:02 | 010,925,227 | ---- | M] () -- C:\Users\Admin\Desktop\Mission Impossible - Lindsey Stirling and the Piano Guys.mp3
[2013.05.09 10:39:37 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 10:39:37 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.09 10:38:01 | 009,593,483 | ---- | M] () -- C:\Users\Admin\Desktop\Adele - Rolling in the Deep (Piano Cello Cover) - ThePianoGuys.mp3
[2013.05.09 10:37:40 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.09 10:37:40 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.09 10:37:40 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.09 10:37:40 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.09 10:37:40 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.09 10:32:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.05 21:14:25 | 000,025,297 | ---- | M] () -- C:\Users\Admin\Desktop\Pad Config-655-1-1.7z
[2013.05.03 13:24:49 | 000,000,220 | ---- | M] () -- C:\Users\Admin\Desktop\BioShock Infinite.url
[2013.05.02 15:25:16 | 000,001,685 | ---- | M] () -- C:\Users\Admin\Desktop\SKSE - Skyrim.lnk
[2013.05.01 21:01:56 | 000,001,850 | ---- | M] () -- C:\Users\Admin\Desktop\IrfanView Thumbnails.lnk
[2013.05.01 21:01:56 | 000,000,958 | ---- | M] () -- C:\Users\Admin\Desktop\IrfanView.lnk
[2013.05.01 20:28:50 | 000,000,736 | ---- | M] () -- C:\Users\Public\Desktop\Nexus Mod Manager.lnk
[2013.04.30 03:39:55 | 000,467,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.30 03:21:46 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 03:21:45 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.28 23:26:32 | 000,326,483 | ---- | M] () -- C:\Users\Admin\Desktop\ENB Customizer v2_1 FIXED-17400-2-1.rar
[2013.04.23 22:50:37 | 000,001,170 | ---- | M] () -- C:\Users\Public\Desktop\BioShock.lnk
[2013.04.22 01:51:18 | 001,589,442 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.04.22 01:49:08 | 000,000,737 | ---- | M] () -- C:\Users\Public\Desktop\The Witcher 2 starten.lnk
[2013.04.21 22:39:15 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.04.21 22:37:42 | 000,107,832 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.04.21 22:37:34 | 000,066,872 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.09 13:28:09 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.05.09 10:46:52 | 008,565,480 | ---- | C] () -- C:\Users\Admin\Desktop\David Guetta feat Sia - Titanium (AURORABRIVIDO acoustic cover) on iTunes.mp3
[2013.05.09 10:46:08 | 007,921,764 | ---- | C] () -- C:\Users\Admin\Desktop\Assassins Creed III - Lindsey Stirling.mp3
[2013.05.09 10:43:57 | 010,925,227 | ---- | C] () -- C:\Users\Admin\Desktop\Mission Impossible - Lindsey Stirling and the Piano Guys.mp3
[2013.05.09 10:38:01 | 009,593,483 | ---- | C] () -- C:\Users\Admin\Desktop\Adele - Rolling in the Deep (Piano Cello Cover) - ThePianoGuys.mp3
[2013.05.05 21:14:25 | 000,025,297 | ---- | C] () -- C:\Users\Admin\Desktop\Pad Config-655-1-1.7z
[2013.05.03 13:24:49 | 000,000,220 | ---- | C] () -- C:\Users\Admin\Desktop\BioShock Infinite.url
[2013.05.02 15:23:13 | 000,001,685 | ---- | C] () -- C:\Users\Admin\Desktop\SKSE - Skyrim.lnk
[2013.05.01 21:01:56 | 000,001,850 | ---- | C] () -- C:\Users\Admin\Desktop\IrfanView Thumbnails.lnk
[2013.05.01 21:01:56 | 000,000,958 | ---- | C] () -- C:\Users\Admin\Desktop\IrfanView.lnk
[2013.04.30 03:21:46 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.04.30 03:21:45 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.04.28 23:51:29 | 000,002,446 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2013.04.28 23:26:31 | 000,326,483 | ---- | C] () -- C:\Users\Admin\Desktop\ENB Customizer v2_1 FIXED-17400-2-1.rar
[2013.04.23 22:50:37 | 000,001,170 | ---- | C] () -- C:\Users\Public\Desktop\BioShock.lnk
[2013.04.22 01:49:08 | 000,000,737 | ---- | C] () -- C:\Users\Public\Desktop\The Witcher 2 starten.lnk
[2013.04.03 23:00:22 | 000,001,533 | ---- | C] () -- C:\Users\Admin\AppData\Local\recently-used.xbel
[2012.10.17 22:04:53 | 000,052,224 | ---- | C] () -- C:\Users\Admin\GestureMouseSession.etl
[2012.08.27 13:56:35 | 000,027,520 | ---- | C] () -- C:\Users\Admin\AppData\Local\dt.dat
[2012.06.19 14:02:17 | 003,123,272 | R--- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.05.21 11:57:52 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.05.21 10:47:36 | 013,214,720 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2012.05.19 12:21:51 | 000,217,088 | ---- | C] () -- C:\Windows\SysWow64\qtmlClient.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.04.28 01:27:06 | 000,107,832 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.04.28 01:27:06 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.04.28 01:02:36 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.25 18:08:57 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.25 17:55:23 | 000,001,436 | ---- | C] () -- C:\Windows\CfgESSp.ini
[2012.04.25 17:55:23 | 000,000,932 | ---- | C] () -- C:\Windows\CfgESHp.ini
[2012.04.25 17:55:23 | 000,000,932 | ---- | C] () -- C:\Windows\CfgESDO.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESRMi.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESRLI.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESFMi.ini
[2012.04.25 17:55:23 | 000,000,453 | ---- | C] () -- C:\Windows\CfgESDI.ini
[2012.04.25 17:55:21 | 000,148,992 | R--- | C] () -- C:\Windows\SysWow64\OemSpiE.dll
[2012.04.25 17:55:05 | 000,177,664 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.04.25 17:55:05 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.04.25 17:42:05 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.19 23:31:16 | 000,963,912 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.19 23:31:16 | 000,261,208 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.05.09 13:00:46 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Audacity
[2012.09.23 19:46:34 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012.07.13 19:37:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Babylon
[2013.04.28 23:17:03 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock
[2013.04.29 23:06:08 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Bioshock2
[2012.04.25 18:48:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Canneverbe Limited
[2013.01.24 01:37:53 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\com.zoosk.Desktop.096E6A67431258A508A2446A847B240591D2C99B.1
[2012.04.28 01:56:10 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DAEMON Tools Lite
[2012.10.30 22:08:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Digidesign
[2013.05.05 15:55:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ebcue
[2012.06.10 13:39:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\gtk-2.0
[2013.01.28 00:29:29 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\ICQ
[2013.05.01 21:01:51 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.05.19 12:45:50 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Leadertech
[2012.04.28 00:51:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Opera
[2013.03.09 04:26:16 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Origin
[2012.05.19 12:45:11 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PACE Anti-Piracy
[2012.04.28 01:27:04 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\PunkBuster
[2013.04.24 21:13:40 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TS3Client
[2012.04.28 01:18:15 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TuneUp Software
[2012.11.15 17:44:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ubisoft
[2013.04.18 21:44:35 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Unity
[2013.05.05 05:01:22 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Ymovy
 
========== Purity Check ==========
 
 
 
========== Files - Unicode (All) ==========
[2013.04.22 02:18:18 | 007,549,238 | ---- | M] ()(C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive? [TV SPOT][DL-LINK].mp3) -- C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive [TV SPOT][DL-LINK].mp3
[2013.04.22 02:18:18 | 007,549,238 | ---- | C] ()(C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive? [TV SPOT][DL-LINK].mp3) -- C:\Users\Admin\Desktop\[Assassins Creed 3] Imagine Dragons - Radioactive [TV SPOT][DL-LINK].mp3
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 1346 bytes -> C:\ProgramData\Microsoft:O92CpxikvwFJQxuA2nQ7gyXeUhf
@Alternate Data Stream - 1220 bytes -> C:\ProgramData\Microsoft:3cYdpHtSI1cmrrLOYTgCPIpx
@Alternate Data Stream - 1166 bytes -> C:\Users\Admin\AppData\Local\Temp:JWPBVahnC7QlILimG3Y2p

< End of report >
         
 --- --- ---

Extras.txt:
OTL Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 09.05.2013 13:41:33 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Desktop\Troja
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,91 Gb Total Physical Memory | 5,86 Gb Available Physical Memory | 74,08% Memory free
23,54 Gb Paging File | 21,46 Gb Available in Paging File | 91,17% Paging File free
Paging file location(s): c:\pagefile.sys 16000 16000 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,80 Gb Total Space | 6,47 Gb Free Space | 11,60% Space Free | Partition Type: NTFS
Drive D: | 931,51 Gb Total Space | 596,35 Gb Free Space | 64,02% Space Free | Partition Type: NTFS
 
Computer Name: ADMIN-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [Winamp.Bookmark] -- "D:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{077D5776-E860-4300-90A6-B35D5CCB1687}" = lport=139 | protocol=6 | dir=in | app=system | 
"{09D41D7E-ACB1-4BB5-B8B5-E53E3E90F169}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0DA42BB4-4871-4574-A999-3BA240D961FB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{11BA9E48-BA42-4F24-B035-ED28705E68E7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1FDE8D4D-C784-4C18-AA10-AF91C144E24E}" = lport=137 | protocol=17 | dir=in | app=system | 
"{23D55D66-02BE-4285-B2CF-30AF0306BB8E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{3A979596-0926-44B1-8AF7-E35E530F5025}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{54F3C335-E97B-4765-AE8E-AA56170A3CEE}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{67C1E9E3-AEB7-4F81-8005-863741BAFF2E}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6E3512AC-B1AF-4848-A028-DEE6243EA254}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7A1CB602-C607-48CC-8374-79E725BD41F0}" = rport=137 | protocol=17 | dir=out | app=system | 
"{7CD8D511-D69C-4983-B8BD-2725224A8AFE}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{7DECD808-3E0C-4268-BDE0-C4E3B20722A6}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A38F3CF6-EE2B-4863-907C-B4B7DA27C786}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A3F99C79-12E0-4E8A-B69A-0EC0995E45DB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A4C45072-C786-4C03-8F5E-89F95046A740}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A4D6ECAF-A0E8-46B3-8684-197E825A2593}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A6E5BAEC-8832-404F-82DE-14B0F5D461D3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{B482BD36-E6E2-428E-B8A3-69E381A8CF0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BAC2BB43-DD7C-4922-A981-B3A50E3938B8}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{BDEDBFB9-BE18-48C4-8FFC-A7A477DC1448}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C05AE496-B891-410D-A678-E8F132D5C26F}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe | 
"{C6D4C0B1-E556-420D-8C4A-A2F575CFBD31}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{CDD88EC0-C9C1-428D-9AE0-949E190FA8FD}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DA0590E4-78BA-42F5-9684-A2675113903F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E8BF5878-B35D-4396-AB55-B3D65A9EFDF1}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01EFECD3-F92A-4B71-A73F-E5CA2B6CDF5F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{033489E9-A433-475F-A4F9-931EDA2B5A9F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{056C261C-92A1-4F7B-BAE4-1FFA9B8E0CF7}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{06056C18-69B2-43AE-B4E4-615C2197A93D}" = protocol=17 | dir=in | app=d:\ubisoft\ac3mp.exe | 
"{0A4876D8-16DF-46FF-9AC7-93683D23F635}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{0B82F6A3-2EF2-4162-B612-6019F21BFB64}" = protocol=17 | dir=in | app=d:\ubisoft\ac3sp.exe | 
"{0BD0495B-9A14-4F77-8BED-BF9B73CF902A}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{0C1D9B23-EA0B-461E-A364-C803085259D8}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{0D2E4838-9CEB-4E71-AF84-F661C12DC24C}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{0D6CE2D1-D97C-435A-AFED-D62100E6CD07}" = protocol=6 | dir=out | app=system | 
"{1256AE09-5A2A-43B8-A940-7E915E0952C5}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe | 
"{15C8092F-3471-4C82-8CB0-0266899B3695}" = protocol=6 | dir=in | app=d:\ubisoft\related designs\anno 2070\anno5.exe | 
"{17A548C0-9FF4-4870-A1CA-5AA99992C93F}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{1801E0A6-4313-4EF9-99B6-03CA93055977}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{18B0A534-5C3B-4472-B779-5002C96CD252}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{1EAF6211-42B2-4001-A32A-8A70AC9CBF88}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{1FC87223-B3C0-4141-BB23-886A94417DDD}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{20FE7F30-A4FC-4B8E-A359-CC55AD537448}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{21728FB5-1ABC-44C8-94D2-54804B231810}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{257E6362-0596-4679-A96C-801D21D94FDA}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{267B07DC-5F40-42D2-9C49-8A26BF0E68D5}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{26BC5463-CE75-415C-9152-9859888C939D}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrsp.exe | 
"{2883B452-E348-4465-962E-26F39E185E30}" = protocol=6 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\mp\builds\binaries\bioshock2.exe | 
"{2B3184D6-1E52-42B3-8081-BA90C1EF7AD4}" = protocol=6 | dir=in | app=d:\ubisoft\ac3mp.exe | 
"{2D045744-4126-4046-9354-E91FB60FC084}" = protocol=6 | dir=in | app=d:\program files (x86)\simcity\need for speed(tm) most wanted\nfs13.exe | 
"{2DB1D183-45F5-4A17-8645-F42F8E3B0CC6}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{2E586663-52AB-4AA8-96F5-A20976B6C215}" = protocol=17 | dir=in | app=d:\ubisoft\assassinscreed3.exe | 
"{39BBC0A0-BB7A-404A-9984-0099546609FC}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{3B91F768-0B91-4C5F-A351-D05E3E874A51}" = protocol=17 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fear.exe | 
"{3BD5B557-8104-4C73-911F-153B0CE71753}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{3C4F20B6-9684-48B9-9324-F3AA57CEA6F2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{3DE43C7D-49CB-494F-BE46-5FD2136831D6}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3FE0BAC1-16A8-49C1-8F45-6A85E8A92445}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{41120940-9B7E-4094-ABFE-56240759792E}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{43649CF9-6C84-435D-8105-6967162B03D9}" = protocol=6 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fear.exe | 
"{43A98556-E466-4604-A0F7-D5FEEBD0E7CA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{46909076-7450-415D-9138-C3F28A0F7F54}" = protocol=17 | dir=in | app=d:\program files (x86)\simcity\need for speed(tm) most wanted\nfs13.exe | 
"{47F0DCD1-F1D0-4087-98E6-2F62BA355E54}" = protocol=17 | dir=in | app=d:\ubisoft\related designs\anno 2070\initengine.exe | 
"{4955AE94-7EB0-415B-AB48-67EE46CFF488}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{497B7F0E-3C99-463D-87AC-5E54990C53D3}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii public test.exe | 
"{49A19E4F-65A7-4F60-A69D-2670E570A931}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{4A1298BD-B710-4C99-9D94-121F8C706AE8}" = protocol=17 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{4B0AD022-9C70-4BE4-AA42-E6E3E0F9563D}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{4C694E9D-1BD6-4FA5-8CF0-553361C92FBA}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\acrmp.exe | 
"{4E214E4D-906F-4C90-B08E-C77929AAF505}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{4E77B2FF-3DB0-42F9-8A52-DA4384D69A51}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4ED174F9-FB6E-47ED-891C-3C7BDE66BBC7}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\limbo\limbo.exe | 
"{500FE8F6-3FAA-4E60-AE5F-8DA2CB1E952D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{50EE7E8F-1C12-4C46-947D-329765A491EC}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{52A05FEB-1D91-4115-AAC5-7670EFF4DB16}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{56296829-CACD-4583-9317-2E29FCEA035D}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{56AD191E-29E4-4304-83C4-A496266172E0}" = protocol=6 | dir=in | app=d:\ubisoft\related designs\anno 2070\initengine.exe | 
"{5AC64AFC-2449-4941-98E0-A06B6E3C26F4}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5CC9A926-0A47-4175-A575-339596D7440E}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{5D513D46-FFB8-402F-87C1-3A9A8584C76E}" = protocol=17 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp\fearxp.exe | 
"{5DCADD2E-3E04-4F9F-8DA8-D854EAFCF478}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{5E0D65E7-B679-4D3C-854C-675AC4B44A4E}" = protocol=17 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp2\fearxp2.exe | 
"{5F3E1583-3686-4AE2-88E3-3E2867B3E6C0}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steam.exe | 
"{609DF84D-0C36-4691-B132-9A70219314B9}" = protocol=6 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp2\fearxp2.exe | 
"{60D27E16-4B95-42D0-BAA7-B3CC7F3A34FA}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{628D7CA3-6CDC-4312-91CA-6055B8CDA0D2}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{62D6AA54-0E04-4674-B974-0848E31EBEEC}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{6464E79A-344E-40AB-8BF7-FD7CC5C1DD51}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgemca.exe | 
"{64F5A6A7-E728-4F86-B900-4A3336A848B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{65A41357-65F3-49EA-A0FF-7095D3853DC0}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{691BBDB8-2020-4BB6-8469-FF32460A1B12}" = protocol=17 | dir=in | app=d:\ubisoft\related designs\anno 2070\anno5.exe | 
"{6BB583D2-E8C9-4F37-B75B-4899DC9C46F8}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{6C2A8EB5-2BD7-413F-9679-08BF5950658F}" = protocol=17 | dir=in | app=d:\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{6E880364-E8DF-4C65-9C2A-01BBE2565713}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{70FF295E-7AE3-469A-B737-D323F237E567}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{7255AEF1-AC7B-494D-9C23-746EA736ECE3}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\farcry2.exe | 
"{7465E148-65B5-487C-AB1F-7EDA49D85B1E}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{765A47C5-DC53-4EDE-9F73-C60D3BAC5A81}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{79020837-F1E9-4C2A-8C80-9CB8F76F6F0A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{7913ADB0-03EC-472E-92F3-0F91F391FE98}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\tomb raider\tombraider.exe | 
"{7B45A464-511E-49B4-8111-1F0295F8E385}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{7B747831-3582-4B38-B3D2-1CBBD8B106A7}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreediigame.exe | 
"{813EF923-AC5D-4AB7-9F65-130D3F0611A3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{845F1CB7-3F45-49D9-8427-73428BB45631}" = protocol=6 | dir=in | app=d:\program files (x86)\simcity\simcity\simcity\simcity.exe | 
"{8884FA7F-ADC1-41C6-8093-DC258A8B0679}" = protocol=6 | dir=in | app=d:\ubisoft\ac3sp.exe | 
"{8A0E20D6-706A-4ED3-96C6-FF48E74EAF2F}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{8F2E5B86-6F9F-47AE-8EB4-056A417F08EF}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\assassinscreedii.exe | 
"{910A04F1-5B06-42D2-92CD-602B32113562}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{9128BB8B-9F28-4F9D-A890-24E41EC54675}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe | 
"{91590EF2-BAF6-422D-B155-02F259F29CB1}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{945EA94F-FE12-4689-BB51-1A44C9C06906}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{97EF507D-EBA3-445C-B6E3-BF4E64E269BD}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{98A2AABE-0367-4031-A2B9-AEAD1A40E2A2}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{9C02603A-EE49-4C01-8B3E-F9DEC757188B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9E9E8B05-AB83-4BF1-90C5-5153963A353A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F1BDA60-8923-4C0C-8ACB-47BDB1490EAB}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{9F887C71-24E9-438C-9A20-CD6DAE20DF54}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A2131C58-FBC2-4B44-8963-10B27C7AF593}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed ii\uplaybrowser.exe | 
"{A63E16D6-306A-47C6-A21F-63E68BEFD619}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A7259451-1583-44B1-8531-7B873CEDED2D}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe | 
"{A97E291C-B261-4AB9-861D-3B7F28BF9DF2}" = protocol=6 | dir=in | app=d:\starcraft ii\starcraft ii.exe | 
"{AAA235EE-7A75-4251-A75B-B0C9648292E6}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{AB8B73FD-3F6C-4099-981C-82A927222926}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{AC84F021-D05E-4928-904D-C60A78897730}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B1D94C39-1DFF-41C9-8917-8DD0B73BBFA2}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\limbo\limbo.exe | 
"{B5D92E4A-5713-4127-8EA6-A1F26D810FEC}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{BD29AA03-62DA-4A31-A3F3-ACCD0D84F1DC}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{BF23C7B3-5772-466A-B58D-D1D19A006F34}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{BFB7AEF6-E52E-4C3E-BEE9-652C9CB2A470}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{C093F698-3623-4CE3-A610-6F5BC2DFEB2A}" = protocol=17 | dir=in | app=d:\program files (x86)\simcity\simcity\simcity\simcity.exe | 
"{C1A9D2F6-9F6C-477E-BC2C-EC4067F351C8}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{C1B9C2F0-5A73-4738-95A8-202057E9AC73}" = protocol=6 | dir=in | app=d:\program files (x86)\wb games\fear ultimate shooter\fear\fearxp\fearxp.exe | 
"{C1C11B9C-9BA2-4AAA-B042-91711174E339}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{C44FCB8A-65E0-4EFF-BD36-4DDF0F5ECDD7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C7CDBCE6-9B3B-4F89-B792-5586B3D5B81F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{CB6455BF-1F73-4A80-9B34-C04889F78F98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{CE994199-3F90-4FA1-AC30-666E7BDEBBBA}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{D2399C61-981B-4706-8AC8-60C5AF027A6D}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{D5558EC2-4546-440D-9E6F-2FC69AD8D407}" = protocol=17 | dir=in | app=d:\program files (x86)\2k games\bioshock 2\sp\builds\binaries\bioshock2.exe | 
"{D5D85225-F918-4CF1-A9D6-67D8A0376619}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2editor.exe | 
"{D84072DE-19BD-41E6-9E0B-9D248BCD4756}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deadlight\binaries\win32\lotdgame.exe | 
"{DB6E50C6-0349-488D-B26B-15ACFC673180}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{DC11A52D-DC3A-42BA-AC63-2640624EBC4C}" = protocol=6 | dir=in | app=d:\ubisoft\related designs\anno 2070\autopatcher.exe | 
"{DC178C2E-7902-48D9-9A0A-84AD11E53443}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DF853CB0-89CA-44AC-863F-151A1A9D2BDE}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\far cry 2\bin\fc2launcher.exe | 
"{E0C00B6C-29E7-4AD4-99C5-8A050FD8F351}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{E7EB8130-3439-40D3-8FF1-9CD35988B256}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\deus ex - human revolution\dxhr.exe | 
"{EB77CF1B-E26D-4A67-8364-00DD57CF225D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{EC13ED3F-E92F-4C1F-8136-AF24E6CEFCD5}" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{ECC75B1C-0AA3-4DEC-B967-6E6ADF1C4037}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{EE19C7C1-D667-462B-A80C-0528B01821CE}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat | 
"{EFD601EB-A31B-4010-86C2-7A2F36ED8ABD}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3.exe | 
"{F01352F8-2F65-4B2E-8163-FA0D797DFD05}" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe | 
"{F04295D0-677C-4523-B05E-79ADC2093F50}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\assassin's creed revelations\assassinscreedrevelations.exe | 
"{F2C0B8E4-6562-4DA7-B1F7-B82A1269CD41}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{F62F7E25-C95D-447E-817D-95FB0318C653}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3updater.exe | 
"{F980986B-76F0-4031-B2B0-07AAF2D64C17}" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\fc3editor.exe | 
"{FBBE0681-AC0A-4EB3-9D16-F99944CD9EC9}" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"{FD486298-AFE4-47F4-9A7A-0876A016EBCD}" = protocol=6 | dir=in | app=d:\ubisoft\assassinscreed3.exe | 
"TCP Query User{0A58BFE9-EE2A-49AE-A3BB-E8871B8CDAC7}D:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"TCP Query User{4A37A1A1-A8C7-41E5-A9B8-6AA57740ABCF}D:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=6 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"TCP Query User{4E2097EB-282B-4B83-9C39-E7E34C7C6386}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe | 
"TCP Query User{5F1027C5-9FE1-4B9E-8A5D-8A4D83A1A933}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=6 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe | 
"TCP Query User{8ED73766-66D3-4E86-BAF3-450E073769FD}D:\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\winamp\winamp.exe | 
"TCP Query User{CF71F760-528E-4F9B-8CC3-907C7ED80A31}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{E46C15C6-B0F8-44FD-97B8-DC242C822011}D:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=6 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"UDP Query User{3E8E73A4-204D-4234-9185-D0903C7A0D58}D:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe | 
"UDP Query User{4A62FB4E-849F-4A77-A576-2A508FBDCA50}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{5EE189E6-0875-41D9-A507-227E639DA0A2}D:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe" = protocol=17 | dir=in | app=d:\program files (x86)\ubisoft\farcry 3\bin\farcry3_d3d11.exe | 
"UDP Query User{68A245BC-D59C-4D8E-B3CD-B436B65AC9A1}D:\program files (x86)\the witcher 2\bin\witcher2.exe" = protocol=17 | dir=in | app=d:\program files (x86)\the witcher 2\bin\witcher2.exe | 
"UDP Query User{7C44167D-3CB3-47A6-B5F4-EE550CF0E44B}D:\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\winamp\winamp.exe | 
"UDP Query User{DF795A6D-8D39-42D7-9A91-6900D0E8E191}D:\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=d:\starcraft ii\versions\base24944\sc2.exe | 
"UDP Query User{F5C923B4-E2AD-49DE-8329-0C2CF43F4B69}D:\program files (x86)\videolan\vlc\vlc.exe" = protocol=17 | dir=in | app=d:\program files (x86)\videolan\vlc\vlc.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B3B750C0-8C22-439D-B7CE-67F3ED99CC2B}" = Microsoft Xbox 360 Accessories 1.2
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{E9FA781F-3E80-4399-825A-AD3E11C28C77}" = MSVCRT110_amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"ASRock App Charger_is1" = ASRock App Charger v1.0.4
"GIMP-2_is1" = GIMP 2.8.2
"Logitech Unifying" = Logitech Unifying-Software 2.10
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Security Client" = Microsoft Security Essentials
"Sn1" = Logitech Flow Scroll 4.0
"sp6" = Logitech SetPoint 6.32
"VIRTU_is1" = VIRTU 1.2.106
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{0454BB9A-2A7A-4214-BDFF-937F7A711A44}" = Windows Live Communications Platform
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = Die Sims Mittelalter Piraten und Edelleute
"{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}" = Razer Synapse 2.0
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{117B6BF6-82C3-420C-B284-9247C8568E53}" = Die Sims™ 3 Design-Garten-Accessoires
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1798D459-6B8B-474B-868D-1229EADA3B95}" = Adobe AIR
"{1C9B6173-6DC9-4EEE-9EFC-6BA115CFBE43}" = Die Sims™ 3 Diesel Accessoires
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2C9EE786-1DDB-4C98-8FA4-B1B9B5A66B77}" = Microsoft Games for Windows - LIVE
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{33A22B2D-55BA-4508-B767-BF2E9C21A73F}" = Assassin's Creed Revelations 1.02
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46ED2B64-85C7-4E1F-920C-A555B21F2E4C}" = NVIDIA PhysX
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A8B461A-9336-4CF9-98F4-14DD38E673F0}" = BioShock 2
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4CCBD1F4-CEEC-452A-9CB8-46564B501315}" = Windows Live UX Platform
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{5454085C-129F-416C-9C0B-8B1000058301}" = BioShock 2
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{690F5BA3-5DEB-42CD-962B-F687EE59FAA7}" = Windows Live Essentials
"{6A8DB215-7BCD-4377-B015-2E4541A3E7C6}" = Windows Live PIMT Platform
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71828142-5A24-4BD0-97E7-976DA08CE6CF}" = Die Sims™ 3 Luxus-Accessoires
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{7B11296A-F894-449C-8DF6-6AAAA7D4D118}" = Die Sims™ 3 Stadt-Accessoires
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{8570BEE8-0CA3-4977-9AB1-80ED93F0513C}" = Assassin's Creed II
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F0F4FF-B514-4E32-9C17-CAF96D60EAFC}" = Razer Game Booster
"{8A642ACD-CE3A-4A23-A8B1-A0F7EB12B214}" = Windows Live SOXE Definitions
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EA79DBF-D637-448A-89D6-410A087A4493}" = Samsung_MonSetup
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{95140000-0137-0407-0000-0000000FF1CE}" = Microsoft Works 6-9 Converter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D15E813-0C26-41E7-ABC5-3EB06FF1B3CF}" = Assassin's Creed(R) III v1.02
"{9EF2A56C-F12E-4E42-BB26-807EBB6DC271}" = Prodigy X-Fi NRG
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AE364ACC-B9DF-466B-B4EA-AEECD0CD581E}" = Windows Live Messenger
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B727564C-47D3-473A-AC9E-F4BE7B1BD5D3}" = Windows Live UX Platform Language Pack
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C03D7CF4-E172-421F-8209-667BAF0BEA1C}" = F.E.A.R. Ultimate Shooter Edition
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C424CD5E-EA05-4D3E-B5DA-F9F149E1D3AC}" = Windows Live Installer
"{C9B6EFD0-4F01-4BBA-8374-39AD99A3ED72}" = Windows Live Photo Common
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1203F8C-FF34-4968-A4A5-B4F1F8533DAB}" = Photo Common
"{E280923D-C5D9-4728-8C79-AC9A0DC75875}" = BioShock
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E6B88BD6-E4B2-4701-A648-B6DAC6E491CC}" = Die Sims™ 3 Lebensfreude
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{ED436EA8-4145-4703-AE5D-4D09DD24AF5A}" = Die Sims™ 3 Gib Gas-Accessoires
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F138762F-5A1F-4CF0-A5E1-1588EF6088A4}" = The Witcher Enhanced Edition
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F2235E5E-7881-4293-9B6F-04B2609FBFF0}" = Windows Live Messenger
"{F2835483-37F2-4123-B4FE-0E77D58447F2}" = Far Cry 2
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE7C0B3D-50B9-4951-BE78-A321CBF86552}" = Windows Live SOXE
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.116
"Audacity_is1" = Audacity 2.0.2
"Creative Software AutoUpdate" = Creative Software AutoUpdate
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"Dxtory2.0_is1" = Dxtory version 2.0.119
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESAudioCS" = Audio-Systemsteuerung
"Host OpenAL" = Host OpenAL
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.15.1748" = Opera 12.15
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"StarCraft II" = StarCraft II
"Steam App 203160" = Tomb Raider
"Steam App 205100" = Dishonored
"Steam App 211400" = Deadlight
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 48000" = LIMBO
"Steam App 49520" = Borderlands 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 8870" = BioShock Infinite
"The Witcher 2 Enhanced Edition_is1" = The Witcher 2 Enhanced Edition Version 3.0
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 2.0.3
"Winamp" = Winamp
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 05.05.2013 15:25:15 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
 0x51437ce5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x09310931  ID des fehlerhaften Prozesses:
 0x15fc  Startzeit der fehlerhaften Anwendung: 0x01ce49c644bbe86b  Pfad der fehlerhaften
 Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 83243494-b5b9-11e2-acba-bc5ff40d9164
 
Error - 05.05.2013 15:25:19 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
 0x51437ce5  Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel:
 0x51437ce5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b52f2c  ID des fehlerhaften Prozesses:
 0x15fc  Startzeit der fehlerhaften Anwendung: 0x01ce49c644bbe86b  Pfad der fehlerhaften
 Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe  Pfad des
 fehlerhaften Moduls: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe
Berichtskennung:
 8577a32c-b5b9-11e2-acba-bc5ff40d9164
 
Error - 05.05.2013 15:25:42 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
 0x51437ce5  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x09310931  ID des fehlerhaften Prozesses:
 0x28c  Startzeit der fehlerhaften Anwendung: 0x01ce49c6549b8e4c  Pfad der fehlerhaften
 Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe  Pfad des
 fehlerhaften Moduls: unknown  Berichtskennung: 92d6883b-b5b9-11e2-acba-bc5ff40d9164
 
Error - 05.05.2013 15:25:43 | Computer Name = Admin-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: TESV.exe, Version: 1.9.32.0, Zeitstempel:
 0x51437ce5  Name des fehlerhaften Moduls: TESV.exe, Version: 1.9.32.0, Zeitstempel:
 0x51437ce5  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00b52f2c  ID des fehlerhaften Prozesses:
 0x28c  Startzeit der fehlerhaften Anwendung: 0x01ce49c6549b8e4c  Pfad der fehlerhaften
 Anwendung: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe  Pfad des
 fehlerhaften Moduls: D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\TESV.exe
Berichtskennung:
 93e934c0-b5b9-11e2-acba-bc5ff40d9164
 
Error - 06.05.2013 07:16:20 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 07.05.2013 05:46:14 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 08:59:02 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 08.05.2013 12:30:02 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2013 04:34:23 | Computer Name = Admin-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 09.05.2013 06:30:07 | Computer Name = Admin-PC | Source = Application Hang | ID = 1002
Description = Programm opera.exe, Version 12.15.1748.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1090    Startzeit:
 01ce4c902473a21b    Endzeit: 26    Anwendungspfad: C:\Program Files (x86)\Opera\opera.exe

Berichts-ID:
   
 
[ OSession Events ]
Error - 06.06.2012 02:32:44 | Computer Name = Admin-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
 12.0.6661.5000, Microsoft Office Version: 12.0.6612.1000. This session lasted 2
 seconds with 0 seconds of active time.  This session ended with a crash.
 
[ System Events ]
Error - 25.10.2012 11:22:02 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 25.10.2012 11:22:02 | Computer Name = Admin-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:   %%1053
 
Error - 26.10.2012 14:49:05 | Computer Name = Admin-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 29.10.2012 12:12:44 | Computer Name = Admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 30.10.2012 11:35:04 | Computer Name = Admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.11.2012 07:56:29 | Computer Name = Admin-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 15.11.2012 11:34:39 | Computer Name = Admin-PC | Source = cdrom | ID = 262151
Description = Fehlerhafter Block bei Gerät \Device\CdRom0.
 
Error - 15.11.2012 12:22:22 | Computer Name = Admin-PC | Source = volsnap | ID = 393251
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht vergrößert werden kann.
 
Error - 16.11.2012 20:22:28 | Computer Name = Admin-PC | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.139.2168.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.8904.0     Fehlercode: 0x80070643     Fehlerbeschreibung: Schwerwiegender
 Fehler bei der Installation. 
 
Error - 16.11.2012 20:22:33 | Computer Name = Admin-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Definitionsupdate für Microsoft Security Essentials
 – KB2310138 (Definition 1.139.2266.0)
 
 
< End of report >

--- --- ---

gmer.txt:

Code:

ATTFilter

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-05-09 14:05:28
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ADATA_SS rev.3.3. 55,90GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Admin\AppData\Local\Temp\aglorpod.sys


---- Kernel code sections - GMER 2.1 ----

INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 560                                                 fffff80003208000 45 bytes [00, 00, 16, 02, 4E, 74, 66, ...]
INITKDBG  C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 607                                                 fffff8000320802f 29 bytes [00, 01, 00, 06, 00, 00, 00, ...]

---- User code sections - GMER 2.1 ----

.text     C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                            0000000073321a22 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                            0000000073321ad0 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                            0000000073321b08 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                            0000000073321bba 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrA.exe[2028] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                            0000000073321bda 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 322                            0000000073321a22 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 496                            0000000073321ad0 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 552                            0000000073321b08 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 730                            0000000073321bba 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 762                            0000000073321bda 2 bytes [32, 73]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                     0000000075531465 2 bytes [53, 75]
.text     C:\Windows\SysWOW64\PnkBstrB.exe[1508] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                    00000000755314bb 2 bytes [53, 75]
.text     ...                                                                                                                * 2
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26   00000000733513c6 2 bytes [35, 73]
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74   00000000733513f6 2 bytes [35, 73]
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257  00000000733514ad 2 bytes [35, 73]
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303  00000000733514db 2 bytes [35, 73]
.text     ...                                                                                                                * 2
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79   0000000073351577 2 bytes [35, 73]
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175  00000000733515d7 2 bytes [35, 73]
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620  0000000073351794 2 bytes [35, 73]
.text     D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe[3188] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921  00000000733518c1 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 26                      00000000733513c6 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 74                      00000000733513f6 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 257                     00000000733514ad 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathW + 303                     00000000733514db 2 bytes [35, 73]
.text     ...                                                                                                                * 2
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 79                      0000000073351577 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 175                     00000000733515d7 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 620                     0000000073351794 2 bytes [35, 73]
.text     C:\Windows\SysWOW64\rundll32.exe[3196] C:\Windows\SysWOW64\SHFOLDER.dll!SHGetFolderPathA + 921                     00000000733518c1 2 bytes [35, 73]

---- EOF - GMER 2.1 ----

Ich hoffe, mir kann jemand helfen

smeenk · 09.05.2013, 14:50

Hi Bass1988

Ich bin Smeenk und ich werde versuchen Dir zu helfen

Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
Kopiere untenstehende Code in das Textfeld:
Code:
ATTFilter
```
chromelook;
autoclean;
startupall;
filesrcm;
firefoxlook;
         
```
Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
Poste mir das Log File zoek-results.log

Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code]

Bass1988 · 10.05.2013, 13:25

hallo smeenk,

ich danke dir schonmal für die schnelle Antwort

Nach einem reboot meines Systems kam bei mir dieser Log:

Code:

ATTFilter

Zoek.exe Version 4.0.0.2 Updated 06-May-2013
Tool run by Admin on 10.05.2013 at 14:20:22,69.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1113747050-1043316554-276651512-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully

==== Deleting CLSID Registry Values ======================


==== FireFox Fix ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default

---- Lines BabylonToolbar removed from prefs.js ----

user_pref("extensions.BabylonToolbar.admin", false);
user_pref("extensions.BabylonToolbar.aflt", "babsst");
user_pref("extensions.BabylonToolbar.babExt", "");
user_pref("extensions.BabylonToolbar.babTrack", "affID=113480");
user_pref("extensions.BabylonToolbar.bbDpng", 23);
user_pref("extensions.BabylonToolbar.dfltSrch", false);
user_pref("extensions.BabylonToolbar.hmpg", false);
user_pref("extensions.BabylonToolbar.id", "9c7e0885000000000000bc5ff40d9164");
user_pref("extensions.BabylonToolbar.instlDay", "15534");
user_pref("extensions.BabylonToolbar.instlRef", "sst");
user_pref("extensions.BabylonToolbar.lastDP", 23);
user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.5.3.1719:37:17");
user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "13.0");
user_pref("extensions.BabylonToolbar.newTab", true);
user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?babsrc=NT_bb");
user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar.propectorlck", 81637394);
user_pref("extensions.BabylonToolbar.prtkDS", 1);
user_pref("extensions.BabylonToolbar.prtkHmpg", 1);
user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar.ptch_0717", true);
user_pref("extensions.BabylonToolbar.smplGrp", "none");
user_pref("extensions.BabylonToolbar.srcExt", "ss");
user_pref("extensions.BabylonToolbar.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar.vrsnTs", "1.5.3.1719:37:17");
user_pref("extensions.BabylonToolbar.vrsni", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
user_pref("extensions.BabylonToolbar_i.babExt", "");
user_pref("extensions.BabylonToolbar_i.babTrack", "affID=113480");
user_pref("extensions.BabylonToolbar_i.hardId", "9c7e0885000000000000bc5ff40d9164");
user_pref("extensions.BabylonToolbar_i.id", "9c7e0885000000000000bc5ff40d9164");
user_pref("extensions.BabylonToolbar_i.instlDay", "15534");
user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
user_pref("extensions.BabylonToolbar_i.newTab", true);
user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=113480&babsrc=NT_ss&mntrId=9c7e0885000000000000bc5ff40d9164");
user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.3.1719:37:17");
user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");

---- Lines BabylonToolbar modified from prefs.js ----


---- Lines BabylonToolbar removed from user.js ----


---- FireFox user.js and prefs.js backups ---- 

user__1422_.backup
prefs__1422_.backup

==== Deleting Files \ Folders ======================

"C:\user.js" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml" deleted
"C:\user.js" deleted
"C:\Users\Admin\AppData\Roaming\Ymovy\qoor.vyo" deleted
"C:\Users\Admin\AppData\Roaming\Ebcue" deleted
"C:\Users\Admin\AppData\Roaming\Ymovy" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Users\Admin\AppData\Roaming\Babylon" deleted
"C:\ProgramData\boost_interprocess" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default\jetpack" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Admin\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-04-30 15:18:57	90F785F7594E3AF23D4392677042BE9A	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-04-30 15:18:57	3275F17533CB1599841AAABA3C8D3E8E	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-04-30 15:18:56	BFDD0C5F3E435596F197F003609989C4	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2013-04-30 15:18:56	B5D742C535D37A7DA0649E03B32CAD80	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-04-30 15:18:56	A7CFDA703AF9AD409DAA521487E0CB53	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2013-04-30 15:18:56	3FA7F736B877B46EDF1EE6BE6051848D	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2013-04-30 15:18:56	1B6A7D965462BE6220727721A4CDB247	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-04-30 15:18:55	B5DEC0D4CBBC333CA99FE10B06D4747E	2046464	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-04-30 15:18:55	69CB1A65B835EE6ADF9E16ED6D443072	1129984	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-04-30 15:18:54	6EF6B6EACCA13DD6131624E0DD5C14A3	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-04-30 15:18:53	CFE0CEE587F9CEA4C29DEEC6D85FC91C	1766912	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-04-30 15:18:53	9B59687619B27CDA24638CDC3AF079FB	2877440	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-04-30 15:18:53	87B775A458A73BB7381E5B67B5652496	39424	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-04-30 15:18:52	0B6118058942961D504AAEA04FECB116	13761024	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-04-30 15:18:50	D017BF8D92938EEB9B3A1D1C53FDA152	14323200	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-04-30 01:21:47	C28A634CF127DA67D566B5E14D0A0170	719360	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2013-04-30 01:21:47	C225E5307D8D4982A1687F2702C37C78	158720	----a-w-	C:\Windows\SysWOW64\msls31.dll
2013-04-30 01:21:47	AF0332E09DDBE0172237D1958A7DADB8	79872	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2013-04-30 01:21:47	9DF7A7C74D8632CB5EBD37E3A374825E	204800	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2013-04-30 01:21:47	96E0F0BED5D9EBABB899D8CA83C36A7E	523264	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2013-04-30 01:21:47	87E71F2A83681F41B796CA685818EF2D	163840	----a-w-	C:\Windows\SysWOW64\msrating.dll
2013-04-30 01:21:47	87513A002B7B0F9C259F2431DFD008DC	137216	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2013-04-30 01:21:47	81C4D657D37C3A5418B54BFECE821B84	57344	----a-w-	C:\Windows\SysWOW64\pngfilt.dll
2013-04-30 01:21:47	80B47F0F45C3EBF41C30E0BA367D25D3	125440	----a-w-	C:\Windows\SysWOW64\occache.dll
2013-04-30 01:21:47	52A7D73D5570F757D865DDECD087FB41	138752	----a-w-	C:\Windows\SysWOW64\wextract.exe
2013-04-30 01:21:47	338520304B99471BD0ED121954FE7863	82432	----a-w-	C:\Windows\SysWOW64\inseng.dll
2013-04-30 01:21:47	0402BFC25AB49E02256BC24E32829773	185344	----a-w-	C:\Windows\SysWOW64\elshyph.dll
2013-04-30 01:21:47	038F76279EC64878A072D988DE13C7B2	150528	----a-w-	C:\Windows\SysWOW64\iexpress.exe
2013-04-30 01:21:46	F0D4AE074D9BC0741DC6E91C741F2F8C	23040	----a-w-	C:\Windows\SysWOW64\licmgr10.dll
2013-04-30 01:21:46	E14A07B768EC49D382CABCE2F078D576	232960	----a-w-	C:\Windows\SysWOW64\url.dll
2013-04-30 01:21:46	DEFB55D4FF094673DF31FA89A8A8A2F0	226816	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2013-04-30 01:21:46	C68FBBF01E86CB6CF0B797748FBD6C1A	357888	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2013-04-30 01:21:46	B96C13B5C85AC4240FE95DE115945D59	38400	----a-w-	C:\Windows\SysWOW64\imgutil.dll
2013-04-30 01:21:46	A7E8E3A9F92D9B0D495F636A1D282883	48640	----a-w-	C:\Windows\SysWOW64\mshtmler.dll
2013-04-30 01:21:46	9D9AC6CE9A9D951AC40DE91CD6F0A620	1441280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2013-04-30 01:21:46	932571EFF79B93F94E84ADF4989A277F	69120	----a-w-	C:\Windows\SysWOW64\icardie.dll
2013-04-30 01:21:46	8C3D32A4A46326031309A43C52539D7F	1400416	----a-w-	C:\Windows\SysWOW64\ieapfltr.dat
2013-04-30 01:21:46	8A45166CD9874463AB76B552C9C2D3AD	110592	----a-w-	C:\Windows\SysWOW64\IEAdvpack.dll
2013-04-30 01:21:46	828B4A41BE891A7AEC07E693422B4A3A	117248	----a-w-	C:\Windows\SysWOW64\iepeers.dll
2013-04-30 01:21:46	6DF2C6438CFF6EFCBBB88AEE01795501	73728	----a-w-	C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-04-30 01:21:46	56E51C26745FF7413514EA4DDF33BC6C	11776	----a-w-	C:\Windows\SysWOW64\msfeedssync.exe
2013-04-30 01:21:46	4A47CAEA8D3B82DE439A79771ECED4B1	361984	----a-w-	C:\Windows\SysWOW64\html.iec
2013-04-30 01:21:46	414A3D9AAE072CDEFE0B64C2EBEE18D2	61952	----a-w-	C:\Windows\SysWOW64\tdc.ocx
2013-04-30 01:21:46	404FAD93ABFBD86D1AAAB47D5DFA6505	242200	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2013-04-30 01:21:46	3AB2A38F7EA9E62D176A78FB58761E24	12800	----a-w-	C:\Windows\SysWOW64\mshta.exe
2013-04-30 01:21:46	2D7A29C35D0894481A69FA3AC45F18F0	41984	----a-w-	C:\Windows\SysWOW64\msfeedsbs.dll
2013-04-30 01:21:46	1FF56AC32B38A94C3C88497BD6E00C96	25185	----a-w-	C:\Windows\SysWOW64\ieuinit.inf
2013-04-30 01:21:46	0F44172A5B34E8F208CD0F209EDD4A73	629248	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2013-04-30 01:00:45	FB3F036EF6A467F7AF46C821FF5D198D	220160	----a-w-	C:\Windows\SysWOW64\d3d10core.dll
2013-04-30 01:00:45	C7A730AFB80B11F93EFC81B1D6F920D7	364544	----a-w-	C:\Windows\SysWOW64\XpsGdiConverter.dll
2013-04-30 01:00:45	8504944851DF6175CC489A8F3328459E	1080832	----a-w-	C:\Windows\SysWOW64\d3d10.dll
2013-04-30 01:00:45	7ACDFB4CC67F4993DF0E0731576309B2	1504768	----a-w-	C:\Windows\SysWOW64\d3d11.dll
2013-04-30 01:00:45	6A7B5A3EFCCDB53DA41CF6838056990F	1158144	----a-w-	C:\Windows\SysWOW64\XpsPrint.dll
2013-04-30 01:00:45	6A13B4F3B3F575F1E24B877B9359AABA	10752	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 01:00:45	6951562DC4625EEFC6EACD52AD165866	9728	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 01:00:45	60F4AEFA103D421EA4A40E31409B4756	3072	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 01:00:45	600A65F922CCDCBB2D11467914241556	2284544	----a-w-	C:\Windows\SysWOW64\msmpeg2vdec.dll
2013-04-30 01:00:45	589CBC4989F750E1DA35625AB481CF43	4096	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 01:00:45	545F1BAAADD0BF1F4FE4586293FCA07D	417792	----a-w-	C:\Windows\SysWOW64\WMPhoto.dll
2013-04-30 01:00:45	49ACA548B2423F1C67898E6AC719A9A6	3584	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 01:00:45	4277F5164DE9B7C665BB928B9145BEE0	1247744	----a-w-	C:\Windows\SysWOW64\DWrite.dll
2013-04-30 01:00:45	3BE0D923AA45A4DBE091C2D84F0B4FE7	3072	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 01:00:45	2E33DFD10F28F86C3FC40EE123CC3904	2560	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 01:00:45	1C60E09CA1C3A045BC4D367F67C915B7	5632	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 01:00:45	007863E45F25AA47A4C30D0930BBFD85	5632	---ha-w-	C:\Windows\SysWOW64\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 01:00:44	D4F264FE23F8953D840904418220C15E	293376	----a-w-	C:\Windows\SysWOW64\dxgi.dll
2013-04-30 01:00:44	D4212AB475A3B25EC4DF574536C3EDC5	249856	----a-w-	C:\Windows\SysWOW64\d3d10_1core.dll
2013-04-30 01:00:44	B3170CCC779B682C3341873EA60CF084	1988096	----a-w-	C:\Windows\SysWOW64\d3d10warp.dll
2013-04-30 01:00:44	9FF8F684BACF326082E5562F7C104A79	3419136	----a-w-	C:\Windows\SysWOW64\d2d1.dll
2013-04-30 01:00:44	8B285BDAB7735FDFB18E6F7122923B77	187392	----a-w-	C:\Windows\SysWOW64\UIAnimation.dll
2013-04-30 01:00:44	62A6EB5771580CAE445804389F3F7432	207872	----a-w-	C:\Windows\SysWOW64\WindowsCodecsExt.dll
2013-04-30 01:00:44	4FF3EC04CD47DD62181894B71B004E40	604160	----a-w-	C:\Windows\SysWOW64\d3d10level9.dll
2013-04-30 01:00:44	3C1936A12C62254F914A01BBC6A8DC69	161792	----a-w-	C:\Windows\SysWOW64\d3d10_1.dll
2013-04-30 01:00:44	3BCECD87AB4E6743BFB45B352AD1A529	1230336	----a-w-	C:\Windows\SysWOW64\WindowsCodecs.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-04-30 15:18:58	E198851141465033273480C5EEAD5DE5	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-04-30 15:18:57	A89103864B67CE1ED3BB5D48569D3D94	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2013-04-30 15:18:57	1C3C4D34DCF354620B76B42620B4DFAD	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-04-30 15:18:56	F03E5925B7E99800B8BFE1332556E1E2	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-04-30 15:18:56	F021824E70447D98DB6CCED4456A0891	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2013-04-30 15:18:56	82F604599DE379AA539EE2DF48399DC5	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2013-04-30 15:18:56	38BEBBC4CF9FE6566262F0037DF843BF	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2013-04-30 15:18:56	268E23EAEDF3FAF87A7A87F0257C9E87	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-04-30 15:18:55	85F1FE2D5EDBFD26066F5ABB9504A69C	2647040	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-04-30 15:18:54	DE3C3B1B4FA5FBF1F17BCD3B3AE1ED15	3958784	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-04-30 15:18:54	8C1EFE99D4C9462EF2E10E7140B44D4A	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-04-30 15:18:54	29812E9971077BE3F8B9DC225CF9D454	1365504	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-04-30 15:18:53	194125E7839D4902F2490A70049E8F78	53248	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-04-30 15:18:52	753C0848AE7872A3F59663078A517293	2240512	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-04-30 15:18:51	D744D5B8145C2303B19A288AF695E9AD	15404544	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-04-30 15:18:49	394ECD933CD66BADF97EA85A183B9E1E	19230208	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-04-30 01:21:47	5051BB40FFB2BA4870C0A059CA03294F	1054720	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2013-04-30 01:21:47	3531FA12A76A32ECECD972196775DF7C	226304	----a-w-	C:\Windows\Sysnative\elshyph.dll
2013-04-30 01:21:46	FC6B4D5450871A4D5CB344AFF6C090EF	281600	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2013-04-30 01:21:46	EC08E38751854C5B8899139B7DD29FF9	197120	----a-w-	C:\Windows\Sysnative\msrating.dll
2013-04-30 01:21:46	D8DD5CBB9668EEE98915EA49C72F78FA	441856	----a-w-	C:\Windows\Sysnative\html.iec
2013-04-30 01:21:46	112183DF91C9BAECB498E4A86ECDE598	216064	----a-w-	C:\Windows\Sysnative\msls31.dll
2013-04-30 01:21:45	F651D95B5043EFC20A6108A853553984	92160	----a-w-	C:\Windows\Sysnative\SetIEInstalledDate.exe
2013-04-30 01:21:45	E965529C43D25F2BDA77D705098BF777	135680	----a-w-	C:\Windows\Sysnative\IEAdvpack.dll
2013-04-30 01:21:45	E1055A7FAD39F1F7C44F6152044056EA	905728	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2013-04-30 01:21:45	D9C10A4A0B3411146E6FC8936B079934	167424	----a-w-	C:\Windows\Sysnative\iexpress.exe
2013-04-30 01:21:45	D8076F8A3C34064582035AE6696DC34A	27648	----a-w-	C:\Windows\Sysnative\licmgr10.dll
2013-04-30 01:21:45	D0F66CFAED5B85543216EF526D380B8B	270848	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2013-04-30 01:21:45	D0D4CE6C6CE87269A34A184356475D17	149504	----a-w-	C:\Windows\Sysnative\occache.dll
2013-04-30 01:21:45	CF1387441D1096DBD4A23E155F1EE958	173568	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2013-04-30 01:21:45	C2F21E3059AFF5E616F3E361D9FA10CD	62976	----a-w-	C:\Windows\Sysnative\pngfilt.dll
2013-04-30 01:21:45	BC0D4AFBE94D8E1F81C8926D805C3366	247296	----a-w-	C:\Windows\Sysnative\webcheck.dll
2013-04-30 01:21:45	ADE73A865A5F136E84F49BB6B1627C6E	1509376	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2013-04-30 01:21:45	8C3D32A4A46326031309A43C52539D7F	1400416	----a-w-	C:\Windows\Sysnative\ieapfltr.dat
2013-04-30 01:21:45	82D602EBBBA6D08E4691F32269FD3494	12800	----a-w-	C:\Windows\Sysnative\msfeedssync.exe
2013-04-30 01:21:45	7EC25F7ABF7CE6B0FE93787524EE537B	452096	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2013-04-30 01:21:45	658E8FEC79A4AB5BFDE032627B5C9667	13824	----a-w-	C:\Windows\Sysnative\mshta.exe
2013-04-30 01:21:45	63CAE56FE4215F98FEB0188748A99378	52224	----a-w-	C:\Windows\Sysnative\msfeedsbs.dll
2013-04-30 01:21:45	5B15164486C66B76699E1CD2CD2F3A2A	51200	----a-w-	C:\Windows\Sysnative\imgutil.dll
2013-04-30 01:21:45	4E426A67C46379B75A5E671B46FC07F6	102912	----a-w-	C:\Windows\Sysnative\inseng.dll
2013-04-30 01:21:45	4CFBEC37E4FAD530E623E1541E1EA958	599552	----a-w-	C:\Windows\Sysnative\vbscript.dll
2013-04-30 01:21:45	40738329209CBE2C9B48F7E30F7C1414	144896	----a-w-	C:\Windows\Sysnative\wextract.exe
2013-04-30 01:21:45	402D797A7905DC3C6FE11E75CD5252EB	235008	----a-w-	C:\Windows\Sysnative\url.dll
2013-04-30 01:21:45	2AAE2B8FED8390879C2369FC63F7001F	97280	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2013-04-30 01:21:45	23556D116D5FB93395B2A648EEB24251	81408	----a-w-	C:\Windows\Sysnative\icardie.dll
2013-04-30 01:21:45	1FF56AC32B38A94C3C88497BD6E00C96	25185	----a-w-	C:\Windows\Sysnative\ieuinit.inf
2013-04-30 01:21:45	18A94D6E9D27D169D38DAB91F6A97518	136192	----a-w-	C:\Windows\Sysnative\iepeers.dll
2013-04-30 01:21:45	1456EECCB5CF6B91513200F95D61706E	762368	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2013-04-30 01:21:44	942E110384668EEFF44751A02EDDF5E4	48640	----a-w-	C:\Windows\Sysnative\mshtmler.dll
2013-04-30 01:21:44	440104AEB9DAF8AC9842080AE59740FA	77312	----a-w-	C:\Windows\Sysnative\tdc.ocx
2013-04-30 01:00:45	FB4045578F5180BDB1963AB352B78548	5632	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-04-30 01:00:45	FA428BDBCFAB9DC3D58F0BD2CCD50EA2	1682432	----a-w-	C:\Windows\Sysnative\XpsPrint.dll
2013-04-30 01:00:45	F5CEF064C7E6D95DA86B9D064A56A969	3584	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-04-30 01:00:45	F49E92B50CED5C9F1725D3C0329FD933	10752	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-04-30 01:00:45	E8EEA503870CB6A6DC4E09A2433DF33E	2776576	----a-w-	C:\Windows\Sysnative\msmpeg2vdec.dll
2013-04-30 01:00:45	C498EF41B93986BCBD483597573EB96D	2565120	----a-w-	C:\Windows\Sysnative\d3d10warp.dll
2013-04-30 01:00:45	AFC3DB5C6EB8CA8017DDB81D6C0AD02A	9728	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-04-30 01:00:45	9108540E866F75C7AF2B91DD921A8091	3072	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-04-30 01:00:45	9094039A00485F71C4DE64BF51F64C46	3072	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-version-l1-1-0.dll
2013-04-30 01:00:45	8DFB5752FCE145A6B295093C0A8BE131	363008	----a-w-	C:\Windows\Sysnative\dxgi.dll
2013-04-30 01:00:45	893E8C1E4A1263EDDB1A6922D0E32201	465920	----a-w-	C:\Windows\Sysnative\WMPhoto.dll
2013-04-30 01:00:45	7E8A672B7B06A6EB11960C22E0360C59	3928064	----a-w-	C:\Windows\Sysnative\d2d1.dll
2013-04-30 01:00:45	72723D3E4781BADC62C3180C137E7B23	4096	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-user32-l1-1-0.dll
2013-04-30 01:00:45	6F623BD09CBB4C3F97374F12976E5EA5	522752	----a-w-	C:\Windows\Sysnative\XpsGdiConverter.dll
2013-04-30 01:00:45	64A4AB126E24FD3F58EBE64852773DB5	2560	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-04-30 01:00:45	0E6FBF19D9DFBB77316C23DF91F8A101	5632	---ha-w-	C:\Windows\Sysnative\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-04-30 01:00:44	F1C19F0AA151B90A7416FA1D50DDB582	245248	----a-w-	C:\Windows\Sysnative\WindowsCodecsExt.dll
2013-04-30 01:00:44	C4C183E6551084039EC862DA1C945E3D	1175552	----a-w-	C:\Windows\Sysnative\FntCache.dll
2013-04-30 01:00:44	BDDF242A49E7B7DC5CCEC291BCE53ACB	1424384	----a-w-	C:\Windows\Sysnative\WindowsCodecs.dll
2013-04-30 01:00:44	B2CA1AC17E78D986B22FD6C2261CD84F	1238528	----a-w-	C:\Windows\Sysnative\d3d10.dll
2013-04-30 01:00:44	AFB73882AE41E1629A63E6713FE30FB9	296960	----a-w-	C:\Windows\Sysnative\d3d10core.dll
2013-04-30 01:00:44	9AE80F6A66B30E3ED8CDF858CF28B11B	194560	----a-w-	C:\Windows\Sysnative\d3d10_1.dll
2013-04-30 01:00:44	63F72417CA38D8FC8F53709649B589E3	333312	----a-w-	C:\Windows\Sysnative\d3d10_1core.dll
2013-04-30 01:00:44	63BB89DED1E9104E68D33E54DE4D340D	1643520	----a-w-	C:\Windows\Sysnative\DWrite.dll
2013-04-30 01:00:44	448B02AD260EC3E1E892FCE6DFDDEEBD	1887232	----a-w-	C:\Windows\Sysnative\d3d11.dll
2013-04-30 01:00:44	3834316FE8A653227282196525E07DFE	648192	----a-w-	C:\Windows\Sysnative\d3d10level9.dll
2013-04-30 01:00:44	04CB7C8FDC6D9640DD82A527208F72C4	221184	----a-w-	C:\Windows\Sysnative\UIAnimation.dll
====== C:\Windows\Sysnative\drivers =====
2013-04-23 17:24:21	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-01 19:01:50	--------	d-----w-	C:\Program Files (x86)\IrfanView
2013-04-28 21:51:18	--------	d-----w-	C:\Program Files (x86)\Windows Live
2013-04-28 21:50:47	--------	d-----w-	C:\Program Files (x86)\Common Files\Windows Live
2013-04-28 21:30:52	--------	d-----w-	C:\Program Files (x86)\Microsoft Games for Windows - LIVE
======= C: =====
====== C:\Users\Admin\AppData\Roaming ======
2013-05-09 12:06:22	--------	d-----w-	C:\users\Admin\AppData\Local\ElevatedDiagnostics
2013-05-01 19:01:56	--------	d-----w-	C:\users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2013-04-28 21:51:01	--------	d-----w-	C:\users\Admin\AppData\Local\Windows Live
2013-04-28 21:35:11	--------	d-----w-	C:\users\Admin\AppData\Roaming\Bioshock2
2013-04-23 22:13:17	--------	d-----w-	C:\users\Admin\AppData\Roaming\Bioshock
2013-04-23 22:12:11	--------	d--h--r-	C:\users\Admin\AppData\Roaming\SecuROM
2013-04-22 00:34:04	--------	d-----w-	C:\users\Admin\AppData\Local\The Witcher 2
2013-04-18 19:44:35	--------	d-----w-	C:\users\Admin\AppData\Roaming\Unity
2013-04-18 19:42:20	--------	d-----w-	C:\users\Admin\AppData\Locallow\Unity
2013-04-18 19:42:20	--------	d-----w-	C:\users\Admin\AppData\Local\Unity
====== C:\Users\Admin ======
2013-05-09 11:28:09	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Admin\defogger_reenable
2013-04-28 21:52:46	--------	d-----w-	C:\Users\Admin\Tracing
2013-04-28 21:31:32	--------	d-sh--w-	C:\ProgramData\SecuROM
2013-04-28 21:30:55	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows - LIVE
2013-04-23 20:50:41	--------	d-----w-	C:\ProgramData\Media Center Programs
2013-04-21 23:49:08	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\The Witcher 2

====== C: exe-files ==
2013-05-09 11:36:34	60BF4AE8CC40B0E3E28613657ED2EED8	377856	----a-w-	C:\Users\Admin\Desktop\Troja\gmer_2.1.19163.exe
2013-05-09 11:25:34	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Admin\Desktop\Troja\Defogger.exe
2013-05-09 11:16:07	8B04B70215C2D72BA2B4F67E1272CFAB	706746	----a-w-	C:\Users\Admin\Desktop\Troja\delfix.exe
2013-05-09 11:15:19	788FCDDD88240A85039F7F561093B118	448512	----a-w-	C:\Users\Admin\Desktop\Troja\TFC.exe
2013-05-09 11:14:12	E8D3E34FFDAF21DF7C09CBBBA5763237	2347384	----a-w-	C:\Users\Admin\Desktop\Troja\esetsmartinstaller_enu.exe
2013-05-09 11:14:00	683FDD3D773C58B262DC07CD0C6CE938	10285040	----a-w-	C:\Users\Admin\Desktop\Troja\mbam-setup-1.75.0.1300.exe
2013-05-09 11:13:32	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\Admin\Desktop\Troja\OTL.exe
2013-05-09 11:11:51	09A3F926C400C29B3CF04FD15A0D8DEA	545954	----a-w-	C:\Users\Admin\Desktop\Troja\JRT.exe
2013-05-09 11:11:28	A95866BA166A09E360BB88DA72D4531D	628743	----a-w-	C:\Users\Admin\Desktop\Troja\adwcleaner.exe
2013-05-09 09:44:52	EB35381A0AEAA50E886009E0F87A7B17	544	----a-w-	C:\$Recycle.Bin\S-1-5-21-1113747050-1043316554-276651512-1000\$IZMDKGI.exe
2013-05-09 08:51:08	D1627CDB6858EE39F95F40D719B3B32B	5261912	----a-w-	C:\Users\Admin\AppData\Local\Temp\CDBurnerXP-updates\cdbxp_setup_4.5.1.4003.exe
2013-05-05 19:19:40	A412D6FCB94E17374D11837167D533FB	49152	----a-w-	C:\$Recycle.Bin\S-1-5-21-1113747050-1043316554-276651512-1000\$RZMDKGI.exe
2013-05-05 13:55:22	98A4A87F5B22136EFDE1D71DCF215AAA	377856	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{97286B64-7A00-AD92-871C-052285D8575A}-heah.exe
2013-05-05 13:54:58	8A70ABF7547CF0816E3523D707609A1B	28672	----a-w-	C:\Users\Admin\AppData\Local\Temp\tmpbfbb18bb\gw01.exe
2013-05-05 13:54:58	8A70ABF7547CF0816E3523D707609A1B	28672	----a-w-	C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\H65F11B2\%2e_files_gw01[1].exe
2013-05-05 03:02:05	98A4A87F5B22136EFDE1D71DCF215AAA	377856	----a-w-	C:\ProgramData\Microsoft\Microsoft Antimalware\LocalCopy\{2669CF52-E681-A66E-7ACC-70FD4BCC049F}-heah.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1113747050-1043316554-276651512-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="D:\Program Files (x86)\Steam\Steam.exe -silent"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun                                                                                                                                                                                                        "

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"VolPanel"="D:\Programme\Prodigy X-Fi\Volume Panel\VolPanlu.exe /r"
"GrooveMonitor"="C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe                                                                                                                                                                                                     "
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"Razer Synapse"="C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Steam"="D:\Program Files (x86)\Steam\Steam.exe -silent"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun                                                                                                                                                                                                        "

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"MSC"="C:\Program Files\Microsoft Security Client\msseces.exe -hide -runkey"
"IgfxTray"="C:\Windows\system32\igfxtray.exe"
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe"
"Persistence"="C:\Windows\system32\igfxpers.exe"
"EvtMgr6"="C:\Program Files\Logitech\SetPointP\SetPoint.exe /launchGaming"
"XboxStat"="C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe silentrun"

==== Startup Registry Disabled ======================

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run-]
"msnmsgr"="\"C:\\Program Files (x86)\\Windows Live\\Messenger\\msnmsgr.exe\" /background"


[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"SunJavaUpdateSched"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
"QuickTime Task"="\"C:\\Program Files (x86)\\QuickTime\\QTTask.exe\" -atboottime"
"Adobe ARM"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
"WinampAgent"="D:\\Winamp\\winampa.exe"


==== Startup Registry Disabled x64 ======================

[HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run-]
"LogiScrollApp"="C:\\Program Files\\Logitech\\FlowScroll\\KhalScroll.exe"


==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [16.04.2013 14:03]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default
- ProxTube - Gesperrte YouTube Videos entsperren - %ProfilePath%\extensions\ich@maltegoetz.de
- ProxMate - unblock the Internet - %ProfilePath%\extensions\jid1-QpHD8URtZWJC2A@jetpack.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

==== Firefox Plugins ======================

Profilepath: C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default
F7E72D3A281F922BACEC1A71A826D4C2	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll -	Shockwave Flash
D4BD9F86123C87ECA570418B69326F99	- C:\Windows\SysWOW64\npDeployJava1.dll -	Java Deployment Toolkit 7.0.170.2
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
geooogfhpjdpeiphckpbgkhpbeobcaoi - C:\ProgramData\Logitech\LogiSmoothChromeExt.crx[08.02.2012 21:07]
jmfkcklnlgedgbglfkkgedjfmejoahla - C:\Program Files (x86)\AVG\AVG2012\Chrome\safesearch.crx[]
ndibdjnfmopecpmkdieinmbadjfpblof - C:\Program Files (x86)\AVG\AVG2012\Chrome\donottrack.crx[]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.msn.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Admin\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Admin\AppData\Local\Mozilla\Firefox\Profiles\p99v2nan.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

After Reboot

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Admin\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

smeenk · 10.05.2013, 16:38

Es sind einige Überbleibsel gelöscht worden

Downloade dir bitte

Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bass1988 · 12.05.2013, 14:27

So, es hat ein wenig gedauert, aber hier sind die Logs:

Malwarebytes:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.12.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Admin :: ADMIN-PC [Administrator]

12.05.2013 14:46:41
MBAM-log-2013-05-12 (15-18-12).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 437803
Laufzeit: 29 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
D:\Games\Nexus Mod Manager\Skyrim\Mods\Skyrim_Universal_4GB_Memory_Patch-3211-1-0.rar (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.
D:\Program Files (x86)\Steam\SteamApps\common\Skyrim\Data\Skyrim_Memory_4gb_Patch\Skyrim.Memory.(4gb).Patch.exe (PUP.Hacktool.Patcher) -> Keine Aktion durchgeführt.

(Ende)

Adwcleaner:

Code:

ATTFilter

# AdwCleaner v2.300 - Datei am 12/05/2013 um 15:19:16 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - ADMIN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default\foxydeal.sqlite
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default\jetpack

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default\prefs.js

C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\p99v2nan.default\user.js ... Gelöscht !

Gelöscht : user_pref("browser.babylon.HPOnNewTab", "search.babylon.com");
Gelöscht : user_pref("browser.newtab.url", "hxxp://search.babylon.com/?affID=113480&babsrc=NT_ss&mntrId=9c7e088[...]
Gelöscht : user_pref("browser.search.defaultenginename", "Search the web (Babylon)");
Gelöscht : user_pref("browser.search.order.1", "Search the web (Babylon)");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://search.babylon.com/?affID=113480&babsrc=HP_ss&mntrId=9[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.babylon.com/?affID=113480&babsrc=KW_ss&mntrId=9c7e0885000000[...]

-\\ Opera v12.15.1748.0

Datei : C:\Users\Admin\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2642 octets] - [12/05/2013 15:19:16]

########## EOF - C:\AdwCleaner[S1].txt - [2702 octets] ##########

und Securitycheck:

Code:

ATTFilter

 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is enabled)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Security Center service is not running! This report may not be accurate! 
Microsoft Security Essentials   
 Antivirus up to date!  
`````````Anti-malware/Other Utilities Check:````````` 
 Malwarebytes Anti-Malware Version 1.75.0.1300  
 TuneUp Utilities 2012   
 TuneUp Utilities Language Pack (de-DE) 
 Java 7 Update 17  
 Java version out of Date! 
 Adobe Flash Player 11.7.700.169  
 Adobe Reader 10.1.4 Adobe Reader out of Date!  
 Mozilla Firefox (20.0.1) 
````````Process Check: objlist.exe by Laurent````````  
 Microsoft Security Essentials MSMpEng.exe 
 Microsoft Security Essentials msseces.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````

Java ist bei mir nicht auf dem neusten Stand, das stimmt. Irgendwie bekomm ich aber auch keine Updates mehr drauf, ich bekomm da ständig eine Fehlermeldung.
MSE läuft bei mir aber, ist auch auf dem neusten Stand und schon beim Autostart aktiv.

smeenk · 13.05.2013, 10:03

Versuch mal eine direkte Download: Download Java Runtime Environment 1.7.0.21 (64-bit) - FileHippo.com

Bass1988 · 14.05.2013, 13:00

Ah, seltsamerweise hat das funktioniert ^^
trotzdem zeigt mir der Securitycheck an, dass Adobe und Java nicht auf dem neusten Stand sind..

smeenk · 14.05.2013, 14:41

Der neuest Version Adobe Reader: Adobe - Adobe Reader herunterladen - Alle Versionen

Plugins Check: https://www.mozilla.org/de/plugincheck/

13.05.2013, 10:03	#6
smeenk /// Malwareteam / Visitor	Probleme mit PWS:Win32/Zbot.gen!AJ - Trojaner Versuch mal eine direkte Download: Download Java Runtime Environment 1.7.0.21 (64-bit) - FileHippo.com

14.05.2013, 14:41	#8
smeenk /// Malwareteam / Visitor	Probleme mit PWS:Win32/Zbot.gen!AJ - Trojaner Der neuest Version Adobe Reader: Adobe - Adobe Reader herunterladen - Alle Versionen Plugins Check: https://www.mozilla.org/de/plugincheck/

Probleme mit PWS:Win32/Zbot.gen!AJ - Trojaner

Log-Analyse und Auswertung: Probleme mit PWS:Win32/Zbot.gen!AJ - Trojaner