Ok bei dem OTL.exe auf das ich bei deinem Kommentar klicken konnte, steht das ich jeweils einen Haken in "LOP Prüfung" und "Purity Prüfung" machen soll. Da du mir das nicht angegeben hast, frag ich lieber, soll ich die Haken da rein machen oder draußen lassen?

Ja mach die mal rein die Haken

OTL.Txt Log:

Code: Alles auswählenAufklappen

ATTFilter

OTL logfile created on: 07.12.2013 16:47:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free
8,00 Gb Paging File | 6,12 Gb Available in Paging File | 76,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 272,31 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
 
Computer Name: ---- | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\PC\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (IEEtwCollectorService) -- C:\Windows\SysNative\IEEtwCollector.exe (Microsoft Corporation)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (LMIGuardianSvc) -- C:\Program Files (x86)\LogMeIn Hamachi\LMIGuardianSvc.exe (LogMeIn, Inc.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (OverwolfUpdaterService) -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe (Overwolf Ltd)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys ()
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (sscemdm) -- C:\Windows\SysNative\drivers\sscemdm.sys (MCCI Corporation)
DRV:64bit: - (ssceserd) -- C:\Windows\SysNative\drivers\ssceserd.sys (MCCI Corporation)
DRV:64bit: - (sscebus) -- C:\Windows\SysNative\drivers\sscebus.sys (MCCI Corporation)
DRV:64bit: - (sscemdfl) -- C:\Windows\SysNative\drivers\sscemdfl.sys (MCCI Corporation)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (L1E) -- C:\Windows\SysNative\drivers\L1E62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ASACPI.sys ()
DRV:64bit: - (Lycosa) -- C:\Windows\SysNative\drivers\Lycosa.sys (Razer USA Ltd.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-117103499-559527324-418011613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = Preserve
IE - HKU\S-1-5-21-117103499-559527324-418011613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKU\S-1-5-21-117103499-559527324-418011613-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-117103499-559527324-418011613-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-117103499-559527324-418011613-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE11SR
IE - HKU\S-1-5-21-117103499-559527324-418011613-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.45.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll ()
 
 
[2013.12.01 21:16:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\extensions
[2013.10.09 03:13:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\Firefox\Profiles\extensions\extensions
[2013.06.26 18:40:28 | 000,228,503 | ---- | M] () (No name found) -- C:\Users\PC\AppData\Roaming\mozilla\firefox\profiles\extensions\ftd@ftd.com.xpi
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Uplay PC (Enabled) = C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\PC\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Docs = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Colorfull Sun Set = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknflcjkkahjgichcidlfcalplplegii\1_0\
CHR - Extension: Google Wallet = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Mail = C:\Users\PC\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-117103499-559527324-418011613-1000\..\Toolbar\WebBrowser: (no name) - {434D452D-5637-006A-76A7-7A786E7484D7} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Programme\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Skytel] C:\Programme\Realtek\Audio\HDA\SkyTel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-117103499-559527324-418011613-1000..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\.DEFAULT\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: sony.com ([]* in Trusted sites)
O15 - HKU\S-1-5-19\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-19\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: clonewarsadventures.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: freerealms.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: soe.com ([]* in )
O15 - HKU\S-1-5-20\..Trusted Domains: sony.com ([]* in )
O15 - HKU\S-1-5-21-117103499-559527324-418011613-1000\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-117103499-559527324-418011613-1000\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-117103499-559527324-418011613-1000\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-117103499-559527324-418011613-1000\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FCC68DFC-46FB-4C8C-B4EF-3FCC5764EAD5}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) -  File not found
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2a8763ce-c1a6-11df-9d01-002618d6a2bf}\Shell - "" = AutoRun
O33 - MountPoints2\{2a8763ce-c1a6-11df-9d01-002618d6a2bf}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\{4d126ea1-d5e6-11df-b593-002618d6a2bf}\Shell - "" = AutoRun
O33 - MountPoints2\{4d126ea1-d5e6-11df-b593-002618d6a2bf}\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.12.07 16:39:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2013.12.06 14:04:51 | 001,925,820 | ---- | C] (Farbar) -- C:\Users\PC\Desktop\FRST64.exe
[2013.12.05 14:49:44 | 002,753,344 | ---- | C] (AVAST Software) -- C:\Users\PC\Desktop\avast-browser-cleanup_90.exe
[2013.12.04 00:28:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2013.12.04 00:28:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2013.12.03 21:11:22 | 000,448,512 | ---- | C] (OldTimer Tools) -- C:\Users\PC\Desktop\TFC.exe
[2013.12.02 17:07:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.12.02 16:58:29 | 000,091,352 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.02 16:58:26 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\mbar
[2013.12.02 16:56:05 | 012,576,792 | ---- | C] (Malwarebytes Corp.) -- C:\Users\PC\Desktop\mbar-1.07.0.1007.exe
[2013.12.01 22:11:58 | 000,000,000 | ---D | C] -- C:\FRST
[2013.12.01 21:28:05 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.12.01 21:27:05 | 001,034,531 | ---- | C] (Thisisu) -- C:\Users\PC\Desktop\JRT.exe
[2013.12.01 21:12:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.01 16:58:19 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Roaming\Malwarebytes
[2013.12.01 16:57:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.12.01 16:57:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.12.01 16:57:51 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.12.01 16:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.12.01 16:51:21 | 000,000,000 | ---D | C] -- C:\Users\PC\Desktop\rkill
[2013.12.01 15:43:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.12.01 15:43:22 | 000,264,616 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.12.01 15:43:15 | 000,175,016 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.12.01 15:43:15 | 000,174,504 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.12.01 15:43:15 | 000,096,168 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.12.01 15:43:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
[2013.12.01 15:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP
[2013.11.26 03:09:22 | 000,028,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEUDINIT.EXE
[2013.11.26 03:05:25 | 000,940,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.11.26 03:05:25 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.11.26 03:05:19 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013.11.26 03:05:19 | 000,440,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.26 03:05:19 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.11.26 03:05:19 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.11.26 03:05:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.26 03:05:18 | 001,926,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.11.26 03:05:18 | 001,051,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.11.26 03:05:18 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.11.26 03:05:18 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.11.26 03:05:18 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.11.26 03:05:18 | 000,233,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.26 03:05:18 | 000,151,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.11.26 03:05:18 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.11.26 03:05:18 | 000,083,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.11.26 03:05:18 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.26 03:05:18 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.11.26 03:05:18 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.11.26 03:05:18 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.26 03:05:18 | 000,034,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013.11.26 03:05:18 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.26 03:05:18 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.11.26 03:05:17 | 000,610,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.26 03:05:17 | 000,553,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013.11.26 03:05:17 | 000,127,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.11.26 03:05:17 | 000,116,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.11.26 03:05:17 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.11.26 03:05:17 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.11.26 03:05:17 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.26 03:05:17 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.11.26 03:05:17 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013.11.26 03:05:17 | 000,056,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.11.26 03:05:17 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013.11.26 03:05:17 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.11.26 03:05:17 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.11.26 03:05:16 | 000,942,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013.11.26 03:05:16 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.11.26 03:05:16 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.11.26 03:05:16 | 000,131,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.11.26 03:05:16 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.26 03:05:16 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.11.26 03:05:15 | 005,765,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.11.26 03:05:15 | 001,993,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.11.26 03:05:15 | 001,228,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.11.26 03:05:15 | 000,817,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.11.26 03:05:15 | 000,708,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013.11.26 03:05:15 | 000,626,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.26 03:05:15 | 000,616,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.11.26 03:05:15 | 000,574,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.26 03:05:15 | 000,548,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.11.26 03:05:15 | 000,453,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.11.26 03:05:15 | 000,413,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.11.26 03:05:15 | 000,296,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.11.26 03:05:15 | 000,235,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.26 03:05:15 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.11.26 03:05:15 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.11.26 03:05:15 | 000,147,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.11.26 03:05:15 | 000,143,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.11.26 03:05:15 | 000,139,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.11.26 03:05:15 | 000,105,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.26 03:05:15 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.11.26 03:05:15 | 000,090,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.11.26 03:05:15 | 000,084,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.26 03:05:15 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.11.26 03:05:15 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.11.26 03:05:15 | 000,066,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.11.26 03:05:15 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.11.26 03:05:15 | 000,040,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013.11.26 03:05:15 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.11.26 03:05:15 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.11.26 03:05:14 | 000,774,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.26 03:05:14 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.11.26 03:05:14 | 000,111,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013.11.26 03:05:14 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013.11.26 03:05:14 | 000,062,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.11.26 03:05:14 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013.11.26 03:05:14 | 000,048,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.11.26 03:05:14 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.11.26 03:05:14 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013.11.23 01:54:26 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.11.19 15:10:25 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.11.14 02:40:20 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.11.14 02:40:09 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.11.14 02:40:09 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.11.14 02:40:08 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013.11.14 02:40:08 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013.11.14 02:40:08 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013.11.14 02:40:02 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.11.14 02:40:02 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.11.14 02:40:02 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.11.14 02:40:02 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.11.14 02:40:02 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.11.14 02:40:00 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.11.14 02:39:59 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.11.14 02:39:58 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.11.14 02:39:58 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.11.14 02:39:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.11.07 22:06:00 | 000,000,000 | ---D | C] -- C:\Users\PC\AppData\Local\Deployment
 
========== Files - Modified Within 30 Days ==========
 
[2013.12.07 16:45:00 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.07 16:44:46 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.07 16:44:46 | 000,014,800 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.07 16:39:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\OTL.exe
[2013.12.07 16:37:26 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.07 16:37:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.07 16:36:55 | 3220,529,152 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.07 15:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.06 14:04:51 | 001,925,820 | ---- | M] (Farbar) -- C:\Users\PC\Desktop\FRST64.exe
[2013.12.05 15:05:26 | 000,286,283 | ---- | M] () -- C:\Users\PC\Desktop\Unbenannt.png
[2013.12.05 14:49:44 | 002,753,344 | ---- | M] (AVAST Software) -- C:\Users\PC\Desktop\avast-browser-cleanup_90.exe
[2013.12.04 00:17:57 | 000,000,565 | ---- | M] () -- C:\Users\PC\Desktop\62681d1386108610-nation-zoom-entfernbar-nationzoom.reg
[2013.12.03 22:31:06 | 000,165,376 | ---- | M] () -- C:\Users\PC\Desktop\SystemLook_x64.exe
[2013.12.03 21:11:23 | 000,448,512 | ---- | M] (OldTimer Tools) -- C:\Users\PC\Desktop\TFC.exe
[2013.12.03 12:59:48 | 000,107,416 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.12.02 17:04:43 | 000,091,352 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.12.02 16:56:06 | 012,576,792 | ---- | M] (Malwarebytes Corp.) -- C:\Users\PC\Desktop\mbar-1.07.0.1007.exe
[2013.12.01 21:27:05 | 001,034,531 | ---- | M] (Thisisu) -- C:\Users\PC\Desktop\JRT.exe
[2013.12.01 21:12:25 | 001,110,034 | ---- | M] () -- C:\Users\PC\Desktop\adwcleaner.exe
[2013.12.01 16:57:58 | 000,001,105 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.12.01 15:43:06 | 000,264,616 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.12.01 15:43:06 | 000,175,016 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.12.01 15:43:06 | 000,174,504 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.12.01 15:43:06 | 000,096,168 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.11.30 14:05:19 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.30 14:05:19 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.11.30 14:05:19 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.30 14:05:19 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.11.30 14:05:19 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.30 13:09:38 | 000,039,681 | -HS- | M] () -- C:\Users\PC\Desktop\Folder.jpg
[2013.11.30 13:09:38 | 000,007,329 | -HS- | M] () -- C:\Users\PC\Desktop\AlbumArtSmall.jpg
[2013.11.26 03:05:26 | 000,194,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.11.26 03:05:25 | 000,940,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.11.26 03:05:19 | 000,645,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jsIntl.dll
[2013.11.26 03:05:19 | 000,440,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.26 03:05:19 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.11.26 03:05:19 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.11.26 03:05:19 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.26 03:05:18 | 001,926,656 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.11.26 03:05:18 | 001,051,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.11.26 03:05:18 | 000,703,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.11.26 03:05:18 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.11.26 03:05:18 | 000,337,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.11.26 03:05:18 | 000,233,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.11.26 03:05:18 | 000,151,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.11.26 03:05:18 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.11.26 03:05:18 | 000,083,456 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.11.26 03:05:18 | 000,069,632 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.11.26 03:05:18 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.11.26 03:05:18 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.11.26 03:05:18 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.26 03:05:18 | 000,034,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013.11.26 03:05:18 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.26 03:05:18 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.11.26 03:05:18 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.11.26 03:05:17 | 000,610,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.26 03:05:17 | 000,553,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript9diag.dll
[2013.11.26 03:05:17 | 000,127,488 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.11.26 03:05:17 | 000,116,736 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.11.26 03:05:17 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.11.26 03:05:17 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.11.26 03:05:17 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.26 03:05:17 | 000,074,240 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.11.26 03:05:17 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\MshtmlDac.dll
[2013.11.26 03:05:17 | 000,056,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.11.26 03:05:17 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieetwproxystub.dll
[2013.11.26 03:05:17 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.11.26 03:05:17 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.11.26 03:05:16 | 000,942,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jsIntl.dll
[2013.11.26 03:05:16 | 000,247,808 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.11.26 03:05:16 | 000,195,584 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.11.26 03:05:16 | 000,131,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.11.26 03:05:16 | 000,086,016 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.26 03:05:16 | 000,013,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[2013.11.26 03:05:15 | 005,765,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.11.26 03:05:15 | 001,993,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.11.26 03:05:15 | 001,228,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.11.26 03:05:15 | 000,817,664 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.11.26 03:05:15 | 000,708,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9diag.dll
[2013.11.26 03:05:15 | 000,626,176 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.26 03:05:15 | 000,616,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.11.26 03:05:15 | 000,574,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.26 03:05:15 | 000,548,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.11.26 03:05:15 | 000,453,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.11.26 03:05:15 | 000,413,696 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.11.26 03:05:15 | 000,296,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.11.26 03:05:15 | 000,235,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.11.26 03:05:15 | 000,218,624 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.11.26 03:05:15 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.11.26 03:05:15 | 000,147,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.11.26 03:05:15 | 000,143,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.11.26 03:05:15 | 000,139,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.11.26 03:05:15 | 000,105,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.26 03:05:15 | 000,101,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.11.26 03:05:15 | 000,090,112 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.11.26 03:05:15 | 000,084,992 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.11.26 03:05:15 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.11.26 03:05:15 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.11.26 03:05:15 | 000,066,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.11.26 03:05:15 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.11.26 03:05:15 | 000,040,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\JavaScriptCollectionAgent.dll
[2013.11.26 03:05:15 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.11.26 03:05:15 | 000,030,208 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.11.26 03:05:15 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.26 03:05:14 | 000,774,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.26 03:05:14 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.11.26 03:05:14 | 000,111,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollector.exe
[2013.11.26 03:05:14 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MshtmlDac.dll
[2013.11.26 03:05:14 | 000,062,464 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.11.26 03:05:14 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwproxystub.dll
[2013.11.26 03:05:14 | 000,048,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.11.26 03:05:14 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.11.26 03:05:14 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieetwcollectorres.dll
[2013.11.23 01:54:26 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2013.11.19 13:35:27 | 000,132,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.11.19 13:35:27 | 000,083,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.11.19 13:35:27 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.11.15 14:54:17 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.11.15 14:54:17 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
 
========== Files Created - No Company Name ==========
 
[2013.12.05 15:05:26 | 000,286,283 | ---- | C] () -- C:\Users\PC\Desktop\Unbenannt.png
[2013.12.04 00:17:57 | 000,000,565 | ---- | C] () -- C:\Users\PC\Desktop\62681d1386108610-nation-zoom-entfernbar-nationzoom.reg
[2013.12.03 22:31:06 | 000,165,376 | ---- | C] () -- C:\Users\PC\Desktop\SystemLook_x64.exe
[2013.12.01 21:12:25 | 001,110,034 | ---- | C] () -- C:\Users\PC\Desktop\adwcleaner.exe
[2013.12.01 16:57:58 | 000,001,105 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.11.29 16:59:06 | 000,039,681 | -HS- | C] () -- C:\Users\PC\Desktop\Folder.jpg
[2013.11.29 16:59:06 | 000,007,329 | -HS- | C] () -- C:\Users\PC\Desktop\AlbumArtSmall.jpg
[2013.11.26 03:05:18 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.11.26 03:05:15 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2012.12.19 20:52:22 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.19 20:52:22 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.12.25 20:08:23 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.25 20:08:21 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.12.07 16:33:33 | 000,000,000 | ---D | M] -- C:\Users\Chiara\AppData\Roaming\LolClient
[2013.12.07 16:34:24 | 000,000,000 | ---D | M] -- C:\Users\Chiara\AppData\Roaming\TS3Client
[2013.11.22 14:01:11 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\.minecraft
[2010.10.12 11:18:09 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DAEMON Tools Lite
[2012.11.13 22:43:08 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\DVDVideoSoft
[2013.07.30 19:27:54 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ITTerritory
[2010.10.12 11:28:43 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Leadertech
[2012.10.30 23:27:46 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\LolClient
[2010.10.26 15:34:03 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Need for Speed World
[2010.09.09 16:13:49 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\OpenOffice.org
[2011.12.25 20:08:20 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\PunkBuster
[2012.03.29 08:15:57 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Samsung
[2013.12.07 16:02:44 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\TS3Client
[2013.06.15 14:55:01 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\ts3overlay
[2013.05.10 15:03:56 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Unity
[2012.10.05 16:44:57 | 000,000,000 | ---D | M] -- C:\Users\PC\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 

< End of report >
         

Exrtas.Txt Log

Code: Alles auswählenAufklappen

ATTFilter

OTL Extras logfile created on: 07.12.2013 16:47:59 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\PC\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,72 Gb Available Physical Memory | 67,93% Memory free
8,00 Gb Paging File | 6,12 Gb Available in Paging File | 76,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 272,31 Gb Free Space | 58,48% Space Free | Partition Type: NTFS
 
Computer Name: ---- | User Name: PC | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
.reg [@ = regfile] -- regedit.exe "%1"
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_USERS\S-1-5-21-117103499-559527324-418011613-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [open] -- regedit.exe "%1"
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{087BF802-4E3E-4942-8485-73E8130B6A27}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0EA1582A-3387-4A9D-8433-C715E864CBB7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{18E16507-68CD-42C6-80F3-4B2703468E1C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{34611FDA-6B22-4475-B5D4-84BB13143206}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{37C0AED1-7271-4AF6-9778-098137098B83}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{498A97D8-31B9-4165-87AD-1072D008BB15}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{4A594FAF-51C2-47DC-81DC-2AF80317FDD9}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{50E9CBCC-E251-44FA-8EFD-E1FDABCDC351}" = lport=138 | protocol=17 | dir=in | app=system | 
"{5211E02E-0699-48F5-8CCF-63C527A4B547}" = lport=137 | protocol=17 | dir=in | app=system | 
"{547E6D5E-8E39-4329-AC8B-10D45BFEAEA7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{6266EA6C-EB18-4B28-B3B0-B95930CDAEE9}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{632C5165-AA78-4B1D-B5A5-BED5FA958334}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{72C22FEB-06A6-4B10-ADA2-8EA388CF2A14}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{76BCF304-37EB-4218-96A2-2355B441FD69}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{84BA69B1-A23F-4F95-9281-E72889341ADC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{8BA24E30-E6F7-4FD6-B325-0384FC298EE8}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8EF1625A-E41F-4FF8-B3E7-CD7470D244FF}" = rport=139 | protocol=6 | dir=out | app=system | 
"{938EDA4A-C005-44AA-A394-42C069C2543B}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{ACFEF2F5-43DB-4B00-B13A-C61278BB0F15}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BB60BDD7-EE61-4632-A0D4-15CBEE6132D2}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{C21C864B-FAA2-48A2-86A6-15E66ECAF7B2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{D4FEE3B7-5488-4C97-AD9D-737D5CC92B4F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F9BA43E7-EC3E-4D3D-A016-754521DFD82F}" = lport=139 | protocol=6 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01460DD8-EA77-40D9-9D58-D4A1A1927E12}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\f1 2010\f1_2010_game.exe | 
"{0165CA65-8B82-48B6-A9C8-84A8E756EA22}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{024A2578-5B2C-4791-9149-E9E6EE679109}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{067C2AF0-181B-4FA6-AE7D-69C035196130}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{081A213A-9AD5-466C-B0C3-B6DB574ADB69}" = protocol=58 | dir=in | app=system | 
"{12C26CF4-A127-4297-A6A6-DA3C877F4498}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{196EC933-E47F-4AF4-830D-D42154796138}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1D2A8E08-A64E-4420-BABF-5964AA9ED606}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{1DC7A64C-21E3-45AB-BB9D-D2576220D125}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{2F60A24E-39E1-4D28-AE43-594DEAF02ADA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{30B313E1-136C-4CCB-A92A-E216183B4E99}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{3A5CB73D-DEA6-4A70-8F37-D1E2DA2FE433}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\bionic commando\support\cap1-0101.exe | 
"{3A980085-D3BF-43EE-8E49-1B53AD50EE82}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{47B54E39-2B5A-45BB-A510-46C90C281717}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\f1 2010\f1_2010_game.exe | 
"{5268E701-B729-4886-96CC-40033C7DE5DE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{543ADC56-7351-48ED-8604-5B80CCA99F79}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54FD7E60-F75E-41F0-B16D-7AEBB2097B0B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{59F30376-51AB-4AC9-8257-A4EDD876CAE5}" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"{5C68CC7E-081C-4259-99BB-C8E063E7E903}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{62071E0E-37CC-44DD-93DF-14F15DE57C58}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{65AF7193-D45D-4761-A695-A105536D8AD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{696A1ED7-D246-43A5-BB80-D6060314BFDA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{7C6BC617-FADB-4731-810F-C215611D0F32}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{80CF90A9-1E1D-42AC-AEB7-FC3529B2A3BD}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{83E04A05-6BA3-4705-A126-8ABB0D12DD24}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\bionic commando\support\cap1-0101.exe | 
"{8952F94C-A248-4270-AED1-0CDA5822B6CC}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{89F9931A-49D7-4B93-B460-A747A7E4ECBA}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe | 
"{8BD7877B-A4F3-4A28-BFBF-4B433B614B1B}" = protocol=17 | dir=in | app=c:\program files (x86)\capcom\bionic commando\bionic_commando.exe | 
"{93021B91-61EF-4314-80BB-38DE5B2876B7}" = dir=out | app=%userprofile%\desktop\minecraft.exe | 
"{9B60FC40-6A13-4B39-8B80-908B010B1FA4}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{9BA316E2-6D40-4C51-A543-6FFC94489F89}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"{9CD817B8-6599-4DDC-B549-DD44F8B16624}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{9D88C0AE-08B5-4727-BE61-6F0A43828F2C}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{A08466C9-8C53-48B9-9F90-23D84A6A4007}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\assassinscreedbrotherhood.exe | 
"{A6F3FDE0-2E95-4E25-95AD-5507DF5F8991}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{A974253D-E158-4AB2-B54A-A379F5574CDF}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{AB710DD2-C0D1-4B7B-8B59-B3CC7428E4D6}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B4713ED4-2552-4CF8-86E4-CBF7A047B81A}" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{B52F3A91-9D5A-4077-9C62-D50DA8852DCC}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B5574168-668A-42AC-8204-4C4F40F3B55E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{B6A7DDCB-2ECC-4EF1-9B6C-0BCD237BC9CB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B95AE5FF-846F-4758-9824-174727F39D08}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbmp.exe | 
"{BB9EFBCF-4E65-499D-AA26-7F754312D630}" = protocol=6 | dir=out | app=system | 
"{BCBFC10A-8C3A-4AEA-B5C7-BBC6D3D1A9FF}" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{C120C843-E5AE-4B9E-8F35-1744F45C15D4}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{C238F2A4-669F-4256-890D-BC079C819414}" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"{C6DAD2BF-A49A-410F-A394-F491F731A2C0}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{C71A705E-FA11-48B4-828F-12F095613CCD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{CA31D0B8-779F-4596-82A3-45E9DACC0EE6}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CC6C4400-1535-42B1-A7BC-D7B2EF73CB2E}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\uplaybrowser.exe | 
"{CF825A25-C892-4BB6-9056-9985D5BD64B2}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{D51769C0-D4B0-4AD2-AC77-24F562972D8D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DA6A04C0-92AF-4330-BBD4-DFAE3148F87E}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{DC090AE6-1613-4025-B4C0-FEB1E723C5C2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{DEB625E5-80F4-41F2-BCEA-B3F18E0C96CF}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{E09468E8-71D7-414E-93BA-0759680A7DCA}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{EAD5A031-977C-43FE-BC0E-C8388B4C3F4A}" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"{ECD746C2-1804-4C70-B1F7-8CA2CACFDD07}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{EDE063D0-4B2B-4B4B-A7BD-1BD3D6F8EB2B}" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"{F297CEDC-D73D-483A-AD01-E65B2944DE79}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F6663309-2C52-4062-AEF2-CC2BEC4F9F55}" = protocol=6 | dir=in | app=c:\program files (x86)\capcom\bionic commando\bionic_commando.exe | 
"TCP Query User{0832FE70-F7CC-4E4C-A562-9569133F52D1}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{0B08F7F3-E16D-47FF-8DBC-8E1F843B27AB}C:\users\pc\desktop\urbanterror\iourbanterror.exe" = protocol=6 | dir=in | app=c:\users\pc\desktop\urbanterror\iourbanterror.exe | 
"TCP Query User{26D141BF-D3CC-4852-BCBE-1B9A67E62C1C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{3258B9E6-9B72-441D-BC5B-0984F6C7CE82}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{39F5D870-A43F-4ABE-B1D6-A91FADE2AEFB}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"TCP Query User{43D507A5-4148-4AD3-8B78-BD06A3ED8A7B}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"TCP Query User{4DA83B8B-3FB1-499D-A9A1-24225684CF78}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{5197BC85-FD0C-49E5-ACD1-4733D0B2A668}C:\program files (x86)\codemasters\grid\grid.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"TCP Query User{6482DF87-6D29-405D-B850-9E9BA5511EF6}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{6B7EAAD2-B391-43C8-95FA-F9446D9E9846}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | 
"TCP Query User{6E415BF9-FB6E-4EF8-8409-8F1167E3C9C6}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"TCP Query User{81A97E58-3F38-4842-B47B-8B6A3669493C}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=6 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"TCP Query User{9AF70125-2507-4BA6-979B-91599DD9BE71}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"TCP Query User{DA13F3EC-AF60-47E1-8AB1-B4656ABE942E}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{095AAACF-9C25-4FA3-9FE0-E78BD9ACAE30}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"UDP Query User{198946A4-CC16-48E2-AD73-2B58192C47F1}C:\program files (x86)\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe | 
"UDP Query User{396CEDEB-7598-4651-871F-EAB1853463A3}C:\program files (x86)\counter-strike 1.6\hl.exe" = protocol=17 | dir=in | app=c:\program files (x86)\counter-strike 1.6\hl.exe | 
"UDP Query User{3ACDFF2F-DE2A-48CA-8079-8C24D38E16B3}C:\program files (x86)\empire interactive\flatout2\flatout2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\empire interactive\flatout2\flatout2.exe | 
"UDP Query User{52CD440A-1CCB-41E5-9DAA-B3F7D8C4111A}C:\users\pc\desktop\urbanterror\iourbanterror.exe" = protocol=17 | dir=in | app=c:\users\pc\desktop\urbanterror\iourbanterror.exe | 
"UDP Query User{71F42FB1-0EA4-4790-960C-874B788BE34F}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{948C395E-3D45-45A4-936B-7875833813AA}C:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\assassin's creed brotherhood\acbsp.exe | 
"UDP Query User{97F39BFA-0900-4FC5-854C-F6B29A0CAA87}C:\program files (x86)\codemasters\grid\grid.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\grid\grid.exe | 
"UDP Query User{BB844C81-E248-4027-B001-7B10CA7ECE4C}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{BDCD773C-22A2-477E-B29A-93828E0C2195}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{C1C7A889-7DE7-4EB8-882E-EBEF278F82D5}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{C2EF5D13-CD67-421A-AA6A-F33B6B8934B6}C:\program files (x86)\ea sports\fifa 11\game\fifa.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea sports\fifa 11\game\fifa.exe | 
"UDP Query User{D5D84368-5629-421B-AC24-8EEC63A62EF2}C:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\planetside 2 psg\planetside2.exe | 
"UDP Query User{F91F7158-FFA0-49BB-BB7E-675879FFADEE}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{19BDBFE9-0B6A-37F2-80F6-48AFD1EA582D}" = ATI AVIVO64 Codecs
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{38145F6E-041F-69AE-59B4-37CA06F33D67}" = ccc-utility64
"{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6245BC35-F4BE-1995-BB2E-7847D758504E}" = ATI Problem Report Wizard
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"WinRAR archiver" = WinRAR archiver
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{04B45310-A5FE-4425-BFCA-1A6D8920DE74}" = OpenOffice.org 3.0
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0EA7F867-D362-2E76-77B8-9396B9245B66}" = CCC Help Finnish
"{16CF7BB1-672E-BC9F-E5CE-5854112E2C35}" = CCC Help Japanese
"{1700FEE9-EB3D-35C8-28ED-0BE7860BA710}" = CCC Help Portuguese
"{190CCE82-4867-B16E-F96A-3F21A058ED9B}" = CCC Help Korean
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C4551A6-4743-4093-91E4-1477CD655043}" = NVIDIA PhysX
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83217045FF}" = Java 7 Update 45
"{280E47E4-4EFB-D268-B042-F793EB2D8E4E}" = CCC Help Italian
"{2A7D1710-31EB-3B24-BF52-1755099CE2C0}" = CCC Help Chinese Traditional
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A6B7222-A439-1BBE-58DD-76D1B632EEA8}" = CCC Help Turkish
"{3AC02D87-274C-BAE6-ACFA-B64B714A0083}" = Catalyst Control Center Core Implementation
"{3F7BBDE9-79B4-4E77-B878-7E6B36F3A766}" = CCC Help French
"{48615A7B-F026-4F62-A3F1-49001B8E21CB}" = Overwolf
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.9
"{5A0B7BA5-4682-4273-81C2-69B17E649103}" = GRID
"{605DDD7B-1521-423B-A654-E9A963573D82}" = Catalyst Control Center Graphics Light
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CF37701-7E02-873F-9543-183116AC905C}" = CCC Help Danish
"{6F1891DD-CEFE-4349-CFB3-172ED6C94A18}" = ccc-core-static
"{75CFBC87-1B8A-2DA8-4575-F50BD61E9368}" = Catalyst Control Center Graphics Previews Vista
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A587AD7-EDEF-BD63-C054-5E5FBC47105C}" = CCC Help Russian
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7E641E46-81DB-4D1D-906A-48342523051C}" = FlatOut2
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 5.2.0
"{82130914-DF2E-4AD3-BC73-5DC2A180924C}" = CCC Help Thai
"{82E73E8D-E1E7-45A4-A311-6D31492AA913}_is1" = AION Free-to-Play Version 1.0
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{88F066D3-5662-95C4-AE4E-D39174ED8F43}" = CCC Help Dutch
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C49AB5C-A457-DEF0-0436-AADEB2062296}" = Catalyst Control Center Graphics Previews Common
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.9.0 "Legend"
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DFC3864-1C52-E552-B039-09AE59F35801}" = CCC Help Swedish
"{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
"{A43C0289-EE84-FEC7-595D-A6F8489B2C44}" = CCC Help Polish
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A77B5C97-77AD-54E9-FB97-52F0A9EF72AC}" = CCC Help Spanish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA2E2EA3-D999-D8A0-7C6F-DF451DF9135C}" = CCC Help Greek
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.8) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B08201F3-AE80-58C6-E832-7DF5B87795FB}" = CCC Help Hungarian
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B569ACCD-8F95-53CE-AF51-70CB8EA34656}" = CCC Help German
"{B9BDD486-EF12-B0BC-1C88-B3046092A8BD}" = CCC Help Chinese Standard
"{BE4BA698-8533-4F77-9559-C7F3F78C0B05}" = Assassin's Creed Brotherhood
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C54AE051-35E6-A421-164B-FDF2C3A8EE4E}" = Catalyst Control Center Graphics Full Existing
"{CA5290FD-1C71-D40D-E0B9-D44FF41007FA}" = Catalyst Control Center HydraVision Full
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CED2C398-A03E-A70D-6894-78C79C501296}" = CCC Help Czech
"{CF929EEB-CE39-4F06-B1BF-F51FC617A2B2}" = Catalyst Control Center - Branding
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D2FCA41E-AC01-4DCD-B3A7-DC9E32363065}}_is1" = Rapture3D 2.4.4 Game
"{D3CF1241-B6B9-C0F1-8D69-96A01360A07A}" = Catalyst Control Center Graphics Full New
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7410A39-66CA-C554-CB1D-EB53A6B8A289}" = HydraVision
"{D84F41A8-33E6-402A-8DD6-D2244235BCB8}" = LogMeIn Hamachi
"{DD7851B2-C277-204C-C414-797649FBFCAA}" = CCC Help English
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4F4CB1F-5319-EECB-F758-A651DAF87D02}" = Catalyst Control Center Localization All
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F175273F-6F15-23E2-1DF9-D2A8DD477502}" = CCC Help Norwegian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"Drachenkrieg_is1" = Drachenkrieg (with media and plugins), version 1.1.27
"Free YouTube Download_is1" = Free YouTube Download version 3.1.39.1015
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Warcraft III" = Warcraft III
"WAV To MP3_is1" = WAV To MP3 V2
"WinLiveSuite" = Windows Live Essentials
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-117103499-559527324-418011613-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"soe-PlanetSide 2 PSG" = PlanetSide 2
"UnityWebPlayer" = Unity Web Player
"Warcraft III" = Warcraft III: All Products
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 02.12.2013 10:26:04 | Computer Name = ---- | Source = Application Hang | ID = 1002
Description = Programm NOTEPAD.EXE, Version 6.1.7600.16385 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 8fc    Startzeit: 01ceef6a64bd418b    Endzeit: 2    Anwendungspfad: C:\Windows\system32\NOTEPAD.EXE

Berichts-ID:
 a91bfa3e-5b5d-11e3-b955-002618d6a2bf  
 
Error - 03.12.2013 09:25:58 | Computer Name = ---- | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\PC\AppData\Local\Microsoft\Windows\Temporary
 Internet Files\Content.IE5\NIMR25FZ\esetsmartinstaller_enu.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 03.12.2013 11:12:36 | Computer Name = ---- | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Program Files
 (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe". Fehler in  Manifest- oder
 Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 03.12.2013 19:28:47 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
Error - 03.12.2013 19:29:11 | Computer Name = ---- | Source = Service Control Manager | ID = 7030
Description = Der Dienst "LogMeIn Hamachi Tunneling Engine" ist als interaktiver
 Dienst gekennzeichnet. Das System wurde jedoch so konfiguriert, dass interaktive
 Dienste nicht möglich sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 03.12.2013 20:58:30 | Computer Name = ---- | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 03.12.2013 20:58:30 | Computer Name = ---- | Source = Schannel | ID = 36888
Description = Es wurde eine schwerwiegende Warnung generiert: 40. Der interne Fehlerstatus
 lautet: 252.
 
Error - 04.12.2013 07:18:03 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
Error - 05.12.2013 08:27:07 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
Error - 05.12.2013 10:12:26 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
Error - 05.12.2013 11:18:35 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2013 08:01:01 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
Error - 07.12.2013 11:38:22 | Computer Name = ---- | Source = DCOM | ID = 10016
Description = 
 
 
< End of report >
         

Nix von Nationzoom zu sehen....

D.h. ganz klar, hoffnungsloser Fall?

Dann meine letzte Frage, wenn ich nichts mehr von N. Zoom auf dem PC habe, es auch bei einem Benutzerkontenwechsel auf Google Chrome ist, doch nicht bei Internet Explorer, ist der Virus den trotzdem schädlich? Also kann er mir Nachteile bringen, z.B: Dateien wie Bilder oder Fotos von meinem PC löschen oder sonst was? Oder behindert er nur die Startseite, damit könnte ich leben.

Für Firefox und Chrome hätte ich noch diese Idee: beide Browser deinstallieren, frische Setups von den beiden von mozilla und Google runterladen und neu installieren und testen...

Falls das auch nicht hilft, hab grad was von meinen Kollegen gesehen, ein Tool, das nationzoom hoffentlich vollständig erkennt: http://loaris.com/download.php?trojanremover

ok versuche ich Morgen bzw. später aus.

Wie gesagt, das Angebot steht noch^^ wenn das funktioniert gibt's geküsste Füße

Lg

Chiara

Sieht nicht so aus als ob es was gefunden hat mit Nation Zoom. Nur Sachen die ich manchmal benutzt habe hat es gelöscht

LTR Logfile:

Code: Alles auswählenAufklappen

ATTFilter

Loaris Trojan Remover v.1.3.0.3
Report file date: 10.12.2013 13:04:21
Last update : 10.12.2013 13:04:05

Scanning for 1449306 virus strains and unwanted programs.

Licensed:         UNREGISTERED
Windows version:  Windows 7 Home Premium (version 6.1)
Username:         PC
Computer name:    ----

Starting the file scan:

Standard Scan started
Current IE path: iexplore.exe
Recommended IE path: c:\program files\internet explorer\iexplore.exe
Internet Explorer path - fixed
Hijack.EnableLUA - fixed
Startup objects checked
BHO plugins checked
Services checked
ActiveX objects checked
Files checked
Scanning process...
----- C:\Users\PC\AppData\Local\Temp\is1104650885\10107539_stp\wajam_validate.exe ---- General
	HW32.CDB.99d9.vp!f0
	MD5: 46F5C497F96E733176B010FF0EE56DE3:11264
	SUBS: Win32 Console
	FUZ: 192:YucR8gniwHla15UMi9q9bEBOrwic65Is6UqcnZuTgtnH3faOdaD7G1IpI:kRfniwHlZRBMKbKu+nXf5IS1AX
	PE: x86
	EPSEC: 1
	EPRVA: 000092B0
	IBASE: 00400000
	EP:60BE007040008DBE00A0FFFF5783CDFFEB109090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF
	SEC:
		UPX0:E0000080:00000000000000000000000000000000:0
		UPX1:E0000040:EFB528484CCCF5F73D60541B9440F0FC:9728
		UPX2:C0000040:E3FBD20EC5DE98527D0F1DD86275A416:512


----- C:\Users\PC\AppData\Local\Temp\is1104650885\3944985_stp\wajam_validate.exe ---- General
	HW32.CDB.99d9.vp!f0
	MD5: 46F5C497F96E733176B010FF0EE56DE3:11264
	SUBS: Win32 Console
	FUZ: 192:YucR8gniwHla15UMi9q9bEBOrwic65Is6UqcnZuTgtnH3faOdaD7G1IpI:kRfniwHlZRBMKbKu+nXf5IS1AX
	PE: x86
	EPSEC: 1
	EPRVA: 000092B0
	IBASE: 00400000
	EP:60BE007040008DBE00A0FFFF5783CDFFEB109090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF
	SEC:
		UPX0:E0000080:00000000000000000000000000000000:0
		UPX1:E0000040:EFB528484CCCF5F73D60541B9440F0FC:9728
		UPX2:C0000040:E3FBD20EC5DE98527D0F1DD86275A416:512


----- C:\Users\PC\AppData\Local\Temp\is1104650885\5207654_stp\wajam_validate.exe ---- General
	HW32.CDB.99d9.vp!f0
	MD5: 46F5C497F96E733176B010FF0EE56DE3:11264
	SUBS: Win32 Console
	FUZ: 192:YucR8gniwHla15UMi9q9bEBOrwic65Is6UqcnZuTgtnH3faOdaD7G1IpI:kRfniwHlZRBMKbKu+nXf5IS1AX
	PE: x86
	EPSEC: 1
	EPRVA: 000092B0
	IBASE: 00400000
	EP:60BE007040008DBE00A0FFFF5783CDFFEB109090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF
	SEC:
		UPX0:E0000080:00000000000000000000000000000000:0
		UPX1:E0000040:EFB528484CCCF5F73D60541B9440F0FC:9728
		UPX2:C0000040:E3FBD20EC5DE98527D0F1DD86275A416:512


----- C:\Users\PC\AppData\Local\Temp\is1104650885\8215764_stp\wajam_validate.exe ---- General
	HW32.CDB.99d9.vp!f0
	MD5: 46F5C497F96E733176B010FF0EE56DE3:11264
	SUBS: Win32 Console
	FUZ: 192:YucR8gniwHla15UMi9q9bEBOrwic65Is6UqcnZuTgtnH3faOdaD7G1IpI:kRfniwHlZRBMKbKu+nXf5IS1AX
	PE: x86
	EPSEC: 1
	EPRVA: 000092B0
	IBASE: 00400000
	EP:60BE007040008DBE00A0FFFF5783CDFFEB109090909090908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB73EF
	SEC:
		UPX0:E0000080:00000000000000000000000000000000:0
		UPX1:E0000040:EFB528484CCCF5F73D60541B9440F0FC:9728
		UPX2:C0000040:E3FBD20EC5DE98527D0F1DD86275A416:512


----- C:\Users\PC\Desktop\JRT.exe ---- General
	TROJ_GEN.F47V1107.an!L
	ProdVer: 6.0.8
	FileVer: 
	Company: Thisisu
	NAC: C8D0CC235CDDCCAC97C0426432703A61:32
	MD5: 86FB5E8D5D1E3E405C46CCBF991E6FD4:1034531
	SUBS: Win32 GUI
	RIC: Win32 GUI:3464
	RFH: 48:ybwJbBSgy+QmWHI45QIepexnvnGXkwnG4nuuIP6nKM:ybuzQmWXQIznuuXpS
	PE: x86
	EPSEC: 0
	EPRVA: 00014DA6
	IBASE: 00400000
	EP:558BEC6AFF68487C410068A04D410064A100000000506489250000000083EC685356578965E833DB895DFC6A02FF152871410059830DC4C84100FF830DC8C84100
	SEC:
		.text:60000020:614622E4762848A87131A09B6D207EF1:87040
		.rdata:40000040:680ECFB8DEFEFA631FA2679A05D047DF:15360
		.data:C0000040:832B3AE16685D72C45DDE5184F8C68C9:5120
		.rsrc:40000040:D0E01EBE65040CD7DCCB8674BC5CC5CF:5120


----- C:\Users\PC\Desktop\Mouseclick, Schneiden - Umwandeln\cbsidlm-cbsi134-Auto_Mouse_Bot-ORG-75683315.exe ---- General
	Win32.Virut.bn.mx!L
	ProdVer: 5, 4, 0, 134
	FileVer: 5, 4, 0, 134
	Name   : CNET Download.com
	Company: CNET Download.com
	NAC: 71BE280D1C00A5DB69310218EEE56939:32
	MD5: C3E04B7E8326EB118113CE175EFA86A9:894600
	SUBS: Win32 GUI
	RIC: Win32 GUI:14224
	RFH: 192:KvgD8j8tGVVYbUeXx5aWcy2fE6n66O+C5V6OON6eiWQ6o8N666WICKHQz95SUgrj:TDHSuZXx5axyKbOQz3O1N
	PE: x86
	EPSEC: 1
	EPRVA: 0020D8D0
	IBASE: 00400000
	EP:60BE009053008DBE0080ECFF57EB0B908A064688074701DB75078B1E83EEFC11DB72EDB80100000001DB75078B1E83EEFC11DB11C001DB730B75288B1E83EEFC11
	SEC:
		UPX0:E0000080:00000000000000000000000000000000:0
		UPX1:E0000040:58CBBA31FFE77D5AC8E0AA65BCF96970:871424
		.rsrc:C0000040:6DFB62490F8D41EFA9A10B06786BAE37:18432


Scan completed

Scan result:         6 detected items
Scan completed in:   Scan completed in 19 minute(s) 51 sec.
Files were scanned:  19397
         

Dann kannste den Rechner entweder komplett neu installieren oder warten und hoffen, dass neue Versionen von JRT und adwCleaner auch die "versteckten" Bestandteile von nationzoom findet....

Naja wenn ich alles neu mache ist ja eh alles weg, daher denke ich warte ich lieber und hoffe das was Neues kommt. Woran erkenn ich das? muss ich mir JRT oder so immer wieder neu downloaden oder updatet es sich einfach immer wenn ich es starte oder updaten lasse?

Danke nochmal für alles, schade das es nicht ganz weg ist aber scheinbar ist so ziehmlich das meiste von Nation Zoom von meinem PC weg^^

Vielen dank nochmal dafür. Echt lieb das du die Geduld mit mir hattest.

Man liest sich bestimmt wieder

Lg

Chiara

JRT und adwClaner musst du immer wieder neu runterladen. Mach nochmal bitte nen neuen Scan mit aktuellem Malwarebytes, mit etwas Glück findet der jetzt schon wieder mehr an Nationzoom.

Edit: frisch von meinem Kollegen Argus nen Tipp bekommen => http://www.bleepingcomputer.com/down...rtcut-cleaner/

Ahaaaa das ist also Argus mit dem ich geschrieben habe ^^ ok danke mach ich.

sc-cleaner Logfile:

Geil endlich glaub ich hat SC-Cleaner es komplett. Sieht jedenfalls danach aus.

Code: Alles auswählenAufklappen

ATTFilter

Shortcut Cleaner 1.2.6 by Lawrence Abrams (Grinler)
hxxp://www.bleepingcomputer.com/
Copyright 2008-2013 BleepingComputer.com
More Information about Shortcut Cleaner can be found at this link:
 hxxp://www.bleepingcomputer.com/download/shortcut-cleaner/

Windows Version: Windows 7 Home Premium Service Pack 1
Program started at: 12/10/2013 06:04:26 PM.

Scanning for registry hijacks:

 * No issues found in the Registry.

Searching for Hijacked Shortcuts:

Searching C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\

  * Shortcut Cleaned: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Internet Explorer (No Add-ons).lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

  * Shortcut Cleaned: C:\Users\PC\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

Searching C:\ProgramData\Microsoft\Windows\Start Menu\

  * Shortcut Cleaned: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

Searching C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\

  * Shortcut Cleaned: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

  * Shortcut Cleaned: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk => C:\Program Files (x86)\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

  * Shortcut Cleaned: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

  * Shortcut Cleaned: C:\Users\PC\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk => C:\Program Files\Internet Explorer\iexplore.exe hxxp://www.nationzoom.com/?type=sc&ts=1385907078&from=tugs&uid=WDCXWD5000AAJS-55A8B2_WD-WCASY868118681186

Searching C:\Users\Public\Desktop\

Searching C:\Users\PC\Desktop


7 bad shortcuts found.

Program finished at: 12/10/2013 06:04:28 PM
Execution time: 0 hours(s), 0 minute(s), and 2 seconds(s)
         

Edit:
Es ist weg es ist weg jaaaaa

Danke diiiiiiirr, SC-Cleaner hats geschafft. Danke danke danke.

Hatte zwar, wie auch immer dann MySearchDial als Startseite, aber das bekam ich ja einfach wieder weg, 5 Minuten nachforschen und entfernen, das wars^^ nu alles wieder ok, danke euch zwei (Argus, Cosinus)

Lg

Chiara

PS: Straße und Hausnummer ich muss euch ja noch die Füße küssen *lach* ihr 2 seit die besten.

Oh...jetzt weiß ich wo sicher der Scheiß eingeklinkt hat...in die Verknüpfungen


Dann wären wir durch!


Falls du noch Lob oder Kritik loswerden möchtest => Lob, Kritik und Wünsche - Trojaner-Board

Die Programme, die hier zum Einsatz kamen, können alle deinstalliert werden.

Helfen kann dir dabei delfix:


Die Reihenfolge ist hier entscheidend.

1. Falls Defogger benutzt wurde: Defogger nochmal starten und auf re-enable klicken.
2. Falls Combofix benutzt wurde: (Alternativ in uninstall.exe umbenennen und starten)
   • Windowstaste + R > Combofix /Uninstall (eingeben) > OK
   • Alternative: Combofix.exe in uninstall.exe umbenennen und starten
   • Combofix wird jetzt starten, sich evtl updaten und dann alle Reste von sich selbst entfernen.
3. Downloade Dir bitte auf jeden Fall DelFix auf deinen Desktop:
   • Schließe alle offenen Programme.
   • Starte die delfix.exe mit einem Doppelklick.
   • Setze vor jede Funktion ein Häkchen.
   • Klicke auf Start.
   • Hinweis: DelFix entfernt u. a. alle verwendeten Programme, die Quarantäne unserer Scanner, den Java-Cache und löscht sich abschließend selbst.
   • Starte deinen Rechner abschließend neu.
4. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.

Bitte abschließend noch die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden.
Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern.


Microsoftupdate
Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren.
Windows Vista/7: Start, Systemsteuerung, Windows-Update


PDF-Reader aktualisieren
Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast)

Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader.

Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers:
Prüfen => Adobe - Flash Player
Downloadlinks findest du hier => Browsers and Plugins - FilePony.de

Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck

Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind.


Java-Update
Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.