Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Bundespolizei Virus eingefangen seitdem Pc laut

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 05.06.2013, 09:37   #16
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
@Alternate Data Stream - 2216 bytes -> C:\Windows\System32\drivers\pzjjgnwk.sys:changelist
@Alternate Data Stream - 203 bytes -> C:\ProgramData\TEMP:24FECE50
:Files
C:\Windows\System32\drivers\pzjjgnwk.sys
:Files
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
         
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 06.06.2013, 20:29   #17
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Code:
ATTFilter
All processes killed
========== OTL ==========
ADS C:\Windows\System32\drivers\pzjjgnwk.sys:changelist deleted successfully.
ADS C:\ProgramData\TEMP:24FECE50 deleted successfully.
========== FILES ==========
C:\Windows\System32\drivers\pzjjgnwk.sys moved successfully.
========== FILES ==========
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\christian\Desktop\cmd.bat deleted successfully.
C:\Users\christian\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: christian
->Temp folder emptied: 8278136 bytes
->Temporary Internet Files folder emptied: 247226610 bytes
->Java cache emptied: 28405997 bytes
->Google Chrome cache emptied: 0 bytes
->Flash cache emptied: 2179 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 17368 bytes
RecycleBin emptied: 275430 bytes
 
Total Files Cleaned = 271,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.69.0 log created on 06062013_212033

Files\Folders moved on Reboot...
C:\Users\christian\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         
__________________


Alt 07.06.2013, 10:11   #18
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
__________________

Alt 08.06.2013, 18:34   #19
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Code:
ATTFilter
OTL logfile created on: 08.06.2013 19:22:40 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,82% Memory free
5,87 Gb Paging File | 3,86 Gb Available in Paging File | 65,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 40,51 Gb Free Space | 27,57% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\ComUpdatus.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.08.24 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2012.08.19 04:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
 
O1 HOSTS File: ([2013.06.06 21:23:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F98AB5C-CD42-4622-B106-570EFF8C74A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF60E1C4-E5FC-4153-A9FF-AF3B11BF6D9C}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.06 21:20:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.04 18:54:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.04 18:53:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.04 18:52:49 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.06.03 17:34:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.06.03 17:09:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe
[2013.06.03 13:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.03 13:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.03 01:12:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\temp
[2013.06.03 00:57:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.03 00:57:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.03 00:57:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.03 00:56:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.03 00:56:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.03 00:55:24 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe
[2013.06.03 00:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 16:55:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.06.02 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.06.02 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.06.02 14:25:46 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.06.02 14:25:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.06.02 14:25:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.06.02 14:25:45 | 009,053,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.06.02 14:25:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.06.02 14:25:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.06.02 14:25:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.06.02 14:25:44 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.06.02 14:25:44 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.06.02 14:25:44 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.06.02 14:25:44 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.06.02 14:25:44 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.06.02 14:25:44 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.06.02 14:25:44 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.06.02 14:25:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.06.02 14:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.02 13:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.01 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.01 23:03:56 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.06.01 23:03:56 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.06.01 23:03:53 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.06.01 23:03:52 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.06.01 23:03:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.06.01 23:03:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.06.01 23:03:44 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.06.01 23:03:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.01 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.01 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.30 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 2
[2013.05.30 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.30 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.05.25 19:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013.05.25 19:16:50 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.22 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2013.05.22 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PlayFirst
[2013.05.22 21:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst
[2013.05.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst
[2013.05.22 20:40:37 | 000,000,000 | R--D | C] -- C:\Users\christian\Desktop\Discworld 2 (CD DOS)
[2013.05.22 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\bewerbung
[2013.05.22 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2013.05.22 20:16:09 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:23:29 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll
[2013.05.22 16:23:28 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
[2013.05.22 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
[2013.05.22 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet
[2013.05.16 03:15:30 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.05.16 03:15:29 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.16 03:15:29 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.16 03:15:29 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.16 03:15:28 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.16 03:15:28 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.05.16 03:15:28 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.05.16 03:15:28 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.16 03:15:28 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 03:15:27 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.15 20:25:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 20:25:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 20:25:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 20:25:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 20:25:36 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 06:53:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\NVIDIA
[2013.05.15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.15 00:31:05 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.05.15 00:29:09 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2013.05.15 00:29:09 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2013.05.15 00:28:47 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.15 00:28:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.15 00:28:43 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.15 00:28:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013.05.11 22:27:03 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\LG Electronics
[2013.05.11 22:19:50 | 000,000,000 | ---D | C] -- C:\Temp
[2013.05.11 22:18:59 | 000,131,072 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGMobileDL.dll
[2013.05.11 22:18:57 | 000,172,032 | ---- | C] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll
[2013.05.11 22:17:46 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 4.0
[2013.05.11 22:15:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG PC Suite III
[2013.05.11 22:15:35 | 001,164,728 | ---- | C] (NuMedia Soft, Inc.) -- C:\Windows\System32\NMSDVDXU.dll
[2013.05.11 22:15:35 | 000,630,784 | ---- | C] (ComponentOne) -- C:\Windows\System32\vsflex8u.ocx
[2013.05.11 22:15:35 | 000,419,240 | ---- | C] (VideoSoft) -- C:\Windows\System32\Vsflex7L.ocx
[2013.05.11 22:15:35 | 000,244,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\Msflxgrd.ocx
[2013.05.11 22:15:31 | 000,000,000 | -H-D | C] -- C:\Users\christian\AppData\Roaming\{D94BA408-F110-488B-A65E-3AE7945F79E6}
[2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\LG Electronics
[2013.05.11 22:15:31 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\LG Electronics
[2013.05.11 22:12:04 | 000,000,000 | ---D | C] -- C:\Program Files\LG Electronics
[2013.05.11 19:18:23 | 000,061,248 | ---- | C] (Khronos Group) -- C:\Windows\System32\OpenCL.dll
[2013.05.11 19:18:22 | 000,877,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvgenco32.dll
[2013.05.11 18:13:40 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2013.05.11 18:09:10 | 001,012,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3231422.dll
[2013.05.11 18:09:10 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3231422.dll
[2013.05.11 16:46:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.05.11 15:34:15 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 3
[2013.05.11 15:33:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\ESN
[2013.05.11 15:33:01 | 000,000,000 | ---D | C] -- C:\Program Files\Battlelog Web Plugins
[2013.05.11 15:30:04 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.05.11 15:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Logs
[2013.05.11 14:02:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 3
[2013.05.11 14:02:37 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\EAInstaller
[2013.05.11 12:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Origin Games
[2013.05.11 12:59:16 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\Origin
[2013.05.11 12:57:51 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Origin
[2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.05.11 12:57:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.05.11 12:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Origin
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\christian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\christian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\bass.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.08 19:07:04 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.06.08 19:06:48 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.06.08 18:57:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job
[2013.06.08 18:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.07 21:57:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job
[2013.06.06 22:02:23 | 000,002,388 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2013.06.06 21:32:35 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 21:32:35 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.06 21:24:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.06 21:24:21 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.06 21:23:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.04 19:12:25 | 000,009,224 | ---- | M] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf
[2013.06.04 19:06:07 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 19:03:56 | 000,632,031 | ---- | M] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.06.04 18:52:50 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.06.03 17:36:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.06.03 17:32:58 | 000,000,512 | ---- | M] () -- C:\Users\christian\Desktop\MBR.dat
[2013.06.03 17:11:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe
[2013.06.03 13:30:14 | 013,169,742 | ---- | M] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip
[2013.06.03 13:08:15 | 367,459,563 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.03 12:59:48 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\6jc3pzdk.exe
[2013.06.03 12:56:58 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\sog1gzlt.exe
[2013.06.03 00:56:17 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe
[2013.06.03 00:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 17:45:27 | 000,001,204 | ---- | M] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | M] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | M] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | M] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.02 13:56:09 | 000,696,620 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.02 13:56:09 | 000,651,938 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.02 13:56:09 | 000,147,916 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.02 13:56:09 | 000,120,870 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.01 23:03:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.30 14:15:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.26 13:59:15 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.05.25 23:39:46 | 001,764,840 | ---- | M] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:17:17 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.22 21:56:06 | 000,001,102 | ---- | M] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | M] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:57:02 | 623,922,266 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:40:17 | 722,797,309 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 20:29:41 | 000,000,983 | ---- | M] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:16:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:30:32 | 000,001,125 | ---- | M] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:23:20 | 004,350,224 | ---- | M] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.16 03:40:00 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 01:54:23 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:50:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.05.15 00:50:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.05.12 23:37:58 | 021,096,736 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.05.12 23:37:58 | 017,560,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.05.12 23:37:58 | 013,403,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.12 23:37:58 | 012,426,216 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.12 23:37:58 | 009,053,984 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.05.12 23:37:58 | 007,682,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.05.12 23:37:58 | 006,324,360 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.05.12 23:37:58 | 002,754,336 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.05.12 23:37:58 | 002,597,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2013.05.12 23:37:58 | 002,002,720 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.05.12 23:37:58 | 001,024,288 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.05.12 23:37:58 | 000,925,648 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.12 23:37:58 | 000,893,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.05.12 23:37:58 | 000,443,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.05.12 23:37:58 | 000,421,152 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.05.12 23:37:58 | 000,214,448 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.05.12 23:37:58 | 000,181,488 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.05.12 23:37:58 | 000,015,885 | ---- | M] () -- C:\Windows\System32\nvinfo.pb
[2013.05.12 21:58:09 | 004,188,960 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvcpl.dll
[2013.05.12 21:58:09 | 003,045,664 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvc.dll
[2013.05.12 21:58:06 | 002,555,168 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvsvcr.dll
[2013.05.12 21:58:06 | 000,223,008 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvmctray.dll
[2013.05.12 21:58:06 | 000,062,752 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvshext.dll
[2013.05.12 15:43:36 | 000,566,048 | ---- | M] (NVIDIA Corporation) -- C:\Windows\System32\nvStreaming.exe
[2013.05.11 22:30:19 | 000,165,600 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg
[2013.05.11 22:30:11 | 000,193,480 | ---- | M] () -- C:\Users\christian\Documents\IMG060.jpg
[2013.05.11 22:30:01 | 000,203,627 | ---- | M] () -- C:\Users\christian\Documents\IMG016.jpg
[2013.05.11 22:29:48 | 000,726,101 | ---- | M] () -- C:\Users\christian\Documents\IMG062.jpg
[2013.05.11 22:27:18 | 000,172,032 | ---- | M] (LG Electronics) -- C:\Users\christian\Documents\LGPsLvDL.dll
[2013.05.11 22:22:06 | 000,003,841 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_0.png
[2013.05.11 22:22:01 | 000,004,251 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_4.png
[2013.05.11 22:21:59 | 000,005,661 | ---- | M] () -- C:\Users\christian\Documents\Skizzen_6.png
[2013.05.11 22:21:39 | 000,022,008 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg
[2013.05.11 22:21:36 | 000,023,097 | ---- | M] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg
[2013.05.11 22:21:28 | 000,185,872 | ---- | M] () -- C:\Users\christian\Documents\IMG017.jpg
[2013.05.11 22:21:23 | 000,184,205 | ---- | M] () -- C:\Users\christian\Documents\IMG018.jpg
[2013.05.11 22:21:06 | 000,202,362 | ---- | M] () -- C:\Users\christian\Documents\IMG298.jpg
[2013.05.11 22:21:02 | 000,089,081 | ---- | M] () -- C:\Users\christian\Documents\Img340057.jpg
[2013.05.11 22:20:55 | 000,180,606 | ---- | M] () -- C:\Users\christian\Documents\IMG065.jpg
[2013.05.11 22:20:06 | 000,004,899 | ---- | M] () -- C:\Users\christian\Documents\image_0003.jpg
[2013.05.11 22:20:03 | 000,005,741 | ---- | M] () -- C:\Users\christian\Documents\image_0009.jpg
[2013.05.11 22:20:00 | 000,004,774 | ---- | M] () -- C:\Users\christian\Documents\image_0008.jpg
[2013.05.11 22:19:57 | 000,004,866 | ---- | M] () -- C:\Users\christian\Documents\image_0006.jpg
[2013.05.11 22:19:50 | 000,005,022 | ---- | M] () -- C:\Users\christian\Documents\image_0010.jpg
[2013.05.11 22:15:46 | 000,001,212 | ---- | M] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk
[2013.05.11 16:52:37 | 000,001,128 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.05.11 16:52:20 | 000,138,056 | ---- | M] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2013.05.11 16:46:54 | 000,000,937 | ---- | M] () -- C:\Users\Public\Desktop\Origin.lnk
 
========== Files Created - No Company Name ==========
 
[2013.06.04 19:12:25 | 000,009,224 | ---- | C] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf
[2013.06.04 19:05:54 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 19:03:56 | 000,632,031 | ---- | C] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.06.03 17:32:58 | 000,000,512 | ---- | C] () -- C:\Users\christian\Desktop\MBR.dat
[2013.06.03 13:29:39 | 013,169,742 | ---- | C] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip
[2013.06.03 13:08:15 | 367,459,563 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.03 12:59:48 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\6jc3pzdk.exe
[2013.06.03 12:56:58 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\sog1gzlt.exe
[2013.06.03 00:57:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.03 00:57:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.03 00:57:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.03 00:57:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.03 00:57:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 17:45:27 | 000,001,204 | ---- | C] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | C] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | C] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:41 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | C] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:25:45 | 000,015,885 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.06.02 13:58:14 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.01 23:03:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:51 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.01 23:03:49 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.30 14:15:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.25 23:38:11 | 001,764,840 | ---- | C] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:18:59 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013.05.25 19:18:59 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk
[2013.05.22 21:56:06 | 000,001,102 | ---- | C] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | C] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:48:10 | 623,922,266 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:29:41 | 000,000,983 | ---- | C] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:24:35 | 722,797,309 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 16:23:27 | 000,001,125 | ---- | C] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:22:56 | 004,350,224 | ---- | C] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.15 01:54:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:10:56 | 003,165,737 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013.05.11 22:30:19 | 000,165,600 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0532.jpg
[2013.05.11 22:30:10 | 000,193,480 | ---- | C] () -- C:\Users\christian\Documents\IMG060.jpg
[2013.05.11 22:30:01 | 000,203,627 | ---- | C] () -- C:\Users\christian\Documents\IMG016.jpg
[2013.05.11 22:29:46 | 000,726,101 | ---- | C] () -- C:\Users\christian\Documents\IMG062.jpg
[2013.05.11 22:22:06 | 000,003,841 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_0.png
[2013.05.11 22:22:01 | 000,004,251 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_4.png
[2013.05.11 22:21:58 | 000,005,661 | ---- | C] () -- C:\Users\christian\Documents\Skizzen_6.png
[2013.05.11 22:21:39 | 000,022,008 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0528.jpg
[2013.05.11 22:21:36 | 000,023,097 | ---- | C] () -- C:\Users\christian\Documents\(00)04-07-10_0527.jpg
[2013.05.11 22:21:27 | 000,185,872 | ---- | C] () -- C:\Users\christian\Documents\IMG017.jpg
[2013.05.11 22:21:22 | 000,184,205 | ---- | C] () -- C:\Users\christian\Documents\IMG018.jpg
[2013.05.11 22:21:05 | 000,202,362 | ---- | C] () -- C:\Users\christian\Documents\IMG298.jpg
[2013.05.11 22:21:02 | 000,089,081 | ---- | C] () -- C:\Users\christian\Documents\Img340057.jpg
[2013.05.11 22:20:55 | 000,180,606 | ---- | C] () -- C:\Users\christian\Documents\IMG065.jpg
[2013.05.11 22:20:06 | 000,004,899 | ---- | C] () -- C:\Users\christian\Documents\image_0003.jpg
[2013.05.11 22:20:03 | 000,005,741 | ---- | C] () -- C:\Users\christian\Documents\image_0009.jpg
[2013.05.11 22:20:00 | 000,004,774 | ---- | C] () -- C:\Users\christian\Documents\image_0008.jpg
[2013.05.11 22:19:56 | 000,004,866 | ---- | C] () -- C:\Users\christian\Documents\image_0006.jpg
[2013.05.11 22:19:50 | 000,005,022 | ---- | C] () -- C:\Users\christian\Documents\image_0010.jpg
[2013.05.11 22:15:46 | 000,001,212 | ---- | C] () -- C:\Users\christian\Desktop\LG PC Suite III.lnk
[2013.05.11 16:52:37 | 000,001,128 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 3.lnk
[2013.05.11 16:46:54 | 000,000,937 | ---- | C] () -- C:\Users\Public\Desktop\Origin.lnk
[2013.05.04 20:48:27 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2013.05.04 14:13:26 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.04 14:12:48 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.05.04 14:12:32 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013.05.03 23:47:44 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.12.28 22:37:37 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2012.12.28 22:37:24 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.12.28 22:37:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2012.12.28 22:37:22 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.12.24 18:53:08 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.19 14:41:10 | 000,000,026 | ---- | C] () -- C:\Users\christian\AppData\Roaming\urhtps.dat
[2012.10.19 01:40:23 | 000,000,017 | ---- | C] () -- C:\Users\christian\AppData\Roaming\blckdom.res
[2012.08.04 01:17:35 | 000,138,056 | ---- | C] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2012.08.01 00:54:07 | 000,001,475 | ---- | C] () -- C:\Users\christian\AppData\Local\RecConfig.xml
[2012.07.30 13:15:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.07.30 13:14:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.28 18:51:14 | 000,002,464 | ---- | M] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
[2012.07.28 18:51:14 | 000,002,464 | ---- | C] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
(C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\淘米儿童浏览器

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 08.06.2013 19:22:40 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 1,76 Gb Available Physical Memory | 59,82% Memory free
5,87 Gb Paging File | 3,86 Gb Available in Paging File | 65,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 40,51 Gb Free Space | 27,57% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043B1B1-4ADF-4399-976D-170E6BF67D98}" = rport=139 | protocol=6 | dir=out | app=system | 
"{02B454A0-77A7-4CD6-85DA-51AC39EE4586}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{21A572B5-E7F5-4379-A4C5-B2FE1F9FCD5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2335967D-2397-4B7B-A190-1B84BC7D3F6E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2EBC63DA-74EF-4AD5-A429-CF884F7AFFA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F93EC86-1958-4138-A557-2B4C626E9014}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3F3CDEC8-451E-42BA-9662-C6AAE5DAE376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F44D59E-6B6C-4983-AF26-59C5E31FFE07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49FCA299-F92A-4435-BAD1-8C99A8AD076A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B3F807E-3B16-483D-9263-3CC3350B52D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{564CFD75-D79A-45FB-8DD9-A0ACD35285AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{57AA0D82-004F-4D12-BB7E-1DBF67E65CF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{617F8F74-29AA-4D9F-B2D0-A0786AD8BBC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A05BD3B-A572-4A9A-8CB4-8031A8AFFE8C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B02A4C4-42B7-4D2B-A593-5F45616955EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6FA622F9-15F1-40D2-AEFB-BD6472124E37}" = lport=137 | protocol=17 | dir=in | app=system | 
"{72E1306B-6D79-452C-B039-98E2C49E27F1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{80D40AD6-ECA1-4581-9096-521EEF85E8DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE0B9893-6D30-4466-8110-726B72C5403D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BED7BC52-A47B-49E3-94CF-3973F6E1A488}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE6D8056-2560-4A4A-9467-5F7AEAEAB376}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3E500CE-6D80-4164-8409-A38A0D580C04}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFF2543B-9D65-4592-B390-C72BF9043BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5B632F-BA10-411D-AA70-7FD5C40574BD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{0F0F2A25-F1C4-4EEE-9357-D7C9D66322B8}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{0FA1FB00-8F35-48A6-BF98-1D822781E3E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12050029-741F-437E-9EE6-DA904BC055FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FFA7CB6-4D84-448C-A227-FD8D3F482349}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{232FAC31-4989-4EE2-B67E-EB327057E8ED}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{23FB0F58-4580-49D1-AFA1-EA1D7E55A5C2}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{2A99FBE5-16E2-420A-AB8A-9749E0F71A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2FE246A3-6D94-4749-AB22-7349A4E25746}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38959AD0-F4EA-4088-92B8-E3725449F209}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41354A1F-19B1-4BA9-AF61-F8C6F45A9FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{434DDC38-A711-4463-9E5A-B77140E4A8C8}" = dir=in | app=c:\program files\acr\autoclubrev\web\acrlauncher.exe | 
"{491BD2CB-C59B-4B0C-9276-44F5FD5747C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B314CB6-A9FF-41A1-892B-FACF9FE707F2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{4D976349-DD8F-4AD7-B840-E8CE8B220C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E8A4160-FA26-499C-A514-CEA76AB9529F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{5F07C518-4FF0-4AF6-91AF-CE1BA96B0BA5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6052C571-3971-4078-87E1-EB5178EBDE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62633842-8B2E-4A1A-8241-B304A4E5C450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{6CF54414-A6A8-4FFA-ACA6-432636087C79}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{71E38912-E46E-4B9C-85C8-1536AEB65B70}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{76429C89-CA3E-47AD-B260-E98D8CB778CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{799E3303-B7BF-4EE2-9654-8406C9C8D07B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7C885785-F59D-4A7A-AE38-949583A26C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D474FD4-08CC-4BE9-B9CD-1D9B9A64B5FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81A6DB89-E30D-43A4-AA41-E11374AA7236}" = protocol=6 | dir=out | app=system | 
"{8A574993-2E62-4964-904A-AEA759E4E453}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{90D05CC1-0EF6-48BE-BB5A-2FB1C10A1D26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D8A4DC7-33A2-43AE-AFEB-C45E6BEC9624}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{9EB52FC1-E1F0-4E84-BF1A-ED27568ABB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F1C7599-C882-4904-89F8-C1387665E854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{AC9D3256-AD7B-46D9-98B5-08B78E9225F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AF8EED70-1AFE-440D-A611-6A6FE5D6CD34}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B35436B7-FE99-4109-B401-17FC15FCB2A0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B5A601EF-8457-4EEC-A3A1-5635856BC980}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{B686EA00-8553-4B86-B6C9-FA11C7891950}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{BA3C3DCA-A576-48C8-9D6E-816F250E3DD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C0725131-A386-4553-AF1B-7BAA63EEE4D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C171A88A-78E8-4414-A07A-63344EFEAD53}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{CD6F7D71-A456-44B4-89EF-AC2C9574E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0C9151D-5B9A-4AC7-AB7D-9353BCAA52DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D279FDB8-DC58-4269-8B63-9678549A7BDB}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{D300E9AD-BCEC-4768-A131-CBAB4524E2D0}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D697124E-D750-439C-970D-B9CB5C7871D0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E0065CA9-E11D-45D5-927E-BA10DFA9FAC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E529F1BF-517D-48B3-B7A7-2AC61D086158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5FEFA4D-D0E3-4498-9DA8-345304631D6A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{ECBBC2C2-70D8-4447-8663-35C79EA778D9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EEA5E877-418E-4C5D-B763-430CA020881F}" = dir=in | app=c:\program files\acr\autoclubrev\bin\acr.exe | 
"{F4677B4C-49AC-426D-8B69-963DBFA71B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6536AD2-FF60-4742-9999-727B921A0F49}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FC309E73-D704-4645-853E-E0A8F8E189CE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{06038E17-538C-42E8-90B8-00A27D295379}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"TCP Query User{304B1DBC-E52D-46FE-A14D-39C6E74D66DB}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{314863C1-772E-4A3E-9D9A-DF57ABEBC772}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{481D194F-8B13-4362-9851-77E582A27CB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{4E144FB8-88A0-442C-A6C0-2A3E3F4F13CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{513062CB-E94D-4243-8AAC-A826EB6675CD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{5910158A-981B-4188-966E-773355EB8FB3}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"TCP Query User{5C23BD90-2110-498E-A5B3-AF93C31120F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5CA5C6C4-71AD-4F59-B8DF-48FAADA550F0}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{9F5D0BB9-00DA-43FE-906F-6D68F50E4E8D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{A3544468-48BD-41B0-BF09-03A8B762947B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{A4BD2B54-EE94-4A81-B53F-2487F50BC76A}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"TCP Query User{AEA6BCCD-C52A-4E86-B66C-8232996EB460}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{E2208F94-D025-444D-AF0B-80F0AF19920C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{F453324D-3442-4912-B339-3C76F867DEBF}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{FD53C1BD-C29F-4E17-84F5-B011632CD8A8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{03D29D41-B75B-41EC-8044-160532DDA779}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"UDP Query User{075445E8-2142-47EC-960F-F06569BE3A60}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{09DC2C09-68D6-492C-9F89-3AB0A415BF87}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{0ECF42CD-CC74-44C3-87AA-6565A25D27D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{377F22F4-0CCD-42B9-92C6-B94867C6D584}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"UDP Query User{391395CA-C694-424A-878D-03BCB50E9C98}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{546C6CA0-5DD7-4ECE-8627-47EEA01BFEFC}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{729C9629-0A08-45F1-898C-B22D71217521}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{82F5EA8A-12CE-4AB9-84C3-D905CD4D210F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{93CB7A51-8462-4F73-9918-D857812646F4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B5E01533-DCD3-4760-AA95-AE50B93D7074}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B77DD564-8392-48D6-BDCA-35FC2EA5F2B9}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"UDP Query User{C446E2F9-43A2-4F53-9DFF-E52534DBA61A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{D63A04A0-AFA8-42CC-9F12-B4CCAB926F7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EACC3CDF-BA2B-41F4-A1B4-022472DB05A3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{EB5BC889-9F48-4AC0-BD10-9A58F2906B52}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.118.08260
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"CCleaner" = CCleaner
"Dream Chronicles" = Dream Chronicles
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"EPSON XP-102 103 Series Useg" = Benutzerhandbuch EPSON XP-102 103 Series
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Hardware Helper_is1" = Hardware Helper
"HitmanPro37" = HitmanPro 3.7
"HotspotShield" = Hotspot Shield 2.78
"HyperCam 3 3.5.1210.30" = HyperCam 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 55100" = Homefront
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"TaomeeBrowser" = 淘米儿童浏览器
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 04.06.2013 18:38:56 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.06.2013 18:41:07 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.06.2013 19:15:41 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 05.06.2013 19:17:54 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.06.2013 18:30:01 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 06.06.2013 18:32:01 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.06.2013 20:07:19 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 07.06.2013 20:09:58 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 08.06.2013 13:10:57 | Computer Name = christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 10.0.9200.16576,
 Zeitstempel: 0x515e30fe  Name des fehlerhaften Moduls: EPTBL.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4d3ff09a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x1002a916
ID
 des fehlerhaften Prozesses: 0x9d88  Startzeit der fehlerhaften Anwendung: 0x01ce6469de449052
Pfad
 der fehlerhaften Anwendung: C:\Program Files\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: EPTBL.dll  Berichtskennung: 61e64b85-d05e-11e2-b425-001a9236e0af
 
[ System Events ]
Error - 06.06.2013 15:20:33 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
 
< End of report >
         

Alt 09.06.2013, 21:31   #20
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes Anti-Malware (MBAM) (falls du vor kurzem erst einen Vollscan gemacht hast, reicht auch ein Quickscan (spart Zeit), das dann mir bitte auch mitteilen)

Hinweis: Denk bitte vorher daran, Malwarebytes Anti-Malware über den Updatebutton zu aktualisieren!

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:


ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset


__________________
Logfiles bitte immer in CODE-Tags posten

Alt 11.06.2013, 22:20   #21
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Glaub sieht nicht so gut aus.

Malwarebytes Vollscan Log

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.06.11.05

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16576
christian :: CHRISTIAN-PC [Administrator]

11.06.2013 18:29:38
mbam-log-2013-06-11 (18-29-38).txt

Art des Suchlaufs: Vollständiger Suchlauf (A:\|C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 381785
Laufzeit: 1 Stunde(n), 1 Minute(n), 43 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{C0F1636E-13A8-4C84-BB11-774BE45E1F83} (Trojan.Banker) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Zoiz (Trojan.Agent.rf) -> Daten: C:\Users\christian\AppData\Roaming\Mukuti\zoiz.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\christian\Downloads\setup.exe (PUP.BundleInstaller.VG) -> Keine Aktion durchgeführt.
C:\Users\christian\AppData\Roaming\Mukuti\zoiz.exe (Trojan.Agent.rf) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
ESET Log

Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=eff7257e0bcb3f49949ee62b9267ae6b
# engine=14051
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-06-11 09:00:45
# local_time=2013-06-11 11:00:45 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=774 16777213 85 91 771040 147694317 0 0
# compatibility_mode=5893 16776573 100 94 11337 122615636 0 0
# scanned=155858
# found=2
# cleaned=0
# scan_time=9534
sh=CB68DF95CCBECB98ED65FD9723C0847D4F12B8DF ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.OMY trojan" ac=I fn="C:\Users\christian\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58\22c7e8ba-7704dac0"
sh=1A4B5A0341E3F460364E46D31A2EE1047AA731C2 ft=1 fh=84b0657758f937f2 vn="Win32/Adware.Bundlore application" ac=I fn="C:\Users\christian\Downloads\setup.exe"
         

Alt 11.06.2013, 22:47   #22
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Da sind ja noch einige Reste gewesen. Eine Kontrolle mit OTL bitte:
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 13.06.2013, 14:29   #23
starta
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



OTL Logfiles

Code:
ATTFilter
OTL logfile created on: 13.06.2013 15:17:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 27,20% Memory free
5,87 Gb Paging File | 2,65 Gb Available in Paging File | 45,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 42,07 Gb Free Space | 28,63% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\christian\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Programme\Origin\Origin.exe (Electronic Arts)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpntray.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
PRC - C:\Programme\Hotspot Shield\bin\hsswd.exe ()
PRC - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
PRC - C:\Programme\EPSON Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
PRC - C:\Programme\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (HssSrv) -- C:\Programme\Hotspot Shield\HssWPR\HssSrv.exe (AnchorFree Inc.)
SRV - (hshld) -- C:\Programme\Hotspot Shield\bin\openvpnas.exe (AnchorFree Inc.)
SRV - (HssWd) -- C:\Programme\Hotspot Shield\bin\hsswd.exe ()
SRV - (HssTrayService) -- C:\Programme\Hotspot Shield\bin\HSSTrayService.exe ()
SRV - (EpsonScanSvc) -- C:\Windows\System32\escsvc.exe (Seiko Epson Corporation)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50ST7.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE (SEIKO EPSON CORPORATION)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ABBYY.Licensing.FineReader.Sprint.9.0) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (VGPU) -- System32\drivers\rdvgkmd.sys File not found
DRV - (tsusbhub) -- system32\drivers\tsusbhub.sys File not found
DRV - (Synth3dVsc) -- System32\drivers\synth3dvsc.sys File not found
DRV - (catchme) -- C:\Users\CHRIST~1\AppData\Local\Temp\catchme.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswVmm) -- C:\Windows\System32\drivers\aswVmm.sys ()
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr2.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswRvrt) -- C:\Windows\System32\drivers\aswRvrt.sys ()
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (speedfan) -- C:\Windows\System32\speedfan.sys (Almico Software)
DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV - (taphss6) -- C:\Windows\System32\drivers\taphss6.sys (Anchorfree Inc.)
DRV - (HssDRV6) -- C:\Windows\System32\drivers\hssdrv6.sys (AnchorFree Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (RdpVideoMiniport) -- C:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (LgBttPort) -- C:\Windows\System32\drivers\lgbtport.sys (LG Electronics Inc.)
DRV - (LGVMODEM) -- C:\Windows\System32\drivers\lgvmodem.sys (LG Electronics Inc.)
DRV - (lgbusenum) -- C:\Windows\System32\drivers\lgbtbus.sys (LG Electronics Inc.)
DRV - (USBModem) -- C:\Windows\System32\drivers\lgusbmodem.sys (LG Electronics Inc.)
DRV - (UsbDiag) -- C:\Windows\System32\drivers\lgusbdiag.sys (LG Electronics Inc.)
DRV - (usbbus) -- C:\Windows\System32\drivers\lgusbbus.sys (LG Electronics Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (camfilt2) -- C:\Windows\System32\drivers\camfilt2.sys (Guillemot Corporation)
DRV - (SNPSTD3) -- C:\Windows\System32\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (EverestDriver) -- C:\Programme\Lavalys\EVEREST Home Edition\kerneld.wnt ()
DRV - (MTsensor) -- C:\Windows\System32\drivers\ASACPI.sys ()
DRV - (giveio) -- C:\Windows\System32\giveio.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\URLSearchHook:  - No CLSID value found
IE - HKU\.DEFAULT\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-18\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-169190448-2637492132-308262306-1003\..\SearchScopes,DefaultScope = 
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\Windows\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\christian\AppData\Local\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
 
[2012.08.24 00:18:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\christian\AppData\Roaming\mozilla\Extensions
[2012.08.19 04:14:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.google.com/
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\15.2.0.5_0\
CHR - Extension: No name found = C:\Users\christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiokahphinmbmakkehgelkmpolmnbkdh\1.0.96.0_0\
 
O1 HOSTS File: ([2013.06.06 21:23:18 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Programme\icq\Internet Explorer\icq.dll (solute gmbh)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! Online Security) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EADM] C:\Program Files\Origin\Origin.exe (Electronic Arts)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIINE.EXE (SEIKO EPSON CORPORATION)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [ICQ] C:\Program Files\ICQ7M\ICQ.exe (ICQ, LLC.)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1001..\Run: [Steam] C:\Program Files\Steam\Steam.exe (Valve Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] C:\Windows\System32\SPReview\SPReview.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169190448-2637492132-308262306-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-169190448-2637492132-308262306-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - Reg Error: Key error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7M - {781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - C:\Programme\ICQ7M\ICQ.exe (ICQ, LLC.)
O16 - DPF: {C8BC46C7-921C-4102-B67D-F1F7E65FB0BE} https://battlefield.play4free.com/static/updater/BP4FUpdater_1.0.96.0.cab (Battlefield Play4Free Updater)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3F98AB5C-CD42-4622-B106-570EFF8C74A4}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF60E1C4-E5FC-4153-A9FF-AF3B11BF6D9C}: DhcpNameServer = 8.8.8.8
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.13 03:04:35 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.13 03:04:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.13 03:01:13 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.06.13 03:01:12 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.06.13 03:01:12 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.06.13 03:01:11 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.06.13 03:01:11 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.06.13 03:01:11 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe
[2013.06.13 03:01:11 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.06.13 03:01:11 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.06.12 17:42:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cryptdlg.dll
[2013.06.12 17:42:10 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll
[2013.06.12 17:42:08 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certutil.exe
[2013.06.12 17:42:07 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\certenc.dll
[2013.06.12 17:42:03 | 003,968,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.06.12 17:42:03 | 003,913,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.06.11 20:19:56 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.06.11 20:19:11 | 002,347,384 | ---- | C] (ESET) -- C:\Users\christian\Desktop\esetsmartinstaller_enu.exe
[2013.06.10 00:42:44 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PhotoScape
[2013.06.10 00:37:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape
[2013.06.10 00:37:01 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape
[2013.06.09 22:56:30 | 000,000,000 | ---D | C] -- C:\Windows\System32\URTTEMP
[2013.06.09 22:55:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.06.09 22:55:19 | 000,000,000 | ---D | C] -- C:\Program Files\Netdevil
[2013.06.08 22:14:28 | 000,000,000 | ---D | C] -- C:\Games
[2013.06.06 21:20:33 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.06.04 18:54:20 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.06.04 18:53:56 | 000,000,000 | ---D | C] -- C:\JRT
[2013.06.04 18:52:49 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.06.03 17:34:39 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.06.03 17:09:36 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe
[2013.06.03 13:34:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.06.03 13:08:19 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.06.03 01:12:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.03 01:12:19 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\temp
[2013.06.03 00:57:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.03 00:57:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.03 00:57:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.03 00:56:56 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.03 00:56:29 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.03 00:55:24 | 005,076,415 | R--- | C] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe
[2013.06.03 00:00:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 16:55:46 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedFan
[2013.06.02 15:22:42 | 000,000,000 | ---D | C] -- C:\Program Files\SpeedFan
[2013.06.02 15:15:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.06.02 15:15:12 | 000,000,000 | ---D | C] -- C:\Program Files\Lavalys
[2013.06.02 14:25:46 | 000,154,400 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvhda32v.sys
[2013.06.02 14:25:46 | 000,028,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdap32.dll
[2013.06.02 14:25:45 | 021,096,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglv32.dll
[2013.06.02 14:25:45 | 009,053,984 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\drivers\nvlddmkm.sys
[2013.06.02 14:25:45 | 006,324,360 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvopencl.dll
[2013.06.02 14:25:45 | 000,214,448 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvinit.dll
[2013.06.02 14:25:45 | 000,181,488 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvoglshim32.dll
[2013.06.02 14:25:44 | 007,682,960 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuda.dll
[2013.06.02 14:25:44 | 002,754,336 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvid.dll
[2013.06.02 14:25:44 | 002,002,720 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcuvenc.dll
[2013.06.02 14:25:44 | 001,024,288 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco3232018.dll
[2013.06.02 14:25:44 | 000,893,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco3232018.dll
[2013.06.02 14:25:44 | 000,443,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvFBC.dll
[2013.06.02 14:25:44 | 000,421,152 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\NvIFR.dll
[2013.06.02 14:25:43 | 017,560,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvcompiler.dll
[2013.06.02 14:06:35 | 000,012,872 | ---- | C] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
[2013.06.02 13:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\HitmanPro
[2013.06.02 13:57:30 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro
[2013.06.01 23:03:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2013.06.01 23:03:56 | 000,368,944 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2013.06.01 23:03:56 | 000,029,816 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2013.06.01 23:03:53 | 000,061,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2013.06.01 23:03:52 | 000,765,736 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2013.06.01 23:03:52 | 000,056,080 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2013.06.01 23:03:46 | 000,066,336 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2013.06.01 23:03:44 | 000,229,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2013.06.01 23:03:12 | 000,041,664 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2013.06.01 23:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.06.01 23:02:16 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.05.30 16:21:17 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\Battlefield 2
[2013.05.30 14:34:50 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2013.05.30 14:02:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2013.05.25 19:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:20:40 | 000,000,000 | ---D | C] -- C:\Program Files\Dream Chronicles 2 - The Eternal Maze
[2013.05.25 19:18:57 | 000,000,000 | ---D | C] -- C:\Program Files\bfgclient
[2013.05.25 19:16:50 | 000,235,080 | ---- | C] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.22 21:56:12 | 000,000,000 | ---D | C] -- C:\ProgramData\PlayFirst
[2013.05.22 21:56:06 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\PlayFirst
[2013.05.22 21:55:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayFirst
[2013.05.22 21:55:43 | 000,000,000 | ---D | C] -- C:\Program Files\PlayFirst
[2013.05.22 20:40:37 | 000,000,000 | R--D | C] -- C:\Users\christian\Desktop\Discworld 2 (CD DOS)
[2013.05.22 20:30:11 | 000,000,000 | ---D | C] -- C:\Users\christian\Documents\bewerbung
[2013.05.22 20:29:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\ScummVM
[2013.05.22 20:29:37 | 000,000,000 | ---D | C] -- C:\Program Files\ScummVM
[2013.05.22 20:16:09 | 000,618,912 | ---- | C] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:23:29 | 000,079,256 | ---- | C] (OGPlanet) -- C:\Windows\System32\npOGPPlugin.dll
[2013.05.22 16:23:28 | 000,271,768 | ---- | C] (OGPlanet) -- C:\Windows\System32\OGPIEPlugin.ocx
[2013.05.22 16:23:27 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OGPlanet
[2013.05.22 16:23:26 | 000,000,000 | ---D | C] -- C:\Program Files\OGPlanet
[2013.05.15 20:25:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wwanprotdim.dll
[2013.05.15 20:25:45 | 002,347,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.05.15 20:25:45 | 000,218,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys
[2013.05.15 20:25:36 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\authui.dll
[2013.05.15 20:25:36 | 000,101,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\consent.exe
[2013.05.15 06:53:15 | 000,000,000 | ---D | C] -- C:\Users\christian\AppData\Local\NVIDIA
[2013.05.15 00:33:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.05.15 00:31:05 | 000,892,704 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvhdagenco3220103.dll
[2013.05.15 00:29:09 | 001,009,512 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispco32.dll
[2013.05.15 00:29:09 | 000,888,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvdispgenco32.dll
[2013.05.15 00:28:47 | 013,403,168 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvwgf2um.dll
[2013.05.15 00:28:45 | 000,925,648 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvumdshim.dll
[2013.05.15 00:28:43 | 012,426,216 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvd3dum.dll
[2013.05.15 00:28:33 | 002,597,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\System32\nvapi.dll
[2007.08.13 17:46:00 | 000,102,912 | ---- | C] (Albert L Faber) -- C:\Users\christian\AppData\Local\CDRip.dll
[2007.01.18 21:09:54 | 000,623,616 | ---- | C] (Ivan Bischof ©2003 - 2005) -- C:\Users\christian\AppData\Local\No23 Recorder.exe
[2006.12.11 19:13:14 | 000,013,872 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\basscd.dll
[2006.12.11 19:13:12 | 000,097,336 | ---- | C] (Un4seen Developments) -- C:\Users\christian\AppData\Local\bass.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.13 14:57:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001UA.job
[2013.06.13 14:50:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.13 03:31:34 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 03:31:34 | 000,017,136 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.13 03:23:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.13 03:23:16 | 2364,399,616 | -HS- | M] () -- C:\hiberfil.sys
[2013.06.12 21:57:00 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-169190448-2637492132-308262306-1001Core.job
[2013.06.12 01:50:11 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.06.12 01:50:11 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.06.11 20:19:45 | 002,347,384 | ---- | M] (ESET) -- C:\Users\christian\Desktop\esetsmartinstaller_enu.exe
[2013.06.10 00:37:11 | 000,000,989 | ---- | M] () -- C:\Users\christian\Desktop\PhotoScape.lnk
[2013.06.09 22:57:05 | 000,707,234 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.09 22:57:05 | 000,660,852 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.09 22:57:05 | 000,152,826 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.09 22:57:05 | 000,125,042 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.09 21:21:49 | 288,678,016 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.06.09 19:05:31 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2013.06.09 18:42:07 | 000,139,424 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.06.09 18:41:24 | 000,282,104 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2013.06.08 22:14:48 | 000,000,736 | ---- | M] () -- C:\Users\christian\Desktop\Paintball2.lnk
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.06.08 13:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.06.06 22:02:23 | 000,002,388 | ---- | M] () -- C:\Users\christian\Desktop\Google Chrome.lnk
[2013.06.06 21:23:18 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts
[2013.06.04 19:12:25 | 000,009,224 | ---- | M] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf
[2013.06.04 19:06:07 | 000,000,176 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 19:03:56 | 000,632,031 | ---- | M] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.06.04 18:52:50 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\christian\Desktop\JRT.exe
[2013.06.03 17:36:14 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\christian\Desktop\tdsskiller.exe
[2013.06.03 17:32:58 | 000,000,512 | ---- | M] () -- C:\Users\christian\Desktop\MBR.dat
[2013.06.03 17:11:08 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\christian\Desktop\aswMBR.exe
[2013.06.03 13:30:14 | 013,169,742 | ---- | M] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip
[2013.06.03 12:59:48 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\6jc3pzdk.exe
[2013.06.03 12:56:58 | 000,377,856 | ---- | M] () -- C:\Users\christian\Desktop\sog1gzlt.exe
[2013.06.03 00:56:17 | 005,076,415 | R--- | M] (Swearware) -- C:\Users\christian\Desktop\ComboFix.exe
[2013.06.03 00:00:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\christian\Desktop\OTL.exe
[2013.06.02 17:45:27 | 000,001,204 | ---- | M] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | M] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | M] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:42 | 000,000,045 | ---- | M] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | M] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | M] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:06:35 | 000,012,872 | ---- | M] (SurfRight B.V.) -- C:\Windows\System32\bootdelete.exe
[2013.06.02 13:58:14 | 000,001,905 | ---- | M] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.01 23:03:57 | 000,002,075 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:46 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2013.05.30 14:15:00 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.25 23:39:46 | 001,764,840 | ---- | M] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | M] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | M] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | M] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:17:17 | 000,235,080 | ---- | M] (Big Fish Games) -- C:\Users\christian\Desktop\bigfishgames_p182285445_s2_l2.exe
[2013.05.22 21:56:06 | 000,001,102 | ---- | M] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | M] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:57:02 | 623,922,266 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:40:17 | 722,797,309 | ---- | M] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 20:29:41 | 000,000,983 | ---- | M] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:16:12 | 000,618,912 | ---- | M] (www.download-sponsor.de) -- C:\Users\christian\Desktop\Discworld.exe
[2013.05.22 16:30:32 | 000,001,125 | ---- | M] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:23:20 | 004,350,224 | ---- | M] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.17 03:26:04 | 000,042,496 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2013.05.17 03:25:33 | 000,493,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.05.17 03:25:27 | 002,877,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.05.17 03:25:27 | 000,039,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.05.17 03:25:26 | 000,109,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll
[2013.05.17 03:25:26 | 000,061,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2013.05.17 03:25:26 | 000,033,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2013.05.16 03:40:00 | 000,294,584 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.05.15 01:54:23 | 000,001,305 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.10 00:37:11 | 000,000,989 | ---- | C] () -- C:\Users\christian\Desktop\PhotoScape.lnk
[2013.06.08 22:14:48 | 000,000,736 | ---- | C] () -- C:\Users\christian\Desktop\Paintball2.lnk
[2013.06.04 19:12:25 | 000,009,224 | ---- | C] () -- C:\Users\christian\Desktop\AdrwCleaner.rtf
[2013.06.04 19:05:54 | 000,000,176 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat
[2013.06.04 19:03:56 | 000,632,031 | ---- | C] () -- C:\Users\christian\Desktop\adwcleaner.exe
[2013.06.03 17:32:58 | 000,000,512 | ---- | C] () -- C:\Users\christian\Desktop\MBR.dat
[2013.06.03 13:29:39 | 013,169,742 | ---- | C] () -- C:\Users\christian\Desktop\mbar-1.06.0.1003.zip
[2013.06.03 13:08:15 | 288,678,016 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.06.03 12:59:48 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\6jc3pzdk.exe
[2013.06.03 12:56:58 | 000,377,856 | ---- | C] () -- C:\Users\christian\Desktop\sog1gzlt.exe
[2013.06.03 00:57:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.03 00:57:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.03 00:57:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.03 00:57:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.03 00:57:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.02 17:45:27 | 000,001,204 | ---- | C] () -- C:\Users\christian\Documents\virusfrage2.rtf
[2013.06.02 17:39:31 | 000,001,108 | ---- | C] () -- C:\Users\christian\Documents\virusfrage.rtf
[2013.06.02 15:22:43 | 000,000,965 | ---- | C] () -- C:\Users\christian\Desktop\SpeedFan.lnk
[2013.06.02 15:22:41 | 000,000,045 | ---- | C] () -- C:\Windows\System32\initdebug.nfo
[2013.06.02 15:22:41 | 000,000,000 | ---- | C] () -- C:\Users\christian\Desktop\initdebug.nfo
[2013.06.02 15:15:14 | 000,001,072 | ---- | C] () -- C:\Users\christian\Desktop\EVEREST Home Edition.lnk
[2013.06.02 14:25:45 | 000,015,885 | ---- | C] () -- C:\Windows\System32\nvinfo.pb
[2013.06.02 13:58:14 | 000,001,905 | ---- | C] () -- C:\Users\Public\Desktop\HitmanPro.lnk
[2013.06.01 23:03:57 | 000,002,075 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2013.06.01 23:03:51 | 000,174,664 | ---- | C] () -- C:\Windows\System32\drivers\aswVmm.sys
[2013.06.01 23:03:49 | 000,049,376 | ---- | C] () -- C:\Windows\System32\drivers\aswRvrt.sys
[2013.05.30 14:15:00 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\BF2 jetzt online spielen!.lnk
[2013.05.30 14:15:00 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Battlefield 2.lnk
[2013.05.25 23:38:11 | 001,764,840 | ---- | C] () -- C:\Users\christian\Desktop\Installer_DC_TheChosenChild_DE.exe
[2013.05.25 19:20:51 | 000,002,098 | ---- | C] () -- C:\Users\Public\Desktop\Spiel Dream Chronicles 2 - The Eternal Maze.lnk
[2013.05.25 19:20:51 | 000,001,280 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.lnk
[2013.05.25 19:19:54 | 000,000,929 | ---- | C] () -- C:\Users\Public\Desktop\Game Manager.lnk
[2013.05.25 19:19:54 | 000,000,225 | ---- | C] () -- C:\Users\Public\Desktop\Weitere fantastische Spiele.url
[2013.05.25 19:18:59 | 000,001,873 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Manager.lnk
[2013.05.25 19:18:59 | 000,001,224 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Weitere fantastische Spiele.lnk
[2013.05.22 21:56:06 | 000,001,102 | ---- | C] () -- C:\Users\christian\Desktop\PlayFirst.com.lnk
[2013.05.22 21:56:06 | 000,001,052 | ---- | C] () -- C:\Users\christian\Desktop\Dream Chronicles.lnk
[2013.05.22 20:48:10 | 623,922,266 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2.7z
[2013.05.22 20:29:41 | 000,000,983 | ---- | C] () -- C:\Users\christian\Desktop\ScummVM.lnk
[2013.05.22 20:24:35 | 722,797,309 | ---- | C] () -- C:\Users\christian\Desktop\Discworld 2 (CD DOS).zip
[2013.05.22 16:23:27 | 000,001,125 | ---- | C] () -- C:\Users\christian\Desktop\Game Launcher.lnk
[2013.05.22 16:22:56 | 004,350,224 | ---- | C] () -- C:\Users\christian\Desktop\ogpdownload_ti.exe
[2013.05.15 01:54:23 | 000,001,305 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.05.15 00:10:56 | 003,165,737 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin
[2013.05.04 20:48:27 | 002,601,752 | ---- | C] () -- C:\Windows\System32\pbsvc_moh.exe
[2013.05.04 14:13:26 | 000,139,424 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2013.05.04 14:12:48 | 000,282,104 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2013.05.04 14:12:32 | 000,840,264 | ---- | C] () -- C:\Windows\System32\pbsvc.exe
[2013.05.03 23:47:44 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2012.12.28 22:37:37 | 003,600,384 | ---- | C] () -- C:\Windows\ffmpeg.exe
[2012.12.28 22:37:24 | 000,057,344 | ---- | C] ( ) -- C:\Windows\System32\vsnpstd3.dll
[2012.12.28 22:37:22 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\csnpstd3.dll
[2012.12.28 22:37:22 | 000,015,478 | ---- | C] () -- C:\Windows\snpstd3.ini
[2012.12.24 18:53:08 | 000,003,584 | ---- | C] () -- C:\Users\christian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.10.19 14:41:10 | 000,000,026 | ---- | C] () -- C:\Users\christian\AppData\Roaming\urhtps.dat
[2012.10.19 01:40:23 | 000,000,017 | ---- | C] () -- C:\Users\christian\AppData\Roaming\blckdom.res
[2012.08.04 01:17:35 | 000,138,056 | ---- | C] () -- C:\Users\christian\AppData\Roaming\PnkBstrK.sys
[2012.08.01 00:54:07 | 000,001,475 | ---- | C] () -- C:\Users\christian\AppData\Local\RecConfig.xml
[2012.07.30 13:15:28 | 000,080,896 | ---- | C] () -- C:\Windows\System32\RDVGHelper.exe
[2012.07.30 13:14:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Files - Unicode (All) ==========
[2012.07.28 18:51:14 | 000,002,464 | ---- | M] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
[2012.07.28 18:51:14 | 000,002,464 | ---- | C] ()(C:\Users\christian\Desktop\???????.lnk) -- C:\Users\christian\Desktop\淘米儿童浏览器.lnk
(C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\???????) -- C:\Users\christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\淘米儿童浏览器

< End of report >
         
Code:
ATTFilter
OTL Extras logfile created on: 13.06.2013 15:17:07 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\christian\Desktop
 Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,94 Gb Total Physical Memory | 0,80 Gb Available Physical Memory | 27,20% Memory free
5,87 Gb Paging File | 2,65 Gb Available in Paging File | 45,21% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 146,95 Gb Total Space | 42,07 Gb Free Space | 28,63% Space Free | Partition Type: NTFS
 
Computer Name: CHRISTIAN-PC | User Name: christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0043B1B1-4ADF-4399-976D-170E6BF67D98}" = rport=139 | protocol=6 | dir=out | app=system | 
"{02B454A0-77A7-4CD6-85DA-51AC39EE4586}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{21A572B5-E7F5-4379-A4C5-B2FE1F9FCD5C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2335967D-2397-4B7B-A190-1B84BC7D3F6E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{2EBC63DA-74EF-4AD5-A429-CF884F7AFFA2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2F93EC86-1958-4138-A557-2B4C626E9014}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{3F3CDEC8-451E-42BA-9662-C6AAE5DAE376}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F44D59E-6B6C-4983-AF26-59C5E31FFE07}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{49FCA299-F92A-4435-BAD1-8C99A8AD076A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4B3F807E-3B16-483D-9263-3CC3350B52D6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{564CFD75-D79A-45FB-8DD9-A0ACD35285AF}" = rport=137 | protocol=17 | dir=out | app=system | 
"{57AA0D82-004F-4D12-BB7E-1DBF67E65CF7}" = lport=139 | protocol=6 | dir=in | app=system | 
"{617F8F74-29AA-4D9F-B2D0-A0786AD8BBC0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{6A05BD3B-A572-4A9A-8CB4-8031A8AFFE8C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{6B02A4C4-42B7-4D2B-A593-5F45616955EE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{6FA622F9-15F1-40D2-AEFB-BD6472124E37}" = lport=137 | protocol=17 | dir=in | app=system | 
"{72E1306B-6D79-452C-B039-98E2C49E27F1}" = lport=445 | protocol=6 | dir=in | app=system | 
"{80D40AD6-ECA1-4581-9096-521EEF85E8DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BE0B9893-6D30-4466-8110-726B72C5403D}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BED7BC52-A47B-49E3-94CF-3973F6E1A488}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CE6D8056-2560-4A4A-9467-5F7AEAEAB376}" = lport=138 | protocol=17 | dir=in | app=system | 
"{D3E500CE-6D80-4164-8409-A38A0D580C04}" = rport=138 | protocol=17 | dir=out | app=system | 
"{EFF2543B-9D65-4592-B390-C72BF9043BC1}" = lport=2869 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5B632F-BA10-411D-AA70-7FD5C40574BD}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{0F0F2A25-F1C4-4EEE-9357-D7C9D66322B8}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{0FA1FB00-8F35-48A6-BF98-1D822781E3E3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{12050029-741F-437E-9EE6-DA904BC055FE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FFA7CB6-4D84-448C-A227-FD8D3F482349}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{232FAC31-4989-4EE2-B67E-EB327057E8ED}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{23FB0F58-4580-49D1-AFA1-EA1D7E55A5C2}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{2A99FBE5-16E2-420A-AB8A-9749E0F71A3E}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{2FE246A3-6D94-4749-AB22-7349A4E25746}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{38959AD0-F4EA-4088-92B8-E3725449F209}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{41354A1F-19B1-4BA9-AF61-F8C6F45A9FEF}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{434DDC38-A711-4463-9E5A-B77140E4A8C8}" = dir=in | app=c:\program files\acr\autoclubrev\web\acrlauncher.exe | 
"{491BD2CB-C59B-4B0C-9276-44F5FD5747C1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{4B314CB6-A9FF-41A1-892B-FACF9FE707F2}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{4D976349-DD8F-4AD7-B840-E8CE8B220C91}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{4E8A4160-FA26-499C-A514-CEA76AB9529F}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{56F148FB-4B23-4B1A-828E-6FD3E364DF78}" = protocol=17 | dir=in | app=c:\program files\assaultcube_v1.1.0.4\bin_win32\ac_server.exe | 
"{5F07C518-4FF0-4AF6-91AF-CE1BA96B0BA5}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{6052C571-3971-4078-87E1-EB5178EBDE1A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{62633842-8B2E-4A1A-8241-B304A4E5C450}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{6CF54414-A6A8-4FFA-ACA6-432636087C79}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{71E38912-E46E-4B9C-85C8-1536AEB65B70}" = protocol=17 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{76429C89-CA3E-47AD-B260-E98D8CB778CD}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{799E3303-B7BF-4EE2-9654-8406C9C8D07B}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{7C885785-F59D-4A7A-AE38-949583A26C34}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{7D474FD4-08CC-4BE9-B9CD-1D9B9A64B5FE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{81A6DB89-E30D-43A4-AA41-E11374AA7236}" = protocol=6 | dir=out | app=system | 
"{8A574993-2E62-4964-904A-AEA759E4E453}" = protocol=17 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{90D05CC1-0EF6-48BE-BB5A-2FB1C10A1D26}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{9D8A4DC7-33A2-43AE-AFEB-C45E6BEC9624}" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{9EB52FC1-E1F0-4E84-BF1A-ED27568ABB0B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9F1C7599-C882-4904-89F8-C1387665E854}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{AC9D3256-AD7B-46D9-98B5-08B78E9225F0}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{AF8EED70-1AFE-440D-A611-6A6FE5D6CD34}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{B35436B7-FE99-4109-B401-17FC15FCB2A0}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | 
"{B5A601EF-8457-4EEC-A3A1-5635856BC980}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{B686EA00-8553-4B86-B6C9-FA11C7891950}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\downloader.exe | 
"{BA3C3DCA-A576-48C8-9D6E-816F250E3DD6}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C0725131-A386-4553-AF1B-7BAA63EEE4D1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C171A88A-78E8-4414-A07A-63344EFEAD53}" = protocol=6 | dir=in | app=c:\program files\icq7m\icq.exe | 
"{CD6F7D71-A456-44B4-89EF-AC2C9574E313}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0C9151D-5B9A-4AC7-AB7D-9353BCAA52DD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D279FDB8-DC58-4269-8B63-9678549A7BDB}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{D300E9AD-BCEC-4768-A131-CBAB4524E2D0}" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield 2\bf2.exe | 
"{D697124E-D750-439C-970D-B9CB5C7871D0}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{E0065CA9-E11D-45D5-927E-BA10DFA9FAC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{E529F1BF-517D-48B3-B7A7-2AC61D086158}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E5FEFA4D-D0E3-4498-9DA8-345304631D6A}" = protocol=6 | dir=in | app=c:\program files\yourfiledownloader\yourfile.exe | 
"{ECBBC2C2-70D8-4447-8663-35C79EA778D9}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{EEA5E877-418E-4C5D-B763-430CA020881F}" = dir=in | app=c:\program files\acr\autoclubrev\bin\acr.exe | 
"{F0CF3594-15B4-44D6-842D-F56F6591FFAF}" = protocol=6 | dir=in | app=c:\program files\assaultcube_v1.1.0.4\bin_win32\ac_server.exe | 
"{F4677B4C-49AC-426D-8B69-963DBFA71B8B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F6536AD2-FF60-4742-9999-727B921A0F49}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{FC309E73-D704-4645-853E-E0A8F8E189CE}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{06038E17-538C-42E8-90B8-00A27D295379}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"TCP Query User{304B1DBC-E52D-46FE-A14D-39C6E74D66DB}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{314863C1-772E-4A3E-9D9A-DF57ABEBC772}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{481D194F-8B13-4362-9851-77E582A27CB1}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{4E144FB8-88A0-442C-A6C0-2A3E3F4F13CC}C:\windows\explorer.exe" = protocol=6 | dir=in | app=c:\windows\explorer.exe | 
"TCP Query User{513062CB-E94D-4243-8AAC-A826EB6675CD}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | 
"TCP Query User{5910158A-981B-4188-966E-773355EB8FB3}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"TCP Query User{5C23BD90-2110-498E-A5B3-AF93C31120F2}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5CA5C6C4-71AD-4F59-B8DF-48FAADA550F0}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{79BEAD43-B064-4638-9E37-8A9EC764AEA5}C:\games\paintball2\paintball2.exe" = protocol=6 | dir=in | app=c:\games\paintball2\paintball2.exe | 
"TCP Query User{9F5D0BB9-00DA-43FE-906F-6D68F50E4E8D}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"TCP Query User{A3544468-48BD-41B0-BF09-03A8B762947B}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{A4BD2B54-EE94-4A81-B53F-2487F50BC76A}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=6 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"TCP Query User{AEA6BCCD-C52A-4E86-B66C-8232996EB460}C:\program files\java\jre7\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"TCP Query User{E2208F94-D025-444D-AF0B-80F0AF19920C}C:\windows\system32\taskeng.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskeng.exe | 
"TCP Query User{F453324D-3442-4912-B339-3C76F867DEBF}C:\program files\hercules\classic silver\station2.exe" = protocol=6 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"TCP Query User{FD53C1BD-C29F-4E17-84F5-B011632CD8A8}C:\program files\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{03D29D41-B75B-41EC-8044-160532DDA779}C:\program files\electronic arts\medal of honor\binaries\moh.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\binaries\moh.exe | 
"UDP Query User{075445E8-2142-47EC-960F-F06569BE3A60}C:\program files\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files\orbitdownloader\orbitnet.exe | 
"UDP Query User{09DC2C09-68D6-492C-9F89-3AB0A415BF87}C:\program files\hercules\classic silver\station2.exe" = protocol=17 | dir=in | app=c:\program files\hercules\classic silver\station2.exe | 
"UDP Query User{0ECF42CD-CC74-44C3-87AA-6565A25D27D6}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{377F22F4-0CCD-42B9-92C6-B94867C6D584}C:\program files\electronic arts\medal of honor\mp\mohmpgame.exe" = protocol=17 | dir=in | app=c:\program files\electronic arts\medal of honor\mp\mohmpgame.exe | 
"UDP Query User{391395CA-C694-424A-878D-03BCB50E9C98}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{546C6CA0-5DD7-4ECE-8627-47EEA01BFEFC}C:\program files\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{729C9629-0A08-45F1-898C-B22D71217521}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
"UDP Query User{82F5EA8A-12CE-4AB9-84C3-D905CD4D210F}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{93CB7A51-8462-4F73-9918-D857812646F4}C:\windows\system32\taskeng.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskeng.exe | 
"UDP Query User{B5E01533-DCD3-4760-AA95-AE50B93D7074}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{B77DD564-8392-48D6-BDCA-35FC2EA5F2B9}C:\udk\paranormal - beta 4\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\paranormal - beta 4\binaries\win32\udk.exe | 
"UDP Query User{C446E2F9-43A2-4F53-9DFF-E52534DBA61A}C:\program files\java\jre7\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\java.exe | 
"UDP Query User{C73D4B16-F21B-4B6E-BC92-30D4E15156DC}C:\games\paintball2\paintball2.exe" = protocol=17 | dir=in | app=c:\games\paintball2\paintball2.exe | 
"UDP Query User{D63A04A0-AFA8-42CC-9F12-B4CCAB926F7F}C:\windows\explorer.exe" = protocol=17 | dir=in | app=c:\windows\explorer.exe | 
"UDP Query User{EACC3CDF-BA2B-41F4-A1B4-022472DB05A3}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe | 
"UDP Query User{EB5BC889-9F48-4AC0-BD10-9A58F2906B52}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{04858915-9F49-4B2A-AED4-DC49A7DE6A7B}" = Battlefield 2(TM)
"{065DBB54-6E55-A609-2E1E-F0617E827D53}" = Media Go Video Playback Engine 1.96.118.08260
"{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}" = ICQ Sparberater
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{30E01116-5666-4807-8EF1-D80E9FF16717}" = Epson Easy Photo Print 2
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{415030B8-3E8B-462A-8C03-41D95AA3AB3B}" = Medal of Honor (TM)
"{461B11E8-BF34-4ACB-962A-1CBE905BD9EB}" = LG United Mobile Drivers
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{781B39EC-2E18-41FC-9B00-B84E4FFCA85F}" = ICQ7M
"{7A6C3344-5CF9-4B83-959C-6576C5B27D09}" = Media Go
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{904CCF62-818D-4675-BC76-D37EB399F917}" = Windows Mobile-Gerätecenter
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.03) - Deutsch
"{AC7EE5F1-0DE4-4256-8E43-92B73C8E6019}" = LG Bluetooth Drivers
"{B2D55EB8-32C5-4B43-9006-9E97DECBA178}" = Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.5
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 320.18
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 4.11.9
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.24.2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BECE9CCD-83F6-4BAA-9B26-227DF7D2E932}" = Epson Event Manager
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D0353B68-A142-4F89-A46E-1C9A7745D636}" = Download Navigator
"{D137B59C-551C-4659-8AA8-206FA650BF40}" = LG USB Modem Drivers
"{D3D02004-0977-4BB1-8FE8-8BC4230DCEEC}}_is1" = ACR version 0.001
"{D94BA408-F110-488B-A65E-3AE7945F79E6}_is1" = LG PC Suite III deinstallieren
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F9000000-0018-0000-0000-074957833700}" = ABBYY FineReader 9.0 Sprint
"{FD4FE0F7-91FC-43A2-9C3A-187553991FFF}" = Hercules Classic Silver Webcam
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"7-Zip" = 7-Zip 9.20
"ABBYY FineReader 9.0 Sprint" = ABBYY FineReader 9.0 Sprint
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Any Video Converter_is1" = Any Video Converter 3.4.2
"Ashampoo Burning Studio 2012_is1" = Ashampoo Burning Studio 2012 v.10.0.15
"AssaultCube_v1.1.0.4" = AssaultCube v1.1.0.4
"avast" = avast! Free Antivirus
"Battlelog Web Plugins" = Battlelog Web Plugins
"BFGC" = Big Fish Games: Game Manager
"BFG-Dream Chronicles 2 - The Eternal Maze" = Dream Chronicles ™ 2: The Eternal Maze
"CCleaner" = CCleaner
"Dream Chronicles" = Dream Chronicles
"EPSON Scanner" = EPSON Scan
"EPSON XP-102 103 Series" = EPSON XP-102 103 Series Printer Uninstall
"EPSON XP-102 103 Series Useg" = Benutzerhandbuch EPSON XP-102 103 Series
"ESET Online Scanner" = ESET Online Scanner v3
"ESN Sonar-0.70.4" = ESN Sonar
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Hardware Helper_is1" = Hardware Helper
"HitmanPro37" = HitmanPro 3.7
"HotspotShield" = Hotspot Shield 2.78
"HyperCam 3 3.5.1210.30" = HyperCam 3
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OGPlanet Game Launcher" = OGPlanet Game Launcher
"OpenAL" = OpenAL
"Origin" = Origin
"Paintball2" = Paintball2 Alpha build 37
"PhotoScape" = PhotoScape
"PunkBusterSvc" = PunkBuster Services
"ScummVM_is1" = ScummVM 1.5.0
"SpeedFan" = SpeedFan (remove only)
"Steam App 55100" = Homefront
"Update Engine" = Sony Ericsson Update Engine
"VLC media player" = VLC media player 2.0.5
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-169190448-2637492132-308262306-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"ClubCooee" = Club Cooee
"Google Chrome" = Google Chrome
"TaomeeBrowser" = 淘米儿童浏览器
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.06.2013 14:51:47 | Computer Name = christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFP4f.exe, Version: 1.0.0.0, Zeitstempel:
 0x51a48552  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725, Zeitstempel:
 0x4ec49b60  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00047732  ID des fehlerhaften Prozesses:
 0x5de8  Startzeit der fehlerhaften Anwendung: 0x01ce6542586bf74a  Pfad der fehlerhaften
 Anwendung: C:\Program Files\EA Games\Battlefield Play4Free\BFP4f.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: a2b0a0a9-d135-11e2-b425-001a9236e0af
 
Error - 09.06.2013 16:55:31 | Computer Name = christian-PC | Source = MsiInstaller | ID = 1013
Description = 
 
Error - 09.06.2013 16:57:43 | Computer Name = christian-PC | Source = Application Hang | ID = 1002
Description = Programm WarmongerSetup.exe, Version 0.0.0.0 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 4e0    Startzeit: 01ce6553989eb8a0    Endzeit: 10    Anwendungspfad: 
C:\Users\christian\Downloads\WarmongerSetup.exe    Berichts-ID:   
 
Error - 09.06.2013 20:02:19 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 09.06.2013 20:05:13 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.06.2013 20:08:26 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.06.2013 20:10:52 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.06.2013 19:17:44 | Computer Name = christian-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hsssrv.exe, Version: 2.78.0.0, Zeitstempel:
 0x50a6f045  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000  ID des fehlerhaften Prozesses:
 0x6e8  Startzeit der fehlerhaften Anwendung: 0x01ce67820f522648  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Hotspot Shield\HssWPR\hsssrv.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: 48a3b43e-d3b6-11e2-8f70-00009236e0af
 
Error - 12.06.2013 20:12:30 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\EPSON
 Software\Download Navigator\EPSDNLMW.EXE".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 12.06.2013 20:15:25 | Computer Name = christian-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\Sony\sony
 pc companion\Drivers\DPInst64.exe".  Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="&#x2a;",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 06.06.2013 15:20:33 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Display Driver Service" wurde unerwartet beendet. Dies
 ist bereits 1 Mal passiert.
 
Error - 09.06.2013 15:22:00 | Computer Name = christian-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?09.?06.?2013 um 21:20:08 unerwartet heruntergefahren.
 
Error - 09.06.2013 15:22:10 | Computer Name = christian-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 12.06.2013 19:17:50 | Computer Name = christian-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Hotspot Shield Routing Service" wurde unerwartet beendet.
 Dies ist bereits 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 0 Millisekunden
 durchgeführt: Neustart des Diensts.
 
Error - 12.06.2013 21:05:21 | Computer Name = christian-PC | Source = DCOM | ID = 10010
Description = 
 
 
< End of report >
         

Alt 13.06.2013, 15:37   #24
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus eingefangen seitdem Pc laut - Standard

Bundespolizei Virus eingefangen seitdem Pc laut



Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Bundespolizei Virus eingefangen seitdem Pc laut
administrator, adware.dropper, adware.tsearch, anti-malware, automatisch, exploit.drop.gsa, gelöscht, pup.bundleinstaller.bi, pup.bundleinstaller.vg, pup.fctplugin, trojan.0access, trojan.agent, trojan.agent.ed, trojan.agent.tpl, trojan.banker, trojan.bho, trojan.downloader, trojan.dropper.bcminer, trojan.fakealert, trojan.fakems, trojan.pws, trojan.ransom.gen, trojan.zbot.gen




Ähnliche Themen: Bundespolizei Virus eingefangen seitdem Pc laut


  1. Bundespolizei Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.12.2013 (1)
  2. Virus w32.SillyFdc seitdem Startdatei verändert?
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (37)
  3. Tuguu VAF-Player Malware eingefangen, seitdem Warnmeldungen (svchost)
    Plagegeister aller Art und deren Bekämpfung - 21.06.2013 (31)
  4. Habe mir auch den Bundespolizei Virus eingefangen
    Log-Analyse und Auswertung - 03.05.2013 (16)
  5. ZIP-Datei aus Email geöffnet, seitdem spinnt Task-Manager. Trojaner eingefangen?
    Log-Analyse und Auswertung - 27.03.2013 (9)
  6. Bundespolizei Virus eingefangen, wie entfernen?
    Log-Analyse und Auswertung - 28.01.2013 (13)
  7. Bundespolizei Virus eingefangen, wie entfernen?
    Log-Analyse und Auswertung - 20.01.2013 (5)
  8. Bundespolizei / BKA (Version 1.15 laut www.bka-trojaner.de/)
    Log-Analyse und Auswertung - 07.09.2012 (9)
  9. Virus eingefangen - sobald PC ins Internet will kommt Bundespolizei
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (3)
  10. Virus Bundespolizei eingefangen, OTL und Malware Scan anbei
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (2)
  11. Bundespolizei Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 19.04.2012 (8)
  12. Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?
    Log-Analyse und Auswertung - 17.03.2012 (16)
  13. Bundespolizei Virus (mit Ukash) eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.02.2012 (2)
  14. HIGHPING seitdem ich einen virus habe
    Log-Analyse und Auswertung - 09.02.2012 (1)
  15. BUNDESPOLIZEI-VIRUS eingefangen - Beseitiegung des Schädlings
    Log-Analyse und Auswertung - 12.09.2011 (19)
  16. Windows Recovery? TR/Kazy.mekml.1 eingefangen laut AntiVir!
    Log-Analyse und Auswertung - 30.04.2011 (6)
  17. laut auswertung HAZZAR eingefangen wie werde ich den wieder los?
    Plagegeister aller Art und deren Bekämpfung - 25.09.2006 (4)

Zum Thema Bundespolizei Virus eingefangen seitdem Pc laut - Fixen mit OTL Starte bitte die OTL.exe . Kopiere nun den Inhalt aus der Codebox in die Textbox. Code: Alles auswählen Aufklappen ATTFilter :OTL @Alternate Data Stream - 2216 bytes - Bundespolizei Virus eingefangen seitdem Pc laut...
Archiv
Du betrachtest: Bundespolizei Virus eingefangen seitdem Pc laut auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.