GVU Trojaner, weißer Bildschrim Taskmanager und abgesicherter Modus ohne Funktion

drake86tg · 27.06.2013, 18:54

Hallo zusammen.
Leider hab auch ich mir den GVU-Trojaner eingefangen und eine Entfernung im abgesicherten Modus ist nicht möglich da der PC sofort wieder neu startet. Ich nutze einen Desktop PC mit einem AMD Phenom XII und Windows 7 Ultimate 64bit.Eine Log mit FRST habe ich bereits erstellt. Vielen Dank schon mal im Voraus für eure Hilfe.

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 26-06-2013 02
Ran by SYSTEM on 27-06-2013 19:30:16
Running from J:\
Windows 7 Ultimate (X64) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery

The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and an extra Addition.txt log.

==================== Registry (Whitelisted) ==================

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s [12503184 2012-06-11] (Realtek Semiconductor)
HKLM\...\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe /minimized [7406392 2012-11-29] (Logitech Inc.)
HKLM\...\Run: [MSC] "C:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey [1436224 2010-11-30] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe [660360 2007-05-31] (Microsoft Corporation)
HKLM-x32\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43608 2010-09-07] ()
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [113288 2010-11-17] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [946352 2012-12-18] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [StartCCC] "D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun [x]
HKLM-x32\...\Run: [APSDaemon] "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [59720 2013-04-21] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [252848 2012-07-03] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [CtaMon] Rundll32 CtaMon.dll,RunMonitor [x]
HKLM-x32\...\Run: [iTunesHelper] "D:\Programme\iTunes\iTunesHelper.exe" [x]
HKU\Uncharted\...\Run: [Steam] "E:\Steam\steam.exe" -silent [x]
HKU\Uncharted\...\Run: [LightScribe Control Panel] C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden [2741616 2011-03-04] (Hewlett-Packard Company)
HKU\Uncharted\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\UNCHAR~1\AppData\Local\Temp\b34btbztdb0vavaw.exe [73728 2013-06-27] (NVIDIA Corporation) <===== ATTENTION
HKU\Uncharted\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Uncharted\...\Command Processor: "C:\Users\UNCHAR~1\AppData\Local\Temp\b34btbztdb0vavaw.exe" <===== ATTENTION!
Startup: C:\Users\Uncharted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()

==================== Services (Whitelisted) =================

S2 JMB36X; C:\Windows\SysWOW64\XSrvSetup.exe [72280 2010-09-07] ()
S2 MsMpSvc; C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe [12784 2010-11-11] (Microsoft Corporation)
S3 NisSrv; C:\Program Files\Microsoft Security Client\Antimalware\NisSrv.exe [282616 2010-11-11] (Microsoft Corporation)
S2 PnkBstrA; C:\Windows\SysWow64\PnkBstrA.exe [76888 2013-03-02] ()
S2 AMD FUEL Service; D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe /launchService [x]
S3 DAUpdaterSvc; E:\Origin\Games\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe [x]

==================== Drivers (Whitelisted) ====================

S3 Ctafiltv; C:\Windows\System32\drivers\Ctafiltv.sys [24064 2008-08-14] (Creative Technology Ltd.)
S3 LGPBTDD; C:\Windows\System32\Drivers\LGPBTDD.sys [30728 2009-07-01] (Logitech Inc.)
S3 LGSHidFilt; C:\Windows\System32\DRIVERS\LGSHidFilt.Sys [66360 2012-10-02] (Logitech Inc.)
S1 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [188928 2010-10-24] (Microsoft Corporation)
S3 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [72064 2010-10-24] (Microsoft Corporation)
S1 prodrv06; C:\Windows\SysWow64\drivers\prodrv06.sys [79488 2004-05-13] (Protection Technology)
S0 prohlp02; C:\Windows\SysWow64\drivers\prohlp02.sys [111808 2004-05-13] (Protection Technology)
S0 prosync1; C:\Windows\SysWow64\drivers\prosync1.sys [6944 2003-09-06] (Protection Technology)
S0 sfhlp01; C:\Windows\SysWow64\drivers\sfhlp01.sys [4832 2003-12-01] (Protection Technology)
S0 sptd; C:\Windows\System32\Drivers\sptd.sys [564824 2013-03-16] (Duplex Secure Ltd.)
S3 XENfiltv; C:\Windows\System32\drivers\XENfiltv.sys [25600 2009-07-31] (Creative Technology Ltd.)
S2 AODDriver4.1; \??\D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S2 AODDriver4.2; \??\D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
S1 prodrv06; \SystemRoot\System32\drivers\prodrv06.sys [x]
S0 prohlp02; System32\drivers\prohlp02.sys [x]
S0 prosync1; System32\drivers\prosync1.sys [x]
S0 sfhlp01; System32\drivers\sfhlp01.sys [x]
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]

==================== NetSvcs (Whitelisted) ===================


==================== One Month Created Files and Folders ========

2013-06-27 19:28 - 2013-06-27 19:28 - 00000000 ____D C:\FRST
2013-06-27 16:45 - 2013-06-27 16:45 - 00163059 ____A C:\ProgramData\2433f433
2013-06-27 16:45 - 2013-06-27 16:45 - 00163038 ____A C:\Users\Uncharted\AppData\Roaming\2433f433
2013-06-27 16:45 - 2013-06-27 16:45 - 00163012 ____A C:\Users\Uncharted\AppData\Local\2433f433
2013-06-24 23:59 - 2013-06-24 23:59 - 00000000 ____D C:\Users\Uncharted\Downloads\SR_212
2013-06-24 23:19 - 2013-06-24 23:41 - 00000000 ____D C:\Users\Uncharted\Desktop\Interner Speicher
2013-06-24 23:09 - 2013-06-24 23:09 - 00294581 ____A C:\Users\Uncharted\Downloads\Landmarks_6x_212.rar
2013-06-24 23:08 - 2013-06-24 23:13 - 302045106 ____A C:\Users\Uncharted\Downloads\SR_212.rar
2013-06-24 23:03 - 2013-06-24 23:03 - 00000000 ____D C:\Users\Uncharted\Downloads\D_6x_212
2013-06-24 22:53 - 2013-06-24 22:53 - 00001085 ____A C:\Users\Uncharted\Downloads\Anleitung.rar
2013-06-24 22:46 - 2013-06-24 22:46 - 00000000 ____D C:\Users\Uncharted\Desktop\backup navi
2013-06-24 22:45 - 2013-06-24 22:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2013-06-24 22:44 - 2013-06-24 22:45 - 00000000 ____D C:\Windows\WindowsMobile
2013-06-24 22:44 - 2013-06-24 22:44 - 13054856 ____A (Microsoft Corporation) C:\Users\Uncharted\Downloads\drvupdate-amd64.exe
2013-06-24 22:42 - 2013-06-24 22:42 - 07844864 ____A C:\Users\Uncharted\Downloads\setup45dt.msi
2013-06-15 02:00 - 2013-06-08 15:08 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-15 02:00 - 2013-06-08 15:07 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-15 02:00 - 2013-06-08 15:06 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-15 02:00 - 2013-06-08 15:06 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-15 02:00 - 2013-06-08 15:06 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-15 02:00 - 2013-06-08 13:28 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-15 02:00 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-15 02:00 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-15 02:00 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-15 02:00 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-15 02:00 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-15 02:00 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-12 20:16 - 2013-06-12 20:16 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-06-12 19:44 - 2013-06-12 19:54 - 00000201 ____A C:\Users\Uncharted\Desktop\Train Simulator 2013.url
2013-06-12 02:00 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-06-12 02:00 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-06-12 02:00 - 2013-05-17 01:59 - 02241024 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-06-12 02:00 - 2013-05-17 01:59 - 00051712 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-06-12 02:00 - 2013-05-17 01:58 - 03958784 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-06-12 02:00 - 2013-05-17 01:58 - 00855552 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-06-12 02:00 - 2013-05-17 01:58 - 00603136 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-06-12 02:00 - 2013-05-17 01:58 - 00136704 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-06-12 02:00 - 2013-05-17 01:58 - 00067072 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-06-12 02:00 - 2013-05-17 01:58 - 00053248 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-06-12 02:00 - 2013-05-17 01:58 - 00039936 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-06-12 02:00 - 2013-05-14 13:23 - 00089600 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-06-12 02:00 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-06-11 21:10 - 2013-05-13 06:51 - 01464320 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-06-11 21:10 - 2013-05-13 06:51 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-06-11 21:10 - 2013-05-13 06:51 - 00139776 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-06-11 21:10 - 2013-05-13 06:50 - 00052224 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-06-11 21:10 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-06-11 21:10 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2013-06-11 21:10 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2013-06-11 21:10 - 2013-05-13 04:43 - 01192448 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-06-11 21:10 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certutil.exe
2013-06-11 21:10 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\SysWOW64\certenc.dll
2013-06-11 21:10 - 2013-05-10 06:49 - 00030720 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-06-11 21:10 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptdlg.dll
2013-06-11 21:10 - 2013-05-08 07:39 - 01910632 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-06-11 21:10 - 2013-04-26 06:51 - 00751104 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-06-11 21:10 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\SysWOW64\win32spl.dll
2013-06-11 21:10 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2013-06-11 21:10 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2013-06-11 21:10 - 2013-04-17 07:24 - 01424384 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-06-11 21:10 - 2013-03-31 23:52 - 01887232 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-06-11 20:09 - 2013-06-11 20:09 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-05-29 23:51 - 2013-05-29 23:51 - 00000000 ____D C:\Users\Uncharted\AppData\Roaming\dvdcss

==================== One Month Modified Files and Folders =======

2013-06-27 19:28 - 2013-06-27 19:28 - 00000000 ____D C:\FRST
2013-06-27 17:45 - 2013-02-02 04:06 - 01489678 ____A C:\Windows\WindowsUpdate.log
2013-06-27 17:45 - 2009-07-14 18:58 - 00641654 ____A C:\Windows\System32\perfh007.dat
2013-06-27 17:45 - 2009-07-14 18:58 - 00126450 ____A C:\Windows\System32\perfc007.dat
2013-06-27 17:45 - 2009-07-14 05:45 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-06-27 17:45 - 2009-07-14 05:45 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-06-27 17:41 - 2009-07-14 06:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2013-06-27 17:41 - 2009-07-14 05:51 - 00102412 ____A C:\Windows\setupact.log
2013-06-27 17:16 - 2009-07-14 06:13 - 01505034 ____A C:\Windows\System32\PerfStringBackup.INI
2013-06-27 16:45 - 2013-06-27 16:45 - 00163059 ____A C:\ProgramData\2433f433
2013-06-27 16:45 - 2013-06-27 16:45 - 00163038 ____A C:\Users\Uncharted\AppData\Roaming\2433f433
2013-06-27 16:45 - 2013-06-27 16:45 - 00163012 ____A C:\Users\Uncharted\AppData\Local\2433f433
2013-06-27 16:45 - 2013-02-02 04:05 - 00000000 ____D C:\users\Uncharted
2013-06-27 16:44 - 2013-03-07 12:03 - 00000000 ____D C:\Users\Uncharted\AppData\Roaming\TS3Client
2013-06-27 16:09 - 2013-03-07 08:19 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-06-26 22:49 - 2013-02-05 22:46 - 00000000 ____D C:\Users\Uncharted\AppData\Roaming\vlc
2013-06-24 23:59 - 2013-06-24 23:59 - 00000000 ____D C:\Users\Uncharted\Downloads\SR_212
2013-06-24 23:41 - 2013-06-24 23:19 - 00000000 ____D C:\Users\Uncharted\Desktop\Interner Speicher
2013-06-24 23:13 - 2013-06-24 23:08 - 302045106 ____A C:\Users\Uncharted\Downloads\SR_212.rar
2013-06-24 23:09 - 2013-06-24 23:09 - 00294581 ____A C:\Users\Uncharted\Downloads\Landmarks_6x_212.rar
2013-06-24 23:03 - 2013-06-24 23:03 - 00000000 ____D C:\Users\Uncharted\Downloads\D_6x_212
2013-06-24 22:53 - 2013-06-24 22:53 - 00001085 ____A C:\Users\Uncharted\Downloads\Anleitung.rar
2013-06-24 22:46 - 2013-06-24 22:46 - 00000000 ____D C:\Users\Uncharted\Desktop\backup navi
2013-06-24 22:45 - 2013-06-24 22:45 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_User_WpdRapi2_01_00_00.Wdf
2013-06-24 22:45 - 2013-06-24 22:44 - 00000000 ____D C:\Windows\WindowsMobile
2013-06-24 22:44 - 2013-06-24 22:44 - 13054856 ____A (Microsoft Corporation) C:\Users\Uncharted\Downloads\drvupdate-amd64.exe
2013-06-24 22:42 - 2013-06-24 22:42 - 07844864 ____A C:\Users\Uncharted\Downloads\setup45dt.msi
2013-06-22 11:23 - 2013-06-22 11:23 - 00000000 ____D C:\Users\Uncharted\Documents\Diablo III
2013-06-16 20:42 - 2013-06-16 20:42 - 00000674 ____A C:\Users\Public\Desktop\Diablo III.lnk
2013-06-12 20:16 - 2013-06-12 20:16 - 00000000 ____D C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-06-12 19:54 - 2013-06-12 19:44 - 00000201 ____A C:\Users\Uncharted\Desktop\Train Simulator 2013.url
2013-06-12 02:43 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-06-12 02:01 - 2013-02-03 11:58 - 75825640 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-06-11 20:09 - 2013-06-11 20:09 - 09089416 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerInstaller.exe
2013-06-11 20:09 - 2013-02-02 12:06 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2013-06-11 20:09 - 2013-02-02 12:06 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2013-06-10 18:35 - 2013-02-02 12:30 - 00000000 ____D C:\Users\Uncharted\AppData\Roaming\Origin
2013-06-10 18:35 - 2013-02-02 12:30 - 00000000 ____D C:\Users\Uncharted\AppData\Local\Origin
2013-06-10 18:35 - 2013-02-02 12:19 - 00000000 ____D C:\ProgramData\Origin
2013-06-08 15:08 - 2013-06-15 02:00 - 01365504 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-06-08 15:07 - 2013-06-15 02:00 - 19233792 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-06-08 15:06 - 2013-06-15 02:00 - 15404544 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-06-08 15:06 - 2013-06-15 02:00 - 02648064 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-06-08 15:06 - 2013-06-15 02:00 - 00526336 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-06-08 13:28 - 2013-06-15 02:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-06-08 12:42 - 2013-06-15 02:00 - 01141248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-06-08 12:40 - 2013-06-15 02:00 - 14327808 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-06-08 12:40 - 2013-06-15 02:00 - 13760512 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-06-08 12:40 - 2013-06-15 02:00 - 02046976 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-06-08 12:40 - 2013-06-15 02:00 - 00391168 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-06-08 12:13 - 2013-06-15 02:00 - 02706432 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-06-04 20:43 - 2009-07-14 04:20 - 00000000 __RHD C:\Users\Public\Libraries
2013-05-30 14:06 - 2013-03-25 08:31 - 00000000 ____D C:\Users\Uncharted\AppData\Roaming\Skype
2013-05-29 23:51 - 2013-05-29 23:51 - 00000000 ____D C:\Users\Uncharted\AppData\Roaming\dvdcss

==================== Known DLLs (Whitelisted) ================


==================== Bamital & volsnap Check =================

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

==================== Restore Points  =========================


==================== Memory info =========================== 

Percentage of memory in use: 8%
Total physical RAM: 12285.55 MB
Available physical RAM: 11277.65 MB
Total Pagefile: 12283.7 MB
Available Pagefile: 11284.46 MB
Total Virtual: 8192 MB
Available Virtual: 8191.86 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:55.9 GB) (Free:0.92 GB) NTFS (Disk=1 Partition=1)
Drive e: () (Fixed) (Total:232.88 GB) (Free:73.29 GB) NTFS (Disk=2 Partition=1)
Drive f: (Games) (Fixed) (Total:698.54 GB) (Free:65.19 GB) NTFS (Disk=0 Partition=2)
Drive h: (CDROM) (CDROM) (Total:0.25 GB) (Free:0 GB) CDFS
Drive j: () (Removable) (Total:0.25 GB) (Free:0.24 GB) FAT (Disk=3 Partition=1)
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS (Disk=0 Partition=1) ==>[System with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 699 GB) (Disk ID: A099B9F0)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=699 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 56 GB) (Disk ID: D53A280F)
Partition 1: (Not Active) - (Size=56 GB) - (Type=07 NTFS)

========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 233 GB) (Disk ID: 9A840F25)
Partition 1: (Not Active) - (Size=233 GB) - (Type=07 NTFS)

========================================================
Disk: 3 (Size: 252 MB) (Disk ID: 9AA28DE5)
Partition 1: (Active) - (Size=252 MB) - (Type=06)


LastRegBack: 2013-06-22 23:09

==================== End Of Log ============================

M-K-D-B · 27.06.2013, 18:56

Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.

Bitte beachte folgende Hinweise:

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab und poste alle Logdateien in CODE-Tags.
Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
Bitte kein Crossposting (posten in mehreren Foren).
Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.

Ich habe dein Thema in Arbeit und melde mich so schnell wie möglich mit weiteren Anweisungen.

M-K-D-B · 27.06.2013, 19:00

Servus,

Schritt 1 sollte den Rechner entsperren.
Schritt 2 vom Desktop im normalen Modus ausführen.

Schritt 1
Drücke auf dem sauberen Rechner bitte die

+ R Taste und schreibe notepad in das Ausführen Fenster und drücke Enter.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

ATTFilter

start
HKU\Uncharted\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] C:\Users\UNCHAR~1\AppData\Local\Temp\b34btbztdb0vavaw.exe [73728 2013-06-27] (NVIDIA Corporation) <===== ATTENTION
HKU\Uncharted\...\Winlogon: [Shell] cmd.exe [345088 2010-11-20] (Microsoft Corporation) <==== ATTENTION 
HKU\Uncharted\...\Command Processor: "C:\Users\UNCHAR~1\AppData\Local\Temp\b34btbztdb0vavaw.exe" <===== ATTENTION!
2013-06-27 16:45 - 2013-06-27 16:45 - 00163059 ____A C:\ProgramData\2433f433
2013-06-27 16:45 - 2013-06-27 16:45 - 00163038 ____A C:\Users\Uncharted\AppData\Roaming\2433f433
2013-06-27 16:45 - 2013-06-27 16:45 - 00163012 ____A C:\Users\Uncharted\AppData\Local\2433f433
end

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen infizierten Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

Schritt 2
Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Bitte poste mit deiner nächsten Antwort

die Logdatei von FRST,
die Logdatei von ComboFix.

drake86tg · 27.06.2013, 19:30

Hallo Matthias,

Danke erst mal für die schnelle Hilfe, Schritt 1 hat wunderbar geklappt genauso wie Schritt 2.

Hier das Log von FRST:

Code:

ATTFilter

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 26-06-2013 02
Ran by SYSTEM at 2013-06-27 20:05:01 Run:1
Running from J:\
Boot Mode: Recovery
==============================================

HKU\Uncharted\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully.
HKU\Uncharted\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.
HKU\Uncharted\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.
C:\ProgramData\2433f433 => Moved successfully.
C:\Users\Uncharted\AppData\Roaming\2433f433 => Moved successfully.
C:\Users\Uncharted\AppData\Local\2433f433 => Moved successfully.

==== End of Fixlog ====

Und hier das Log von Combofix:

Code:

ATTFilter

ComboFix 13-06-27.01 - Uncharted 27.06.2013  20:21:17.2.6 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.12286.10097 [GMT 2:00]
ausgeführt von:: C:\Users\Uncharted\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt


(((((((((((((((((((((((   Dateien erstellt von 2013-05-27 bis 2013-06-27  ))))))))))))))))))))))))))))))


2013-06-27 18:28:37 . 2013-06-27 18:28:37	--------	d-----w-	C:\FRST
2013-06-27 18:24:19 . 2013-06-27 18:24:19	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2013-06-24 21:44:45 . 2013-06-24 21:45:19	--------	d-----w-	C:\Windows\WindowsMobile
2013-06-12 19:16:24 . 2013-06-12 19:16:24	--------	d-----w-	C:\Windows\3F5C371F8EA24F259D3DD0B4526E3AEA.TMP
2013-06-12 19:16:23 . 2013-06-12 19:16:24	--------	d-----w-	C:\Program Files (x86)\Common Files\Wise Installation Wizard
2013-06-11 20:10:15 . 2013-05-08 06:39:01	1910632	----a-w-	C:\Windows\system32\drivers\tcpip.sys
2013-06-11 19:09:18 . 2013-06-11 19:09:19	9089416	----a-w-	C:\Windows\SysWow64\FlashPlayerInstaller.exe
2013-05-29 22:51:04 . 2013-05-29 22:51:04	--------	d-----w-	C:\Users\Uncharted\AppData\Roaming\dvdcss
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-06-12 01:01:15 . 2013-02-03 10:58:01	75825640	----a-w-	C:\Windows\system32\MRT.exe
2013-06-11 19:09:27 . 2013-02-02 11:06:18	692104	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-06-11 19:09:27 . 2013-02-02 11:06:17	71048	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-05-14 18:26:38 . 2013-05-12 20:46:29	466520	----a-w-	C:\Windows\system32\wrap_oal.dll
2013-05-14 18:26:38 . 2013-05-12 20:46:29	445016	----a-w-	C:\Windows\SysWow64\wrap_oal.dll
2013-05-14 18:26:38 . 2013-05-12 20:46:29	123480	----a-w-	C:\Windows\system32\OpenAL32.dll
2013-05-14 18:26:38 . 2013-05-12 20:46:29	109144	----a-w-	C:\Windows\SysWow64\OpenAL32.dll
2013-05-03 09:17:31 . 2013-03-02 19:08:23	291088	----a-w-	C:\Windows\SysWow64\PnkBstrB.xtr
2013-05-03 09:17:31 . 2013-02-05 14:26:38	291088	----a-w-	C:\Windows\SysWow64\PnkBstrB.exe
2013-05-03 09:17:19 . 2013-02-05 14:26:38	280904	----a-w-	C:\Windows\SysWow64\PnkBstrB.ex0
2013-05-02 15:29:56 . 2013-02-02 11:17:08	278800	------w-	C:\Windows\system32\MpSigStub.exe
2013-05-01 01:20:43 . 2013-05-01 01:20:43	719360	----a-w-	C:\Windows\SysWow64\mshtmlmedia.dll
2013-05-01 01:20:43 . 2013-05-01 01:20:43	523264	----a-w-	C:\Windows\SysWow64\vbscript.dll
2013-05-01 01:20:43 . 2013-05-01 01:20:43	226304	----a-w-	C:\Windows\system32\elshyph.dll
2013-05-01 01:20:43 . 2013-05-01 01:20:43	185344	----a-w-	C:\Windows\SysWow64\elshyph.dll
2013-05-01 01:20:43 . 2013-05-01 01:20:43	158720	----a-w-	C:\Windows\SysWow64\msls31.dll
2013-05-01 01:20:43 . 2013-05-01 01:20:43	150528	----a-w-	C:\Windows\SysWow64\iexpress.exe
2013-05-01 01:20:43 . 2013-05-01 01:20:43	138752	----a-w-	C:\Windows\SysWow64\wextract.exe
2013-05-01 01:20:43 . 2013-05-01 01:20:43	1054720	----a-w-	C:\Windows\system32\MsSpellCheckingFacility.exe
2013-05-01 01:20:42 . 2013-05-01 01:20:42	73728	----a-w-	C:\Windows\SysWow64\SetIEInstalledDate.exe
2013-05-01 01:20:42 . 2013-05-01 01:20:42	61952	----a-w-	C:\Windows\SysWow64\tdc.ocx
2013-05-01 01:20:42 . 2013-05-01 01:20:42	48640	----a-w-	C:\Windows\SysWow64\mshtmler.dll
2013-05-01 01:20:42 . 2013-05-01 01:20:42	38400	----a-w-	C:\Windows\SysWow64\imgutil.dll
2013-05-01 01:20:42 . 2013-05-01 01:20:42	361984	----a-w-	C:\Windows\SysWow64\html.iec
2013-05-01 01:20:42 . 2013-05-01 01:20:42	23040	----a-w-	C:\Windows\SysWow64\licmgr10.dll
2013-05-01 01:20:42 . 2013-05-01 01:20:42	1441280	----a-w-	C:\Windows\SysWow64\inetcpl.cpl
2013-05-01 01:20:42 . 2013-05-01 01:20:42	137216	----a-w-	C:\Windows\SysWow64\ieUnatt.exe
2013-05-01 01:20:42 . 2013-05-01 01:20:42	12800	----a-w-	C:\Windows\SysWow64\mshta.exe
2013-05-01 01:20:42 . 2013-05-01 01:20:42	110592	----a-w-	C:\Windows\SysWow64\IEAdvpack.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	905728	----a-w-	C:\Windows\system32\mshtmlmedia.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	81408	----a-w-	C:\Windows\system32\icardie.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	762368	----a-w-	C:\Windows\system32\ieapfltr.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	452096	----a-w-	C:\Windows\system32\dxtmsft.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	441856	----a-w-	C:\Windows\system32\html.iec
2013-05-01 01:20:41 . 2013-05-01 01:20:41	281600	----a-w-	C:\Windows\system32\dxtrans.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	270848	----a-w-	C:\Windows\system32\iedkcs32.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	235008	----a-w-	C:\Windows\system32\url.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	216064	----a-w-	C:\Windows\system32\msls31.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	197120	----a-w-	C:\Windows\system32\msrating.dll
2013-05-01 01:20:41 . 2013-05-01 01:20:41	1509376	----a-w-	C:\Windows\system32\inetcpl.cpl
2013-05-01 01:20:41 . 2013-05-01 01:20:41	1400416	----a-w-	C:\Windows\system32\ieapfltr.dat
2013-05-01 01:20:41 . 2013-05-01 01:20:40	247296	----a-w-	C:\Windows\system32\webcheck.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	97280	----a-w-	C:\Windows\system32\mshtmled.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	92160	----a-w-	C:\Windows\system32\SetIEInstalledDate.exe
2013-05-01 01:20:40 . 2013-05-01 01:20:40	62976	----a-w-	C:\Windows\system32\pngfilt.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	599552	----a-w-	C:\Windows\system32\vbscript.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	52224	----a-w-	C:\Windows\system32\msfeedsbs.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	51200	----a-w-	C:\Windows\system32\imgutil.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	48640	----a-w-	C:\Windows\system32\mshtmler.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	27648	----a-w-	C:\Windows\system32\licmgr10.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	173568	----a-w-	C:\Windows\system32\ieUnatt.exe
2013-05-01 01:20:40 . 2013-05-01 01:20:40	167424	----a-w-	C:\Windows\system32\iexpress.exe
2013-05-01 01:20:40 . 2013-05-01 01:20:40	149504	----a-w-	C:\Windows\system32\occache.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	144896	----a-w-	C:\Windows\system32\wextract.exe
2013-05-01 01:20:40 . 2013-05-01 01:20:40	13824	----a-w-	C:\Windows\system32\mshta.exe
2013-05-01 01:20:40 . 2013-05-01 01:20:40	136192	----a-w-	C:\Windows\system32\iepeers.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	135680	----a-w-	C:\Windows\system32\IEAdvpack.dll
2013-05-01 01:20:40 . 2013-05-01 01:20:40	12800	----a-w-	C:\Windows\system32\msfeedssync.exe
2013-05-01 01:20:40 . 2013-05-01 01:20:40	102912	----a-w-	C:\Windows\system32\inseng.dll
2013-05-01 01:20:39 . 2013-05-01 01:20:39	77312	----a-w-	C:\Windows\system32\tdc.ocx
2013-04-13 05:49:23 . 2013-05-15 13:13:26	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-04-13 05:49:19 . 2013-05-15 13:13:26	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-04-13 05:49:19 . 2013-05-15 13:13:26	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-04-13 05:49:19 . 2013-05-15 13:13:26	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-04-13 04:45:16 . 2013-05-15 13:13:26	474624	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-04-13 04:45:15 . 2013-05-15 13:13:26	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-04-12 14:45:08 . 2013-04-23 17:54:00	1656680	----a-w-	C:\Windows\system32\drivers\ntfs.sys
2013-04-10 06:01:54 . 2013-05-15 13:13:27	265064	----a-w-	C:\Windows\system32\drivers\dxgmms1.sys
2013-04-10 06:01:53 . 2013-05-15 13:13:27	983400	----a-w-	C:\Windows\system32\drivers\dxgkrnl.sys
2013-04-10 03:30:50 . 2013-05-15 13:13:21	3153920	----a-w-	C:\Windows\system32\win32k.sys


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Steam"="E:\Steam\steam.exe" [2013-06-06 22:06:24 1641896]
"LightScribe Control Panel"="C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2011-03-04 11:45:28 2741616]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="C:\Windows\RaidTool\xInsIDE.exe" [2010-09-07 09:46:46 43608]
"NUSB3MON"="C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 01:53:16 113288]
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-18 19:08:28 946352]
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-04-21 19:43:52 59720]
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 08:04:54 252848]
"CtaMon"="CtaMon.dll" [2008-08-27 15:07:34 9728]
"iTunesHelper"="D:\Programme\iTunes\iTunesHelper.exe" [2013-05-15 12:59:44 152392]

C:\Users\Uncharted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)

R2 AMD FUEL Service;AMD FUEL Service;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [x]
R2 AODDriver4.1;AODDriver4.1;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 AODDriver4.2;AODDriver4.2;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys;D:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe;C:\Program Files (x86)\Skype\Updater\Updater.exe [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [x]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe;C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [x]
R3 Ctafiltv;Ctafiltv;C:\Windows\system32\drivers\Ctafiltv.sys;C:\Windows\SYSNATIVE\drivers\Ctafiltv.sys [x]
R3 DAUpdaterSvc;Dragon Age: Origins - Inhaltsupdater;E:\Origin\Games\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe;E:\Origin\Games\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys;C:\Windows\SYSNATIVE\drivers\rdpvideominiport.sys [x]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys;C:\Windows\SYSNATIVE\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys;C:\Windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys;C:\Windows\SYSNATIVE\drivers\tsusbhub.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\system32\Drivers\usbaapl64.sys;C:\Windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys;C:\Windows\SYSNATIVE\drivers\rdvgkmd.sys [x]
R3 XENfiltv;XENfiltv;C:\Windows\system32\drivers\XENfiltv.sys;C:\Windows\SYSNATIVE\drivers\XENfiltv.sys [x]
S0 sptd;sptd;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys;C:\Windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;C:\Windows\system32\atiesrxx.exe;C:\Windows\SYSNATIVE\atiesrxx.exe [x]
S2 JMB36X;JMB36X;C:\Windows\SysWOW64\XSrvSetup.exe;C:\Windows\SysWOW64\XSrvSetup.exe [x]
S2 NAUpdate;Nero Update;C:\Program Files (x86)\Nero\Update\NASvc.exe;C:\Program Files (x86)\Nero\Update\NASvc.exe [x]
S3 amdiox64;AMD IO Driver;C:\Windows\system32\DRIVERS\amdiox64.sys;C:\Windows\SYSNATIVE\DRIVERS\amdiox64.sys [x]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\system32\drivers\AtihdW76.sys;C:\Windows\SYSNATIVE\drivers\AtihdW76.sys [x]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;C:\Windows\system32\drivers\LGBusEnum.sys;C:\Windows\SYSNATIVE\drivers\LGBusEnum.sys [x]
S3 LGPBTDD;LGPBTDD.sys Display Driver;C:\Windows\system32\Drivers\LGPBTDD.sys;C:\Windows\SYSNATIVE\Drivers\LGPBTDD.sys [x]
S3 LGSHidFilt;Logitech Gaming KMDF HID Filter Driver;C:\Windows\system32\DRIVERS\LGSHidFilt.Sys;C:\Windows\SYSNATIVE\DRIVERS\LGSHidFilt.Sys [x]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;C:\Windows\system32\drivers\LGVirHid.sys;C:\Windows\SYSNATIVE\drivers\LGVirHid.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\system32\DRIVERS\nusb3hub.sys;C:\Windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\system32\DRIVERS\nusb3xhc.sys;C:\Windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;C:\Windows\system32\DRIVERS\Rt64win7.sys;C:\Windows\SYSNATIVE\DRIVERS\Rt64win7.sys [x]
S3 usbfilter;AMD USB Filter Driver;C:\Windows\system32\DRIVERS\usbfilter.sys;C:\Windows\SYSNATIVE\DRIVERS\usbfilter.sys [x]


--- Andere Dienste/Treiber im Speicher ---

*Deregistered* - MpNWMon
*Deregistered* - NisDrv

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2011-03-04 11:29:54	451872	----a-w-	C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe

Inhalt des "geplante Tasks" Ordners

2013-06-27 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-02-02 11:06:18 . 2013-06-11 19:09:27]


--------- X64 Entries -----------


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" [2012-06-11 03:28:02 12503184]
"Launch LCore"="C:\Program Files\Logitech Gaming Software\LCore.exe" [2012-11-29 00:09:44 7406392]
"Windows Mobile Device Center"="C:\Windows\WindowsMobile\wmdc.exe" [2007-05-31 08:11:56 660360]

------- Zusätzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = C:\Windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - C:\Users\Uncharted\AppData\Roaming\Mozilla\Firefox\Profiles\3mdmfc34.default\
FF - ExtSQL: 2013-05-10 03:33; {635abd67-4fe9-1b23-4f01-e679fa7484c1}; C:\Users\Uncharted\AppData\Roaming\Mozilla\Firefox\Profiles\3mdmfc34.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

- - - - Entfernte verwaiste Registrierungseinträge - - - -

AddRemove-Siedler3Deinstall - C:\Windows\IsUn0407.exe

M-K-D-B · 27.06.2013, 19:32

Servus,

wie läuft dein Rechner momentan?
Gibt es noch Probleme? Wenn ja, welche?

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop (falls noch nicht vorhanden).

Starte bitte die OTL.exe.
Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Standard Ausgabe.
Setze einen Haken bei Scanne alle Benutzer.
Unter Extra Registry, wähle bitte Use SafeList.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

activex
netsvcs
msconfig
drivers32
safebootminimal
safebootnetwork
hklm\software\clients\startmenuinternet|command /rs
hklm\software\clients\startmenuinternet|command /64 /rs
CREATERESTOREPOINT

Schließe bitte nun alle Programme. (Wichtig)
Klicke nun bitte auf den Scan Button.
Am Ende des Suchlaufs werden 2 Logdateien erstellt.
Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread

drake86tg · 27.06.2013, 20:20

Also der Rechner läuft soweit stabil, mir fällt nichts auf das aktuell ungewöhnlich wäre.

Hier nun die OTL Log:

Code:

ATTFilter

OTL logfile created on: 27.06.2013 21:06:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uncharted\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,45 Gb Available Physical Memory | 87,13% Memory free
23,40 Gb Paging File | 21,88 Gb Available in Paging File | 93,50% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 7,80 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 65,42 Gb Free Space | 28,09% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 65,20 Gb Free Space | 9,33% Space Free | Partition Type: NTFS
Drive G: | 256,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 251,72 Mb Total Space | 244,40 Mb Free Space | 97,09% Space Free | Partition Type: FAT
 
Computer Name: UNCHARTED-PC | User Name: Uncharted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.27 20:36:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uncharted\Desktop\OTL.exe
PRC - [2013.03.02 21:08:41 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.29 02:10:44 | 001,000,760 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDYT.exe
PRC - [2012.11.29 02:10:38 | 000,485,176 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDWebCam.exe
PRC - [2012.11.29 02:10:14 | 000,835,896 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMovieViewer.exe
PRC - [2012.08.13 12:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 12:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe
PRC - [2010.11.17 03:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.09.07 11:46:56 | 000,072,280 | ---- | M] () -- C:\Windows\SysWOW64\XSrvSetup.exe
PRC - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.08.10 17:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.03.04 13:02:54 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2011.03.04 13:02:52 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
MOD - [2011.03.04 13:02:50 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.06.11 21:09:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.07 00:06:24 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.05.14 20:28:19 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe -- (Creative ALchemy AL6 Licensing Service)
SRV - [2013.05.12 22:46:18 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2013.03.02 21:08:41 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.02.28 20:09:08 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 17:27:00 | 000,769,432 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.02.24 02:42:54 | 000,025,832 | ---- | M] () [On_Demand | Stopped] -- E:\Origin\Games\Dragon Age Origins\\bin_ship\DAUpdaterSvc.Service.exe -- (DAUpdaterSvc)
SRV - [2010.09.07 11:46:56 | 000,072,280 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\XSrvSetup.exe -- (JMB36X)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.02.23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2007.05.31 10:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 10:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.03.16 12:59:00 | 000,564,824 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.10.03 00:26:46 | 000,066,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.06.05 07:45:16 | 000,237,968 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2012.03.30 16:49:08 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.19 09:55:36 | 000,120,920 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.28 11:27:06 | 000,074,120 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftdibus.sys -- (FTDIBUS)
DRV:64bit: - [2011.02.28 11:26:50 | 000,085,384 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ftser2k.sys -- (FTSER2K)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.19 04:34:26 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2010.11.19 04:34:26 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.07.31 04:40:32 | 000,025,600 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\XENfiltv.sys -- (XENfiltv)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.01 21:54:54 | 000,030,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGPBTDD.sys -- (LGPBTDD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.05 16:00:28 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2008.08.14 14:48:34 | 000,024,064 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Ctafiltv.sys -- (Ctafiltv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2004.05.13 15:00:04 | 000,111,808 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prohlp02.sys -- (prohlp02)
DRV - [2004.05.13 13:19:36 | 000,079,488 | ---- | M] (Protection Technology) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\prodrv06.sys -- (prodrv06)
DRV - [2003.12.01 17:20:52 | 000,004,832 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\sfhlp01.sys -- (sfhlp01)
DRV - [2003.09.06 14:22:08 | 000,006,944 | ---- | M] (Protection Technology) [Kernel | Boot | Stopped] -- C:\Windows\SysWOW64\drivers\prosync1.sys -- (prosync1)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 08 E8 12 C2 34 01 CE 01  [binary data]
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3805652893-204691545-212111417-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B635abd67-4fe9-1b23-4f01-e679fa7484c1%7D:2.5.9.20130411104515
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.8
FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.34
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:21.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: D:\Programme\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Programme\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: E:\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: D:\Programme\Mozilla\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: D:\Programme\Mozilla\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: D:\Programme\Mozilla\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: D:\Programme\Mozilla\plugins
 
[2013.02.11 19:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uncharted\AppData\Roaming\mozilla\Extensions
[2013.06.22 17:10:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uncharted\AppData\Roaming\mozilla\Firefox\Profiles\3mdmfc34.default\extensions
[2013.05.10 03:38:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Uncharted\AppData\Roaming\mozilla\Firefox\Profiles\3mdmfc34.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2013.06.22 17:10:59 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\Uncharted\AppData\Roaming\mozilla\Firefox\Profiles\3mdmfc34.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a}
[2013.06.20 19:35:41 | 000,304,556 | ---- | M] () (No name found) -- C:\Users\Uncharted\AppData\Roaming\mozilla\firefox\profiles\3mdmfc34.default\extensions\artur.dubovoy@gmail.com.xpi
[2013.02.11 19:22:22 | 000,316,778 | ---- | M] () (No name found) -- C:\Users\Uncharted\AppData\Roaming\mozilla\firefox\profiles\3mdmfc34.default\extensions\{c50ca3c4-5656-43c2-a061-13e717f73fc8}.xpi
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - Extension: YouTube = C:\Users\Uncharted\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Uncharted\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Uncharted\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.06.27 20:14:45 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CtaMon] C:\Windows\SysWow64\CtaMon.dll (Creative Technology Ltd.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKU\S-1-5-21-3805652893-204691545-212111417-1000..\Run: [Steam] E:\Steam\steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Uncharted\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3805652893-204691545-212111417-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3805652893-204691545-212111417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{71C6E798-30E2-4EAC-BE52-8E390E0165A4}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - 
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {8F245E0C-A5BD-971A-C3DA-18C47A0AB895} - Themes Setup
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
 
NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
 
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.iv31 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)
Drivers32: VIDC.iv32 - C:\Windows\SysWOW64\ir32_32.dll (Intel(R) Corporation)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.27 21:02:47 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uncharted\Desktop\OTL.exe
[2013.06.27 20:28:37 | 000,000,000 | ---D | C] -- C:\FRST
[2013.06.27 20:25:28 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.06.27 20:10:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.06.27 20:10:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.06.27 20:10:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.06.27 20:09:50 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.06.27 20:09:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.06.27 20:09:23 | 005,083,698 | R--- | C] (Swearware) -- C:\Users\Uncharted\Desktop\ComboFix.exe
[2013.06.24 23:44:45 | 000,000,000 | ---D | C] -- C:\Windows\WindowsMobile
[2013.06.22 12:23:50 | 000,000,000 | ---D | C] -- C:\Users\Uncharted\Documents\Diablo III
[2013.06.16 21:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013.06.15 03:00:16 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.15 03:00:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.06.12 21:16:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.06.12 03:00:41 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.06.12 03:00:41 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.06.12 03:00:41 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.06.12 03:00:41 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.06.12 03:00:41 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.06.12 03:00:41 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.06.12 03:00:41 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.06.12 03:00:41 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.06.12 03:00:41 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.06.12 03:00:40 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.06.12 03:00:39 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.06.12 03:00:39 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.06.12 03:00:39 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.06.11 22:10:15 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.06.11 22:10:15 | 000,492,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.06.11 22:10:13 | 000,030,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptdlg.dll
[2013.06.11 22:10:13 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cryptdlg.dll
[2013.06.11 22:10:11 | 001,424,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll
[2013.06.11 22:10:10 | 001,464,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.06.11 22:10:10 | 001,192,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certutil.exe
[2013.06.11 22:10:10 | 000,903,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certutil.exe
[2013.06.11 22:10:10 | 000,139,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2013.06.11 22:10:09 | 000,052,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\certenc.dll
[2013.06.11 22:10:09 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\certenc.dll
[2013.06.11 22:10:06 | 001,887,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d11.dll
[2013.06.11 22:10:06 | 001,505,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3d11.dll
[2013.06.11 21:09:18 | 009,089,416 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.05.30 00:51:04 | 000,000,000 | ---D | C] -- C:\Users\Uncharted\AppData\Roaming\dvdcss
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.27 20:36:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uncharted\Desktop\OTL.exe
[2013.06.27 20:20:16 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.06.27 20:20:08 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.06.27 20:20:08 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.06.27 20:20:08 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.06.27 20:20:08 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.06.27 20:14:45 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.06.27 20:13:09 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 20:13:09 | 000,014,608 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.27 20:10:04 | 001,505,034 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.06.27 20:09:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.06.27 20:06:52 | 005,083,698 | R--- | M] (Swearware) -- C:\Users\Uncharted\Desktop\ComboFix.exe
[2013.06.27 20:06:04 | 000,295,664 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.06.27 20:06:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.24 23:45:15 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.06.16 21:42:40 | 000,000,674 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.06.12 20:54:34 | 000,000,201 | ---- | M] () -- C:\Users\Uncharted\Desktop\Train Simulator 2013.url
[2013.06.11 21:09:27 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.06.11 21:09:27 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.06.11 21:09:19 | 009,089,416 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2013.06.08 16:06:58 | 000,526,336 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.06.08 13:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.06.27 20:10:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.06.27 20:10:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.06.27 20:10:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.06.27 20:10:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.06.27 20:10:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.06.24 23:45:15 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdRapi2_01_00_00.Wdf
[2013.06.24 23:45:13 | 000,002,419 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Mobile Device Center.lnk
[2013.06.16 21:42:21 | 000,000,674 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.06.12 20:44:47 | 000,000,201 | ---- | C] () -- C:\Users\Uncharted\Desktop\Train Simulator 2013.url
[2013.05.12 22:46:45 | 000,001,515 | ---- | C] () -- C:\Windows\Ctacfg.ini
[2013.05.12 22:46:45 | 000,000,504 | ---- | C] () -- C:\Windows\CtaMCcfg.ini
[2013.05.12 22:45:06 | 000,148,480 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.05.12 22:45:06 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.02.06 00:09:01 | 000,143,872 | ---- | C] () -- C:\Windows\kfm2unins.exe
[2013.02.05 16:26:38 | 000,291,088 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.02.05 16:26:37 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.02.03 21:58:57 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.02.02 12:56:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2013.02.02 12:51:32 | 000,072,280 | ---- | C] () -- C:\Windows\SysWow64\XSrvSetup.exe
[2013.02.02 12:43:43 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2013.02.02 12:43:43 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2013.02.02 12:43:43 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Custom Scans ==========
 
< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\Programme\Mozilla\uninstall\helper.exe" /HideShortcuts [2013.05.23 17:53:04 | 000,867,928 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\Programme\Mozilla\uninstall\helper.exe" /ShowShortcuts [2013.05.23 17:53:04 | 000,867,928 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\Programme\Mozilla\uninstall\helper.exe" /SetAsDefaultAppGlobal [2013.05.23 17:53:04 | 000,867,928 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\Programme\Mozilla\firefox.exe [2013.05.23 17:53:24 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\Programme\Mozilla\firefox.exe" -preferences [2013.05.23 17:53:24 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\Programme\Mozilla\firefox.exe" -safe-mode [2013.05.23 17:53:24 | 000,920,472 | ---- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\Windows\System32\ie4uinit.exe" -show
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\Windows\System32\ie4uinit.exe" -reinstall
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\Windows\System32\ie4uinit.exe" -hide
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2013.05.17 05:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files (x86)\Internet Explorer\iexplore.exe" [2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\Program Files\Opera x64\Opera.exe" /ShowIconsCommand [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\Program Files\Opera x64\Opera.exe" /HideIconsCommand [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\Program Files\Opera x64\Opera.exe" /ReInstallBrowser [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\Program Files\Opera x64\Opera.exe" [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
 
< hklm\software\clients\startmenuinternet|command /64 /rs >
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "D:\PROGRAMME\MOZILLA\UNINSTALL\HELPER.EXE" /HIDESHORTCUTS [2013.05.23 17:53:04 | 000,867,928 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "D:\PROGRAMME\MOZILLA\UNINSTALL\HELPER.EXE" /SHOWSHORTCUTS [2013.05.23 17:53:04 | 000,867,928 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "D:\PROGRAMME\MOZILLA\UNINSTALL\HELPER.EXE" /SETASDEFAULTAPPGLOBAL [2013.05.23 17:53:04 | 000,867,928 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: D:\PROGRAMME\MOZILLA\FIREFOX.EXE [2013.05.23 17:53:24 | 000,920,472 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "D:\PROGRAMME\MOZILLA\FIREFOX.EXE" -PREFERENCES [2013.05.23 17:53:24 | 000,920,472 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "D:\PROGRAMME\MOZILLA\FIREFOX.EXE" -SAFE-MODE [2013.05.23 17:53:24 | 000,920,472 | ---- | M] (Mozilla Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -SHOW [2013.05.17 02:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -REINSTALL [2013.05.17 02:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\SYSTEM32\IE4UINIT.EXE" -HIDE [2013.05.17 02:59:12 | 000,051,712 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\PROGRAM FILES\INTERNET EXPLORER\IEXPLORE.EXE" -EXTOFF [2013.05.17 05:30:45 | 000,775,256 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\PROGRAM FILES (X86)\INTERNET EXPLORER\IEXPLORE.EXE" [2013.05.17 04:32:12 | 000,770,648 | ---- | M] (Microsoft Corporation)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ShowIconsCommand: "C:\PROGRAM FILES\OPERA X64\OPERA.EXE" /SHOWICONSCOMMAND [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\HideIconsCommand: "C:\PROGRAM FILES\OPERA X64\OPERA.EXE" /HIDEICONSCOMMAND [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\InstallInfo\\ReinstallCommand: "C:\PROGRAM FILES\OPERA X64\OPERA.EXE" /REINSTALLBROWSER [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)
64bit-HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Opera\shell\open\command\\: "C:\PROGRAM FILES\OPERA X64\OPERA.EXE" [2013.02.18 01:15:57 | 000,940,384 | ---- | M] (Opera Software)

< End of report >

und Extras LOG:

Code:

ATTFilter

OTL Extras logfile created on: 27.06.2013 21:06:50 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Uncharted\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16614)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
12,00 Gb Total Physical Memory | 10,45 Gb Available Physical Memory | 87,13% Memory free
23,40 Gb Paging File | 21,88 Gb Available in Paging File | 93,50% Paging File free
Paging file location(s): c:\pagefile.sys 0 0 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 55,90 Gb Total Space | 7,80 Gb Free Space | 13,95% Space Free | Partition Type: NTFS
Drive D: | 232,88 Gb Total Space | 65,42 Gb Free Space | 28,09% Space Free | Partition Type: NTFS
Drive E: | 698,54 Gb Total Space | 65,20 Gb Free Space | 9,33% Space Free | Partition Type: NTFS
Drive G: | 256,30 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive J: | 251,72 Mb Total Space | 244,40 Mb Free Space | 97,09% Space Free | Partition Type: FAT
 
Computer Name: UNCHARTED-PC | User Name: Uncharted | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera x64\Opera.exe (Opera Software)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Opera x64\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Programme\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "D:\Programme\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "D:\Programme\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "D:\Programme\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00204189-AAB3-4456-B3B9-F3D3F02E643E}" = protocol=6 | dir=in | app=e:\anno 2070\anno5.exe | 
"{002287C5-2ABA-4C79-ADDB-FD6EA86A3FCD}" = protocol=6 | dir=in | app=e:\farcry 3\bin\farcry3.exe | 
"{0311C958-6495-46A9-9BDB-F23822C2679C}" = dir=in | app=d:\programme\itunes\itunes.exe | 
"{03578C13-59BE-422B-9E25-12B6F744D490}" = protocol=6 | dir=in | app=e:\anno 1404 königsedition\tools\benchmark.exe | 
"{0384BBC3-BBA9-472A-98A6-C08DED38FE47}" = protocol=17 | dir=in | app=e:\anno 2070\autopatcher.exe | 
"{04B49F01-8EDD-4744-B55D-67C93505FC79}" = protocol=6 | dir=in | app=e:\halo 2\halo2.exe | 
"{04C6A3C0-D9BC-4C97-B417-984D7A92430D}" = protocol=17 | dir=in | app=e:\origin\games\dead space 3\deadspace3.exe | 
"{06263759-78FA-4F5E-85C7-69D9C56878F1}" = protocol=17 | dir=in | app=e:\halo 2\halo2.exe | 
"{06BFBD62-34C9-43EF-BE57-1E374F8D23FC}" = protocol=6 | dir=in | app=e:\origin\games\battlefield 3\bf3.exe | 
"{06E8FC4D-53C4-4735-8F84-D552FC178705}" = protocol=6 | dir=in | app=e:\origin\games\medal of honor warfighter\mohw.exe | 
"{08E1E86B-F8B8-4E02-B183-30EAE1CEB1E7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{0A7F7C12-F7C7-4BAD-B06D-924BBAB634E1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{0AD9D1E4-1566-4C5A-96DC-62442C1E2DB7}" = protocol=6 | dir=in | app=e:\farcry 3\bin\fc3editor.exe | 
"{0D21EF89-0111-4B1E-A54A-3555D228F9A0}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon siege 2\dungeonsiege2.exe | 
"{0F84F70E-C0B7-4846-B3BD-5623E330AE7C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{0FB93DF5-74A4-48B8-9163-8D67AA227824}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{10D9B2FB-FDA0-4B8A-AA00-957A6B8F5F44}" = protocol=6 | dir=in | app=e:\steam\steam.exe | 
"{117BF9D1-E750-4408-B64B-CFC46A3BC24A}" = protocol=17 | dir=in | app=d:\program files\nero\km\kwikmedia.exe | 
"{1233CC9A-0ABC-41EF-BB1B-ADB37362BE2F}" = protocol=6 | dir=in | app=e:\anno 1404 königsedition\tools\anno4web.exe | 
"{14A480EF-D874-46AA-8E2B-337B1E73A00E}" = protocol=6 | dir=in | app=e:\anno 2070\initengine.exe | 
"{17D74324-8066-4892-A84E-942EDF6C2022}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{19DF5136-0627-4B49-A3AB-3555B5148B8C}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{1EA0A5C5-6D1F-49DF-B8EC-833C77728347}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{1EBB14F5-B04F-47E1-BCF7-BB9CC06BA535}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\farcry\bin32\farcry.exe | 
"{1FF61F70-CCF5-449A-A9BD-13026F5BD699}" = protocol=6 | dir=in | app=e:\origin\games\dragon age origins\bin_ship\daorigins.exe | 
"{2093C0F2-626C-40DD-A33E-BA5358922615}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{21E1A3C4-5AA0-4821-B948-F0F20B18F182}" = protocol=6 | dir=in | app=e:\origin\games\dragon age origins\daoriginslauncher.exe | 
"{2250C9E5-CC45-4A32-89C5-4FE20BE585D5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{228AC31D-A2B0-4C9A-92FE-5F5F5FA31B4C}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{2408CF57-80C9-4AF1-A263-24EBE73980B2}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{243866E3-880B-4F80-A002-195B7DF36451}" = protocol=6 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{24B8F4DE-288A-4BC2-8899-7DB4A7C5F631}" = protocol=17 | dir=in | app=e:\anno 2070\anno5.exe | 
"{25588050-F69A-42BD-A2DD-521C00170CA8}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dungeon siege 1\dungeonsiege.exe | 
"{259E715A-2C85-4B64-B81B-FBD213E496CD}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2641284A-1171-4E67-8664-79DB9DCD37CD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{2AEB1422-1456-4A7C-862E-FB5CB1ABEA1A}" = protocol=17 | dir=in | app=e:\farcry 3\bin\fc3editor.exe | 
"{2B6073AA-D279-4B79-AC17-BE58FB293EE3}" = protocol=17 | dir=in | app=e:\origin\games\need for speed(tm) most wanted\nfs13.exe | 
"{2B9F339A-3E35-49AB-9CA7-9C9BBFB9CA1D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{2E736534-6FC8-4374-AE87-BC8A2D505FA3}" = protocol=17 | dir=in | app=e:\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{30BFC47B-D18A-4EB8-9B68-B3E0C5FE20CC}" = protocol=6 | dir=in | app=e:\farcry 3\bin\farcry3_d3d11.exe | 
"{32ADA5CA-1233-4574-AA67-D3145F91256D}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{360E2464-FC51-4358-AEFD-4AC86C3EE640}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{361825E2-49A1-40B4-9031-BEDF65A1B1A4}" = protocol=17 | dir=in | app=e:\anno 1404 königsedition\anno4.exe | 
"{36962BA0-C0ED-46EB-84B9-CFACD10C1D9A}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{385C68E0-0950-4432-9520-57811FCAC61F}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{38B1E4DB-C8A3-4A66-A70E-9EBA73CA428E}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{394C72A6-0613-4393-9BF9-9B970FEED753}" = protocol=6 | dir=in | app=e:\gta iv\grand theft auto iv\launchgtaiv.exe | 
"{3A3FE325-1BAC-470C-831B-72E9389ABF2B}" = protocol=17 | dir=in | app=e:\origin\games\simcity\simcity\simcity.exe | 
"{3A6CBDD1-A648-48BF-B4D8-189003A311DB}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe | 
"{3CD5EBB0-763F-4288-835E-0CEE3E85E16A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\railworks\railworks.exe | 
"{3E22FC8F-3DD1-43A7-B31D-3D50E8048755}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{3E66B9DD-287D-4FCB-A605-F51CE11EF2F9}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{3F25BCC6-E6B9-4F34-99CE-FA1290D4E930}" = protocol=17 | dir=in | app=e:\farcry 3\bin\farcry3.exe | 
"{4180EA06-246C-4019-9034-7BC4CF3D6D8F}" = protocol=6 | dir=in | app=e:\anno 2070\autopatcher.exe | 
"{44512B37-23B5-47AE-BFFE-A98628EA26B3}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{4654DDFC-CF49-4BA0-BEE2-340BBD4A4B50}" = protocol=6 | dir=in | app=e:\anno 1404 königsedition\addon.exe | 
"{4A0025FD-1EF5-4560-ABD7-BD64839FBD20}" = protocol=17 | dir=in | app=e:\anno 1404 königsedition\tools\addonweb.exe | 
"{4BD07B1F-56AE-4016-95EA-09F7F0C70509}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\sniper ghost warrior\sniper_x86.exe | 
"{4D12D123-FAEA-419E-BF1D-7AEEFFB4D3D5}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{4F9C3CD8-62C3-47CE-A845-90257A7B52B8}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{50DC9A4E-CC63-4BE2-8897-DA94AAE0D2A7}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{517C782E-265A-4BF9-8142-A0EE9AEBF3F9}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crysis wars\bin32\crysis.exe | 
"{53273044-D21C-48C8-8969-9FE90985F192}" = protocol=17 | dir=in | app=e:\diablo iii\diablo iii.exe | 
"{55168141-52FD-4057-81DB-D4FA36C7E842}" = protocol=17 | dir=in | app=e:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{56D281E3-DA96-430B-81B2-23D3860DAFCD}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{5788D3BE-1484-46D1-8E72-FEB434BFEB7B}" = protocol=6 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{5C52D908-DE59-4B3B-948C-380A1B5282E2}" = protocol=6 | dir=in | app=e:\origin\games\battlefield 1942\bf1942.exe | 
"{5D185983-B761-4D0E-A326-EBE4A610529E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crysis warhead\bin32\crysis.exe | 
"{5FD6002D-30E0-4DE8-9152-DA81C3B94804}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\resident evil 5\launcher.exe | 
"{604A7D7B-81BF-409F-9CD9-B05770C8F8CE}" = protocol=17 | dir=in | app=e:\origin\games\mass effect 3\binaries\win32\masseffect3.exe | 
"{619D2B0A-E4E5-4E9E-9806-3AEFC8C3399F}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\cossacks ii battle for europe\engine.exe | 
"{63567F91-EDEA-415E-822E-DE1D648C7F45}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon siege 1\dungeonsiege.exe | 
"{65AC2654-D196-404F-888F-38533E9210E6}" = protocol=6 | dir=in | app=e:\origin\games\simcity\simcity\simcity.exe | 
"{662B51E3-BBFC-4E07-99A4-A05DF957A52F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe | 
"{666A3B98-30C7-4B14-B7A8-2E98A51575A7}" = protocol=17 | dir=in | app=e:\anno 1404 königsedition\tools\benchmark.exe | 
"{6A70F9F1-BEB8-4216-9788-780473D0A11B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{6C420C3A-0DE0-4E24-BA71-2D20FDEFEA98}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{6C6A1D2F-2FE3-4CDC-AFF3-75A9A9D11E79}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{6CA0FFE5-2924-4C49-B593-29FF0117169A}" = protocol=6 | dir=in | app=e:\origin\games\mass effect 3\binaries\win32\masseffect3.exe | 
"{6E3217ED-B999-4083-B2BB-90ACA4B88310}" = protocol=17 | dir=in | app=e:\star wars empire at war forces of corruption\swfoc.exe | 
"{6EB7C066-08A1-499D-86CB-52B9685BDBC2}" = protocol=6 | dir=in | app=e:\origin\games\dead space 3\deadspace3.exe | 
"{706E0902-0CE6-4B1B-B4E6-F1DF87F497E5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\crysis\bin32\crysis.exe | 
"{75E42619-F79C-4C48-A5E6-69B0AC40C4F8}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{7929C55D-CBB6-4961-BB04-CF825A2B4A09}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe | 
"{797188E7-EE1F-46C8-B87F-C8C7E1450E41}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{79C44DB1-7E23-45ED-9FAB-83B79C5F9F71}" = protocol=6 | dir=in | app=e:\origin\games\dragon age origins\bin_ship\daupdatersvc.service.exe | 
"{7D0252F9-DBCD-42C0-A4FB-12DA24230CD1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{7EBE49A7-0073-4F61-9FD6-EE76ADAE33DF}" = protocol=6 | dir=in | app=e:\star wars - empire at war\gamedata\sweaw.exe | 
"{7FDBA693-5B24-4F4B-859B-63D2EF66C196}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{7FECDDFA-F08D-4054-9663-7757B07C321E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{800E90BF-A08B-48A0-8617-855779CBC938}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{814293BA-1FF3-4661-84CE-65DE1B0F34F2}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{829F6897-7744-42DD-889B-B767E028308B}" = protocol=6 | dir=in | app=e:\gta iv\rockstar games social club\rgsclauncher.exe | 
"{8339A4CF-12C2-4CD8-A17B-8AE4886E6E19}" = protocol=6 | dir=in | app=e:\origin\games\need for speed(tm) most wanted\nfs13.exe | 
"{848FDF0C-6E62-447C-9C45-C348D8F467DD}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{8565E4D0-9491-4C67-9EBE-234C22EC1442}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dungeon siege 2\dungeonsiege2.exe | 
"{856D3585-DC08-4291-949D-B37D2AB82CB3}" = protocol=6 | dir=in | app=e:\anno 1404 königsedition\tools\addonweb.exe | 
"{8B9B65FB-CD40-43DA-8824-B0394ACBF948}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{8C4BDD6B-8B1B-4755-8BDA-1D05ED9FDABE}" = protocol=6 | dir=in | app=d:\program files\nero\km\kwikmedia.exe | 
"{8CC50D3E-7AF6-4175-A59E-B5D8FAEF8928}" = protocol=17 | dir=in | app=c:\program files\opera x64\opera.exe | 
"{8D094155-4CC3-4825-9EBE-E5F32B92A2BF}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{8D1480C3-BDE6-49E4-A690-44791C975DE1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\apps\simcity 4.exe | 
"{8D98BCA7-9C7C-4171-BDD0-24BDB7E2E809}" = protocol=6 | dir=in | app=e:\anno 1404 königsedition\anno4.exe | 
"{8DF710D7-3A7B-42E9-A850-43999C5522D0}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\resident evil 5\launcher.exe | 
"{8E39E012-0E52-4449-8F71-D7B8DB785327}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{8EF7F64D-4EEB-4605-8058-BFC0034C755B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crysis wars\bin32\crysis.exe | 
"{8F5E7CFC-9F9C-42A2-AB9E-FD55CC560070}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\cossacks ii napoleonic wars\engine.exe | 
"{9030E797-F1AA-472B-96F4-783E6091357D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe | 
"{911EDDAB-E51B-45EC-B043-CE6CF5079322}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\napoleon total war\napoleon.exe | 
"{936230D7-CF6A-4D1D-93ED-0500B61FF949}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{94324C04-D975-4890-8F61-0769E06A193E}" = protocol=17 | dir=in | app=e:\anno 1404 königsedition\tools\anno4web.exe | 
"{9708D826-B66A-40DE-9F52-F9BB21BB77A9}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{992C17B7-11E6-4EF6-B71D-0DF71F93DA7E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{9A9B2F7B-AD67-48C3-9F58-1399528F6F0E}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\crysis 2 game of the year\bin32\crysis2launcher.exe | 
"{9B7FBA7F-8C7F-460F-AEEE-CCD9AD49CE84}" = protocol=17 | dir=in | app=e:\star wars - empire at war\gamedata\sweaw.exe | 
"{9C3B4D7B-449D-4539-B08C-11866FA5AB2B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe | 
"{9E9B243D-9F57-41C5-8640-A0342F671440}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\fc2serverlauncher.exe | 
"{9ED3146C-3225-4350-84D8-6628C030EB83}" = protocol=6 | dir=in | app=e:\origin\games\dragon age origins\bin_ship\daupdatersvc.service.exe | 
"{A1D0D611-6A07-4AF9-8488-009A6AE67E87}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{A1E2B535-008B-4F87-8870-026191C9EC98}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe | 
"{A614FE11-60DC-49B9-919B-E3FD460A47A5}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{A646ADE6-65EE-4A01-9F9F-12DB76CB9E09}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{A8599FAF-C7BA-4C93-A1A8-BE7AAA63DD58}" = protocol=17 | dir=in | app=e:\anno 2070\initengine.exe | 
"{A94C04B4-618E-4DFE-B5E0-827620329A7E}" = protocol=6 | dir=in | app=e:\die siedler 7\data\base\_dbg\bin\release\settlers7r.exe | 
"{ABB90A33-BC0E-4837-84BC-D754637A540D}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\fc2editor.exe | 
"{AD341F9B-8B3D-4E57-A623-24E1CD9532DB}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\saints row 2\sr2_pc.exe | 
"{B26229E7-88D6-4F36-9823-4B6AEDBA9B38}" = protocol=17 | dir=in | app=e:\origin\games\medal of honor warfighter\mohw.exe | 
"{B3912914-335A-4446-A5F3-CA27A6A5B2FB}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{B609FA5F-A45A-420B-BB13-E2261CC596A7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\dead island\deadislandgame.exe | 
"{B8E46B86-3ED8-4070-BB2B-F02F2C52E509}" = protocol=6 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper_32.exe | 
"{B9D60740-F5AC-4977-AC73-59A087645986}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{BB125748-F002-4E32-9F4D-9427085E3C99}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe | 
"{BD158BDC-C185-4AAD-B3E6-2DF8AFB01AB3}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\homefront\binaries\homefront.exe | 
"{C176B150-0C99-47A0-8A28-5450B7C1DD87}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{C22B8D30-5801-4B23-BE3C-58836DF7E0FD}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{C376633F-C531-4315-8B7A-F4E1967DE644}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe | 
"{C665720B-5617-4FD4-888F-A964FBD8FC00}" = protocol=17 | dir=in | app=e:\origin\games\dragon age origins\bin_ship\daupdatersvc.service.exe | 
"{CA0ACC51-1CDE-4FE9-9A09-5B0654C2E62E}" = protocol=17 | dir=in | app=c:\program files\opera x64\pluginwrapper\opera_plugin_wrapper.exe | 
"{CB741FEA-EAA6-427B-BF45-EDC9C924294A}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\metro 2033\metro2033.exe | 
"{CD3DA929-6CC8-4B0A-B361-64C188FD0832}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{D090318A-1234-490A-AC33-05B1DDCFA87A}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\cossacks ii battle for europe\engine.exe | 
"{D10560D3-2119-4BA1-B93F-A2DCBC424091}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe | 
"{D3FDE6F9-2CBC-45B7-B4BD-39B28207287C}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\railworks\railworks.exe | 
"{D406E9EF-C110-4C34-8026-DFE7ACFE007E}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\cossacks ii napoleonic wars\engine.exe | 
"{D5E0A222-BB0D-41C3-8B26-D536C0B9A619}" = protocol=17 | dir=in | app=e:\origin\games\dragon age origins\daoriginslauncher.exe | 
"{DAA31DE5-0F98-42FB-A06C-00A1DC901447}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe | 
"{DB1546AD-BF79-416E-A8CF-6908A2E3FE61}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | 
"{DC95F260-42AC-405E-B9B8-072B28842462}" = protocol=17 | dir=in | app=e:\steam\steam.exe | 
"{DDD6421B-F5DF-4EAB-9487-D15B64D426F7}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\empire total war\empire.exe | 
"{E11EF2DB-268C-4CF6-B652-5286144545FD}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{E17B777B-119D-4696-95A5-1DA29C93CC5F}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{E34DC68F-E013-4C88-A57E-68299A873883}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe | 
"{E3AE954D-F738-4C14-B3B4-4FDF267C8366}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\farcry\bin32\farcry.exe | 
"{E7C0C75F-8D9F-4477-9AEA-89BBC8A73FDF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"{E7FF8BD2-D039-4BE6-95FD-7CE3D19324F6}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E87174D1-38AF-4211-9A7E-FA70CFB406BD}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{EAC81E13-1E77-493D-83E3-5CC7749E0D5F}" = protocol=17 | dir=in | app=e:\gta iv\rockstar games social club\rgsclauncher.exe | 
"{ED0E7DDA-30A2-40E0-BDE2-312EF26ECA6B}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{F042F716-9C8A-4C29-9C03-9385F0D1FB77}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\farcry2.exe | 
"{F30FFACF-059B-4C4F-B099-4DD3E7523328}" = protocol=17 | dir=in | app=e:\farcry 3\bin\farcry3_d3d11.exe | 
"{F3EC5FEB-375B-4735-987B-C4871C11DEC9}" = protocol=17 | dir=in | app=e:\farcry 3\bin\fc3updater.exe | 
"{F56D8523-CC1E-4A26-BE3A-6468E4A7A5A3}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\simcity 4 deluxe\support\ea help\electronic_arts_technical_support.htm | 
"{F58FF3FA-7AF8-4E29-96DF-33833E6E60C1}" = protocol=6 | dir=in | app=e:\steam\steamapps\common\farcry\bin32\farcryconfigurator.exe | 
"{F6140277-87D7-417E-91EA-132C8C9FA049}" = protocol=17 | dir=in | app=e:\origin\games\battlefield 3\bf3.exe | 
"{F7C47274-1164-4935-A1D1-F7DC22F92E6A}" = protocol=17 | dir=in | app=e:\origin\games\battlefield 1942\bf1942.exe | 
"{F8400076-4A51-464E-8630-CE987A1166E1}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\far cry 2\bin\fc2benchmarktool.exe | 
"{F9E7D025-C13C-45EA-9CD7-EEA0C5AE0433}" = protocol=17 | dir=in | app=e:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe | 
"{FC8814B4-6648-4A97-A365-116866CCC3DC}" = protocol=17 | dir=in | app=e:\origin\games\dragon age origins\bin_ship\daupdatersvc.service.exe | 
"{FCA1EC73-B84F-49A6-BDD5-873C12A7176A}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | 
"{FDC7155D-EBC5-4172-8A11-9BF2066619FF}" = protocol=6 | dir=in | app=e:\star wars empire at war forces of corruption\swfoc.exe | 
"{FEEBC62F-810F-49A4-9633-6F8892619E84}" = protocol=6 | dir=in | app=e:\farcry 3\bin\fc3updater.exe | 
"{FFBC4AA5-5E6B-496F-800D-43BCEB0BF865}" = protocol=17 | dir=in | app=e:\origin\games\dragon age origins\bin_ship\daorigins.exe | 
"{FFDAE01E-658E-48F8-957E-536FFD8385E9}" = protocol=17 | dir=in | app=e:\anno 1404 königsedition\addon.exe | 
"TCP Query User{0770FF4B-C160-45DE-B84E-05B87689EA71}C:\users\uncharted\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=6 | dir=in | app=c:\users\uncharted\appdata\local\temp\electronicarts_patcher_000.exe | 
"TCP Query User{3F7664C1-E544-4E5C-B07F-AA24B1F374AA}E:\steam\steamapps\drake86tg\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=e:\steam\steamapps\drake86tg\counter-strike source\hl2.exe | 
"TCP Query User{8AC7D00B-C01C-4030-AAA8-6FF55B490F4E}D:\programme\winamp\winamp.exe" = protocol=6 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{8AFD8CA6-54B2-4D82-8C00-9813EA2A2D1D}C:\users\uncharted\appdata\local\temp\electronicarts_patcher_000.exe" = protocol=17 | dir=in | app=c:\users\uncharted\appdata\local\temp\electronicarts_patcher_000.exe | 
"UDP Query User{C840FAA5-9F74-4902-9151-190238B4B396}D:\programme\winamp\winamp.exe" = protocol=17 | dir=in | app=d:\programme\winamp\winamp.exe | 
"UDP Query User{DD20359C-A389-4E51-B640-59684ACDEB0C}E:\steam\steamapps\drake86tg\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=e:\steam\steamapps\drake86tg\counter-strike source\hl2.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{3145731D-C578-70ED-899F-7A670D2A6662}" = AMD Fuel
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In 
"{44610EE0-C908-D8F1-425D-914A5B745DEA}" = AMD Drag and Drop Transcoding
"{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{626672CD-BFCF-49A9-AEFE-AB0FED3BFC5B}" = Windows Mobile-Gerätecenter
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{92DBCA36-9B41-4DD1-941A-AED149DD37F0}" = Windows Mobile-Gerätecenter: Treiberupdate
"{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Opera 12.14.1738" = Opera 12.14
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VLC media player" = VLC media player 2.0.5
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052A1E34-A54B-458C-A4E3-24C3E054754A}" = Nero Kwik Media
"{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech
"{05C6B128-1B40-4495-9CB9-090B368BFA0A}" = Nero Video Samples
"{0708FF30-78C0-47B0-81F0-C84604DC769C}" = Nero Express Help (CHM)
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{0B311221-05A5-4766-8D03-7A6446794156}" = Nero RescueAgent Help (CHM)
"{0CA38F52-F0FA-4B9F-8A36-EC8A9609FBBC}" = HALO 2 FÜR WINDOWS VISTA
"{1040143F-FEFB-4B90-8E51-E47D40E14C4E}" = Medal of Honor™ Warfighter
"{150D88F1-40AF-4678-A39D-BCE2332F34E5}" = Nero Abstract Themes
"{1943C3BD-4462-4612-92C3-D36DD917C447}" = Nero Recode
"{1B6F5E51-575E-4693-BCA2-7543570D076D}" = Nero Kwik Themes Basic
"{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German
"{1F16820E-D0E7-4636-939E-45CBFEFB06E1}" = Nero Kwik Media Help (CHM)
"{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish
"{22856BC3-F893-4CBF-95F2-E1F63CD2B1AB}" = Nero Video Transitions 1
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2432E589-6256-4513-B0BF-EFA8E325D5F0}" = Nero SharedVideoCodecs
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese
"{2890E324-6F3B-4975-8B95-E7D6D80E0226}" = Nero Burning ROM Help (CHM)
"{296D8550-CB06-48E4-9A8B-E5034FB64715}" = Command & Conquer™ Alarmstufe Rot™ 3
"{29E2C1C6-D76A-41D3-980F-6E346AA9A6A8}" = Nero Cliparts
"{29F67D84-3A70-456E-806A-52301B02070B}" = Nero Effects Basic
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars(TM): Knights of the Old Republic (TM)
"{2D37F6AE-D201-4580-B91A-6BF9BB93ED2D}" = Die Sims™ 2 Super Deluxe
"{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish
"{3A1B5D40-41E9-43FA-8C7B-A8667F5586EF}" = Gigabyte Raid Configurer
"{3AAB08A3-F129-4BD5-B409-AE674F93759D}" = Prerequisite installer
"{3D9CF3CA-3AB0-4A82-9853-D7C43FD1D775}" = ANNO 1404 - Königsedition
"{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian
"{4D25D881-7183-462F-95C8-990CA1944E0B}" = Nero PiP Effects 1
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3
"{4E7AC009-5212-499F-942F-A5AA42AE359E}" = Nero 12 Content Pack
"{504D84ED-AE75-4F85-A68B-BB3D4CB3E169}" = Nero Holiday and Sports Themes
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{5449FB4F-1802-4D5B-A6D8-087DB1142147}" = Realtek HDMI Audio Driver for ATI
"{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{5963F4B4-D138-47CD-ADEF-470E87E185BD}" = Nero Burning ROM
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{59FD1BDF-FEC7-403E-97FC-FBE437154BD2}" = Blasc3
"{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai
"{5B79E730-D897-4B8F-A1AD-7BB2D1F22B96}" = Nero Blu-ray Player Help (CHM)
"{5BE7BD06-512B-43bf-AD78-3BD2A5F5F7B3}" = Battlefield 1942™
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{63326924-3CAF-C858-3A8F-8598C87019D7}" = AMD VISION Engine Control Center
"{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek
"{6592FDEC-2C1A-413A-9985-25FEC2F0848D}" = Star Wars Empire at War Forces of Corruption
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish
"{66D6F3BD-CA23-41A4-9FA3-96B26B32528D}" = Command & Conquer Die ersten 10 Jahre
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BD7A4BF-EA64-4BFE-A9D3-3FDC9B6EFC23}" = Nero Football (Soccer) Themes
"{828175FA-7307-4DBF-95AD-9CEE086B6F45}" = Welcome App (Start-up experience)
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83A4E573-E2C2-46FB-9DA6-6A2BBBF5A588}" = Nero Retro Film Themes
"{83FCCFCD-46E3-43FB-A397-78BFD5A8980A}" = Nero Video
"{848A7C68-0ADC-4193-8A89-2CEA78E56A0C}" = Nero Express
"{86847081-B387-4F49-AED1-C9B0A090D66C}" = Nero Recode Help (CHM)
"{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8B5AD338-7ABC-4ECB-9C2C-687F84AEDDB1}" = Nero Platinum Effects 12
"{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{955BF340-C379-4375-AA2F-F3BCB2A498AB}" = Nero Family and Events Themes
"{99AE7207-8612-4DBA-A8F8-BAE5C633390D}" = Star Wars Empire at War
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C916142-C18C-429D-BFED-40094A7E0BEB}" = Die Siedler 7
"{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2FE691E-3F8E-4E30-AA7D-FF17AC77EA87}" = Nero Blu-ray Player
"{A7A0BF2E-31CC-49E3-9913-52C503EB969D}" = Nero Audio Pack 1
"{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard
"{ABC88553-8770-4B97-B43E-5A90647A5B63}" = Nero ControlCenter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACE49D50-19CD-44A6-B192-46F985283B26}" = Nero PiP Effects Basic
"{AEC81925-9C76-4707-84A9-40696C613ED3}" = Dragon Age: Origins
"{B128179D-A5E1-43AC-9422-12A109ECD2A0}" = Nero Video Help (CHM)
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B953732D-B623-4E84-B369-CFFF7B1AE06F}" = Nero RescueAgent
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean
"{C0F5CE1D-4BC4-4964-B147-BEBA1B9A1597}" = kicker Manager 2004
"{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish
"{C4C6DF25-0E59-46EE-B24B-DF8749D8FF3A}" = Nero Image Samples
"{C994C746-C6D0-4EBA-B09E-DF7B18381B69}" = Nero ControlCenter Help (CHM)
"{CC2422C9-F7B5-4175-B295-5EC2283AA674}" = Command & Conquer™ 3: Kanes Rache
"{CE675FBD-75C3-45F1-B6AF-8D250861D536}" = Nero Disc Menus 3
"{D08A5DFE-F0C2-74FC-DD56-A3B371E9344D}" = EA Shared Game Component: Activation
"{D4329609-4102-4F8C-B83F-7FE024EEA314}" = Dead Space™ 3
"{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common
"{D529E699-7753-46E7-8B73-C5556EF5B486}" = Nero 12
"{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional
"{DA2D3078-A58C-45E8-8EE0-18B8BE6B34F7}" = Nero BackItUp
"{DB833EF9-A198-49BE-970A-BD46F30BFBB4}" = ANNO 1503 GOLD
"{DDEDAF6C-488E-4CDA-8276-1CCF5F3C5C32}" = Command & Conquer 3
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E17BCB76-9924-4BD5-B6D6-50D3407B4E74}" = Nero Disc Menus Basic
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E3B9C5A9-BD7A-4B56-B754-FAEA7DD6FA88}" = Far Cry 3
"{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All
"{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian
"{EEBF1676-AF87-4266-93D8-0C14A34C4217}" = Nero Disc Menus 1
"{EF0D1292-8FC1-41BE-9740-DBC134F66415}" = Nero BackItUp Help (CHM)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish
"{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"{FE81E6B5-652B-40E7-B3B2-7171C6F297DA}" = Nero Disc Menus 2
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ALchemy" = Creative ALchemy
"AudioCS" = Creative Audio-Systemsteuerung
"Battlelog Web Plugins" = Battlelog Web Plugins
"com.ea.Activation.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Shared Game Component: Activation
"Creative Sound Blaster Properties x64 Edition" = Creative Sound Blaster Properties x64 Edition
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"EA Installer.1328924728" = EA Installer
"ESN Sonar-0.70.4" = ESN Sonar
"FUSSBALL MANAGER 12" = FUSSBALL MANAGER 12
"GMX ProfiFax" = GMX ProfiFax
"Halo" = Microsoft Halo
"Halo 2" = HALO 2 FÜR WINDOWS VISTA
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"Kicker Fussball Manager 2" = Kicker Fussball Manager 2
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.7.4
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Sid Meier Railroads_is1" = Sid Meier Railroads
"Siedler3Deinstall" = Siedler3
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 10500" = Empire: Total War
"Steam App 108800" = Crysis 2 Maximum Edition
"Steam App 115200" = Cossacks II: Napoleonic Wars
"Steam App 13520" = Far Cry
"Steam App 17300" = Crysis
"Steam App 17330" = Crysis Warhead
"Steam App 17340" = Crysis Wars
"Steam App 19900" = Far Cry 2
"Steam App 21100" = F.E.A.R. 3
"Steam App 214250" = I Am Alive
"Steam App 216250" = Dead Island Riptide
"Steam App 21690" = Resident Evil 5
"Steam App 240" = Counter-Strike: Source
"Steam App 24010" = Train Simulator 2013
"Steam App 24780" = SimCity 4 Deluxe
"Steam App 34030" = Napoleon: Total War
"Steam App 34830" = Sniper: Ghost Warrior
"Steam App 39160" = Dungeon Siege III
"Steam App 39190" = Dungeon Siege
"Steam App 39200" = Dungeon Siege 2
"Steam App 42700" = Call of Duty: Black Ops
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 4890" = Cossacks II: Battle for Europe
"Steam App 550" = Left 4 Dead 2
"Steam App 55100" = Homefront
"Steam App 57900" = Duke Nukem Forever
"Steam App 80" = Counter-Strike: Condition Zero
"Steam App 91310" = Dead Island
"Steam App 9480" = Saints Row 2
"Uplay" = Uplay
"UseNeXT by Tangysoft_is1" = UseNeXT by Tangysoft
"WaveStudio 7" = Creative WaveStudio 7
"Winamp" = Winamp
"World of Warcraft" = World of Warcraft
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-3805652893-204691545-212111417-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 21.0 (x86 de)" = Mozilla Firefox 21.0 (x86 de)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.06.2013 19:43:37 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 18.06.2013 18:20:22 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.06.2013 13:13:30 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 22.06.2013 18:30:58 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.06.2013 18:30:49 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 24.06.2013 17:42:50 | Computer Name = Uncharted-PC | Source = MsiInstaller | ID = 1018
Description = 
 
Error - 24.06.2013 17:43:02 | Computer Name = Uncharted-PC | Source = MsiInstaller | ID = 1018
Description = 
 
Error - 26.06.2013 01:50:51 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2013 19:12:08 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2013 19:44:27 | Computer Name = Uncharted-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 27.06.2013 14:05:52 | Computer Name = Uncharted-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \SystemRoot\SysWow64\drivers\prodrv06.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.06.2013 14:06:03 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD FUEL Service" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%2
 
Error - 27.06.2013 14:06:03 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.1" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 27.06.2013 14:06:03 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AODDriver4.2" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%3
 
Error - 27.06.2013 14:06:05 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
   prodrv06  prohlp02  prosync1  sfhlp01
 
Error - 27.06.2013 14:13:11 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 27.06.2013 14:14:26 | Computer Name = Uncharted-PC | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 27.06.2013 14:14:47 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 27.06.2013 14:22:41 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 27.06.2013 14:24:21 | Computer Name = Uncharted-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
 
< End of report >

M-K-D-B · 28.06.2013, 19:12

Servus,

wir entfernen ein paar Reste und kontrollieren nochmal alles:

Schritt 1

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Schritt 2
Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Schritt 3

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

Schritt 4
Downloade Dir bitte

SecurityCheck und:

Speichere es auf dem Desktop.
Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.

Poste den Inhalt bitte hier.

Bitte poste mit deiner nächsten Antwort

die Logdatei von OTL,
die Logdatei von MBAM,
die Logdatei von ESET,
die Logdatei von SecurityCheck.

M-K-D-B · 01.07.2013, 16:51

Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!

GVU Trojaner, weißer Bildschrim Taskmanager und abgesicherter Modus ohne Funktion

Log-Analyse und Auswertung: GVU Trojaner, weißer Bildschrim Taskmanager und abgesicherter Modus ohne Funktion