Trojaner-Board
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Musik im Hintergrund beim Surfen im Internet ( Firefox 20.0.1 ) (https://www.trojaner-board.de/134253-musik-hintergrund-beim-surfen-internet-firefox-20-0-1-a.html)

Maeddy 29.04.2013 11:33
Musik im Hintergrund beim Surfen im Internet ( Firefox 20.0.1 )
 
Hallöchen.

Auch ich habe wie einige andere User das Problem, das wenn ich im Internet surfe ( Youtube, Gamerseiten ect ect ), das im Hintergrund ein Video, Musik usw abgespielt wird.

Ich weiss leider nicht woher das kam, ich bin eigendlich immer mit Zonealarm online und geh auf keine illegalen Seiten :heulen:

Hoffe das ihr mit helfen könnt!

Hier mein System:
Windows 7 Home Premium 64 Bit SP 1
AMD Radeon HD 7700 ( Catalyst Treiber 13.4 )
Intel Core i5-3570 CPU @ 3.40GHz
8GB Ram

Anbei die GMER, OLT und Malwarebytes Logs.

MBAM Log1:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Markus :: MARKUS-PC [Administrator]

29.04.2013 12:20:02
mbam-log-2013-04-29 (12-20-02).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222647
Laufzeit: 1 Minute(n), 23 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\CLSID\{8FAF5CB7-8BF5-DA84-371E-E8170D998EF8} (Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8FAF5CB7-8BF5-DA84-371E-E8170D998EF8} (Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{8FAF5CB7-8BF5-DA84-371E-E8170D998EF8} (Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8FAF5CB7-8BF5-DA84-371E-E8170D998EF8} (Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\ProgramData\BrowSoe2asaaveey\516234f8ca7ab.dll (Adware.MultiPlug) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
MBAM Log 2:
Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.04.29.02

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16540
Markus :: MARKUS-PC [Administrator]

29.04.2013 12:23:09
mbam-log-2013-04-29 (12-23-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 222727
Laufzeit: 1 Minute(n), 24 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OLT Log:
Code:
OTL logfile created on: 29.04.2013 11:19:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Markus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 70,07% Memory free
15,89 Gb Paging File | 13,07 Gb Available in Paging File | 82,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,50 Gb Total Space | 404,16 Gb Free Space | 43,95% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.DLL ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (DTSAudioSvc) -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (DTS, Inc)
SRV - (AxAutoMntSrv) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP2\WNt500x64\Sandra.sys File not found
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {40A2848A-BE74-4D09-902B-064F8C0483AB}
IE:64bit: - HKLM\..\SearchScopes\{40A2848A-BE74-4D09-902B-064F8C0483AB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {40A2848A-BE74-4D09-902B-064F8C0483AB}
IE - HKLM\..\SearchScopes\{40A2848A-BE74-4D09-902B-064F8C0483AB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://nmd.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 4E B8 BD 26 01 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {40A2848A-BE74-4D09-902B-064F8C0483AB}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: UjmcOUshkBS5D7k%40qh8QRM8F.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: ""
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: ""
FF - prefs.js..browser.startup.homepage: ""
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: ""
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.04.07 15:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.04.07 15:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:43:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:43:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:43:30 | 000,000,000 | ---D | M]
 
[2012.12.04 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2013.04.08 05:28:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\q8s81j6k.default\extensions
[2013.04.08 05:11:49 | 000,000,000 | ---D | M] (BrowSoe2asaaveey) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\q8s81j6k.default\extensions\0yyydxol@dapiiayyeeuo.org
[2013.02.28 05:03:19 | 000,003,265 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\q8s81j6k.default\extensions\UjmcOUshkBS5D7k@qh8QRM8F.com.xpi
[2013.04.08 05:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\q8s81j6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.11 23:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 23:43:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - Extension: BrowSoe2asaaveey = C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\obfhpphiakcmaklmdebmlgdmejaobopp\1\
 
O1 HOSTS File: ([2013.04.19 16:41:07 | 000,447,225 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1        www.007guard.com
O1 - Hosts: 127.0.0.1        007guard.com
O1 - Hosts: 127.0.0.1        008i.com
O1 - Hosts: 127.0.0.1        www.008k.com
O1 - Hosts: 127.0.0.1        008k.com
O1 - Hosts: 127.0.0.1        www.00hq.com
O1 - Hosts: 127.0.0.1        00hq.com
O1 - Hosts: 127.0.0.1        010402.com
O1 - Hosts: 127.0.0.1        www.032439.com
O1 - Hosts: 127.0.0.1        032439.com
O1 - Hosts: 127.0.0.1        www.0scan.com
O1 - Hosts: 127.0.0.1        0scan.com
O1 - Hosts: 127.0.0.1        www.1000gratisproben.com
O1 - Hosts: 127.0.0.1        1000gratisproben.com
O1 - Hosts: 127.0.0.1        1001namen.com
O1 - Hosts: 127.0.0.1        www.1001namen.com
O1 - Hosts: 127.0.0.1        100888290cs.com
O1 - Hosts: 127.0.0.1        www.100888290cs.com
O1 - Hosts: 127.0.0.1        www.100sexlinks.com
O1 - Hosts: 127.0.0.1        100sexlinks.com
O1 - Hosts: 127.0.0.1        www.10sek.com
O1 - Hosts: 127.0.0.1        10sek.com
O1 - Hosts: 127.0.0.1        www.1-2005-search.com
O1 - Hosts: 127.0.0.1        1-2005-search.com
O1 - Hosts: 127.0.0.1        www.123fporn.info
O1 - Hosts: 15354 more lines...
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714A5B49-B63A-45E2-8C6F-C248B7B92B02}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C876299D-C36B-4860-BE3F-47D5CF2C54B7}: DhcpNameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF48319F-9DBE-4DD9-BBE3-38F4CAA06568}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~2\browse~1\sprote~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.04.27 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2013.04.27 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.27 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.27 13:09:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.27 13:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.22 19:35:03 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.04.22 19:35:03 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.04.22 19:35:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.04.22 19:31:50 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.04.22 18:42:34 | 000,000,000 | ---D | C] -- C:\LoL
[2013.04.22 18:41:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\.swt
[2013.04.20 09:38:08 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.20 09:37:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.20 09:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.20 09:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.20 09:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.20 09:37:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.20 09:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.20 09:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.20 09:35:22 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.20 09:35:22 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.19 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.19 16:33:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.04.19 16:33:28 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.04.19 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.18 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2013.04.13 20:41:05 | 000,000,000 | ---D | C] -- C:\aweff
[2013.04.12 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Diablo III
[2013.04.12 00:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013.04.12 00:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013.04.11 23:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 03:01:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 03:01:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 03:01:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 03:01:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 03:01:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 03:01:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 03:01:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 03:01:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 03:01:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 03:01:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 03:01:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 03:01:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 03:01:17 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 03:01:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 03:01:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.09 22:21:03 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.09 22:21:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.09 22:21:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.09 22:21:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.09 22:21:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.09 22:21:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 02:11:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Curse Advertising
[2013.04.08 05:24:18 | 000,037,664 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.04.08 05:24:18 | 000,029,984 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.04.08 05:20:45 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.08 05:20:45 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.08 05:20:45 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.08 05:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.08 05:10:44 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Systweak
[2013.04.08 05:10:42 | 000,020,488 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.04.08 05:10:26 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Google
[2013.04.08 05:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowSoe2asaaveey
[2013.04.08 05:10:26 | 000,000,000 | ---D | C] -- C:\ProgramData\BrowSoe2asaaveey
[2013.04.08 05:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock Infinite
[2013.04.07 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\ForceField Shared Files
[2013.04.07 15:36:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\CheckPoint
[2013.04.07 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.04.07 15:35:50 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.07 15:35:50 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.07 15:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.04.07 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.04.07 15:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.04.07 14:34:47 | 000,000,000 | -H-D | C] -- C:\VTRoot
[2013.04.07 14:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.04.07 14:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.04.07 14:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.04.07 14:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013.04.07 14:32:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.04.07 14:32:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.04.07 14:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.04.05 02:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2013.04.05 02:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FF14
[2013.04.02 02:19:55 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.02 02:19:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.02 02:19:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.02 02:19:52 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.29 10:41:51 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 10:41:51 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 10:40:38 | 001,646,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.29 10:40:38 | 000,709,314 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.29 10:40:38 | 000,662,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.29 10:40:38 | 000,153,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.29 10:40:38 | 000,125,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.29 10:34:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.29 06:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.27 13:09:54 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.25 17:50:33 | 000,004,489 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2013.04.25 17:03:59 | 000,000,219 | ---- | M] () -- C:\Users\Markus\Desktop\Dota 2.url
[2013.04.25 17:03:59 | 000,000,193 | ---- | M] () -- C:\Users\Markus\Desktop\Dota 2 Test.url
[2013.04.23 16:22:14 | 000,028,009 | ---- | M] () -- C:\Users\Markus\Desktop\19199_000.jpg
[2013.04.22 19:35:04 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.04.21 12:38:50 | 000,000,382 | ---- | M] () -- C:\Windows\wininit.ini
[2013.04.21 09:57:24 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.21 09:57:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.20 09:16:16 | 000,188,713 | ---- | M] () -- C:\Users\Markus\Desktop\agcLogonewAlpha.gif
[2013.04.19 16:41:07 | 000,447,225 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.19 16:39:03 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130419-164107.backup
[2013.04.19 16:37:38 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130419-163903.backup
[2013.04.19 16:33:31 | 000,002,180 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 16:37:12 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.04.18 16:37:12 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.04.18 16:37:12 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.04.12 00:10:08 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.04.11 16:07:15 | 000,191,571 | ---- | M] () -- C:\Users\Markus\Desktop\Unbenannt1.jpg
[2013.04.10 04:25:01 | 000,441,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 16:56:05 | 000,000,767 | ---- | M] () -- C:\Users\Markus\Documents\ax_files.xml
[2013.04.08 05:20:42 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.08 05:20:42 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.08 05:19:23 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Launch BioShock Infinite.lnk
[2013.04.08 05:10:41 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.07 15:38:39 | 000,417,507 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.04.07 15:30:39 | 000,434,720 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.07 15:12:49 | 000,098,606 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.04.07 14:32:32 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.04.07 14:32:32 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.04.05 02:22:00 | 000,002,653 | ---- | M] () -- C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn (Beta Version).lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 02:19:49 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.02 02:19:49 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.02 02:19:49 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.02 02:19:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.02 02:19:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.02 02:19:49 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.31 15:16:07 | 000,305,958 | ---- | M] () -- C:\Users\Markus\Desktop\Unbenannt.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.27 13:09:54 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.25 17:03:59 | 000,000,219 | ---- | C] () -- C:\Users\Markus\Desktop\Dota 2.url
[2013.04.25 17:03:59 | 000,000,193 | ---- | C] () -- C:\Users\Markus\Desktop\Dota 2 Test.url
[2013.04.23 16:22:13 | 000,028,009 | ---- | C] () -- C:\Users\Markus\Desktop\19199_000.jpg
[2013.04.22 19:35:04 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.04.20 16:11:07 | 000,000,382 | ---- | C] () -- C:\Windows\wininit.ini
[2013.04.20 09:35:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.20 09:16:15 | 000,188,713 | ---- | C] () -- C:\Users\Markus\Desktop\agcLogonewAlpha.gif
[2013.04.19 16:33:31 | 000,002,192 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.04.19 16:33:31 | 000,002,180 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
[2013.04.18 16:37:12 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.04.18 16:37:12 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.04.12 00:09:56 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.04.11 16:07:15 | 000,191,571 | ---- | C] () -- C:\Users\Markus\Desktop\Unbenannt1.jpg
[2013.04.10 02:19:30 | 000,004,489 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013.04.08 05:20:42 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.08 05:20:42 | 000,002,208 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.08 05:20:42 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.08 05:19:23 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Launch BioShock Infinite.lnk
[2013.04.07 15:36:05 | 000,417,507 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.04.07 14:43:21 | 000,002,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.04.07 14:40:44 | 000,098,606 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.04.07 14:34:23 | 000,434,720 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.05 02:22:00 | 000,002,653 | ---- | C] () -- C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn (Beta Version).lnk
[2013.03.31 15:16:07 | 000,305,958 | ---- | C] () -- C:\Users\Markus\Desktop\Unbenannt.jpg
[2013.03.16 16:35:42 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.03.16 16:35:42 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.02.15 19:24:37 | 000,000,094 | ---- | C] () -- C:\Users\Markus\AppData\Local\fusioncache.dat
[2012.12.07 16:39:20 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\.NANotifyHere
[2012.12.03 16:45:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.03 15:35:21 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.12.03 15:35:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.12.03 15:28:19 | 000,074,107 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.12.03 15:27:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.12.03 15:27:12 | 000,049,875 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.12.03 14:55:31 | 001,672,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.04 21:25:59 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.04 21:25:56 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.04 21:25:52 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.28 05:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 05:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 05:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.06.19 19:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.07.12 18:57:17 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.07.12 18:57:17 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Extra Log:
Code:
OTL Extras logfile created on: 29.04.2013 11:19:55 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Markus\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,57 Gb Available Physical Memory | 70,07% Memory free
15,89 Gb Paging File | 13,07 Gb Available in Paging File | 82,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,50 Gb Total Space | 404,16 Gb Free Space | 43,95% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.)
"C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.)
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0116D8CF-F4DA-48ED-9645-BF968D80F9C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{057B5207-0663-4D0A-9B4F-F876F58C62E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{0ADA5616-7E87-4D8B-BC11-BC3A57271F16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10016627-ECE9-4839-8402-9A8D5809A51C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1007F53E-B0E4-4EEC-9A6A-B6CFC5A692B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{12FED12C-2E63-45E0-AF72-44D96A9D4294}" = lport=445 | protocol=6 | dir=in | app=system |
"{156413BC-A27A-46CD-908D-90B74A612701}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{19AAF5D6-1481-4EF8-9FF5-AB36A46A6F8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19B9F202-C131-46B2-9936-821BE2CD371E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F79B60B-5083-47E5-802F-4D91263A30DF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{219908CB-148C-457E-ABB3-34D5C75C9A09}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{235DC2BB-7DF4-47D4-ACDF-FD555596A72D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25AF86E5-BC74-4915-9CF1-1F30E31D5CC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2A6D6316-6374-4EA9-8903-DE11D0194F93}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3051BAED-6FAD-483D-97A9-1E5A791E311C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3825AC87-2D8D-4017-A67D-5E1B845EBB18}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{459C43CA-B30B-496E-A610-B062A4AAA355}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{49380573-2A35-4AF0-9445-39F6D62D3762}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49721035-88C3-4E55-A0E4-07D16B27129E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{59AB9909-B889-46CE-8BD8-36EEC0F8AAB4}" = lport=138 | protocol=17 | dir=in | app=system |
"{604CB83A-CAE4-4719-A226-C195179ED863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73AAD80E-7D9D-4970-90D3-D1143F6191B3}" = rport=137 | protocol=17 | dir=out | app=system |
"{763821BC-6987-4E95-9295-FBA418CA131E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7EDB6EF8-D596-4824-9931-A6EE3E84825E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{844E2C11-4217-4496-9E86-39DA67CC3685}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8F62F4DD-D762-4B51-9459-AB97895BCF92}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{9BEB4B33-1255-47E6-9571-251B27A9BF4D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9C6815F0-F603-45A5-A109-950C929D6990}" = lport=139 | protocol=6 | dir=in | app=system |
"{A367B897-35C8-464C-90F8-3393DCDCDFD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A64DC111-A026-4E1D-AC90-8C98F860CCC1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A6890FAD-5871-46BC-9601-01455D8A74BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A75F5C0A-A6D9-4DD4-A343-248E6DFB9C88}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A9191926-6A7E-439A-8608-1CB165E184EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AA3C9B51-79A4-4C13-8D92-807401F7A3CB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B4712E8E-CD51-4E4C-A67C-1D4013A95176}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BBD2FF5F-FB50-4AF5-AA84-552EACCD8CCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC057A12-5E50-4331-90EC-E1F1DF819B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE126586-7D3D-47F9-A6E8-2D3020BB0B6B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C155D94B-7C8E-4D9B-B1D4-F45239FB6AAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C9B7B359-DFAD-4889-9DC6-D0BDB6CA7E6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D23FB9F6-8234-457F-BF96-A8F9BE1B4DC7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E093C999-1D1B-4280-B04B-56041859981B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E3789029-5B00-4B13-B9C8-64A1FCE8481A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E395F633-C8A3-4AD4-BB2D-13EF29E3B8C0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E737484B-DB50-40A8-BAA2-735D0A6B5223}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7FD21BF-97E7-43DE-8BF9-980D84E9D1B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E897BAF3-AF5B-4F50-ACC9-0BBB5DB2944A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EC3C5770-CB23-4D71-BE3B-A06E96199375}" = rport=139 | protocol=6 | dir=out | app=system |
"{F3CA84E2-35BB-4425-B4A7-786FD0561AC4}" = rport=445 | protocol=6 | dir=out | app=system |
"{F946797D-A2EC-47EF-9DCF-EC348B4D4714}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEB70661-BD65-435C-A923-6AE44271C24D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FF293C89-9EF1-46E6-B22F-4F934D69FA29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B29253-BF70-4EE1-9259-728427105630}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{05E1E433-6F9F-4063-B9C0-FB8269030D01}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\chess.exe |
"{0CF3F13B-871D-466A-A57A-32119A5868A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{118FB52B-2B3B-4761-9B67-778696859C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1497A505-7DBE-48AC-A4BF-A4C01C2EA698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{163DD510-AC93-48D3-8159-A310C5CE94C7}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\easychat.exe |
"{1AE90269-5525-4CDE-840B-546A0F4858EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{1F2AF8BA-7FAB-4519-BD64-962212664D43}" = protocol=6 | dir=out | app=system |
"{1F3F8F84-2EDD-490F-9D89-0BEBE450AC1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{20141344-BB0D-40E6-ADA5-734AD0DE9E66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{203A0789-F9D3-45DA-9B65-B8E7F97EB535}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{25188BAD-2456-4B95-8983-C662B6E7743D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{287A4299-BF33-424C-B196-64778CCCE343}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28A4DD48-DEBA-490F-8093-F9A7AEFA85E2}" = protocol=17 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{299D5751-2444-40B6-9E40-D17E606D92CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{2B255A48-A8E6-423A-9F6E-99210A5DEE1D}" = protocol=6 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{2C91321F-E555-446E-8639-A4BC51756F07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{302A73A9-3952-4EF3-8F71-833D3D0EC6FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32D544F0-43EF-44F4-8E33-463F5A639BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{3671E9F4-19FE-4361-9297-AE2545A83C18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37CFB71C-394F-48A1-959F-C9A31528E9C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39948B51-559A-48B5-9F0A-F7DC8A6D8249}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{39F6A2DF-E498-43E7-900C-A233D9DF0980}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3A945920-8B01-4F28-A383-93B011C2892C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{3B837596-C80D-416D-8BB3-A32A23E99FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{40A833AB-6AAF-4499-88B7-273097C5AD09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{428FA699-C822-4039-A906-A854CF714C85}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{45C14D02-D1B7-4CBD-B5C2-ED96BCA0F2A6}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\checkers.exe |
"{4645B95A-72C2-4B08-BFE2-C5C07E609A67}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{48C02431-29F1-4565-8966-EBC888B6EAD2}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\backgammon.exe |
"{4D7D6075-2BBC-4F34-8A8A-CA376AA201FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{538A6EB5-4D19-4875-8E73-D772D3351903}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5624D3E2-C637-4FBF-9069-AB567A3EBAE4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{573C4F02-8480-4FFD-A7DF-4274E5A2DE8A}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{57C6E5C7-CC00-4F9E-9FEA-00954B37ADD0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5A9EC0B5-52C8-49C3-823E-12FFA33DE2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A57727B-45E4-4D3A-999B-C0BE6A8FC48E}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\tictactoe.exe |
"{6B6A2ACB-376F-431A-9FCA-5694101CFB23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74458F48-006A-4BA1-9B68-A6E6D53DAFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{81D72965-931C-48B8-BDBB-222C40A7D4AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{843219BF-34EF-4CC3-885C-29A57F60DDD3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{84A7F276-5114-4C5F-8EDD-809485C83749}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{854C8066-D4F1-4F92-849B-D5EB0F8E2747}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{85FF3835-4561-4C35-86F7-287D5A61061A}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\seabattle.exe |
"{8CE46A7C-841B-4F95-B63F-D36F0FD47B60}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{96B94B27-2A39-431E-AC0F-1598F7F159BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{99245D46-E36F-4A26-B1E1-12AAF1AF2AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe |
"{A01B475F-C6B5-4111-B23B-7D46B97D2B3B}" = protocol=17 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{A4D109CE-072A-4937-ABBA-7FE55A1D9F88}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{AC0F52C1-644C-4EE6-B30D-6C9172FEC880}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{ACFB70DD-CF49-4831-9A67-89C65453EEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{AEFA362B-2932-4A9C-9754-7B2C5D6BEEC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF0197E1-5366-468C-845B-5068AE90BC4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF10B33B-BA16-4EE6-8F24-A337FBAB7D28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B4747960-669D-46A0-9C29-C6EF10E18B75}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{B768B981-00EE-4EE0-9DC9-F8C58E4895B1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{BA8F9607-8D5A-401A-853D-2B5E72D691F7}" = protocol=17 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe |
"{C027672F-55F4-4C8C-9479-1DE62D28CE14}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{C35AC962-A92C-47A1-9DC1-5BC05E535810}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C401A5B6-395A-484D-953F-46CC2AE019CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CBA6BBE2-24AD-4935-9F1A-244B9412EDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{D0C15B3C-D191-466E-9AC3-FE0428D3BEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D80B3DF0-81EC-4060-A51E-B178F23360A8}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D99DA380-78E2-435E-B369-82E4934DD044}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE2F46A1-CEDC-4FA9-B015-D4566C1A8321}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E056986C-021A-4FC0-B693-EE2F0E2F8F3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{E158EFBA-83A2-4A40-9E3E-FF5F770DD56E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E22DE688-2217-4636-914C-9BDFB6831736}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{E2DD9870-2B17-4A77-B542-FFA5D5459C84}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E3293467-7A7D-44B5-93C0-517704486A16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4B86C0E-DDB8-4731-AEA3-66B9A81360E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECC6FCF3-08AE-4151-ACEF-2A9DBD6BD360}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe |
"{ED2A60A5-DEA6-4E68-9FA2-D7C770AAC9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFB69622-BD53-4DB9-82D1-4ACCDEEED02A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F249DFE7-C548-46A3-B977-F68333A319AF}" = protocol=6 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe |
"{F84BBF8D-3B91-413A-8FA0-A51771B0375E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FCD0F4F6-F664-412F-813F-40A8F57C005A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{200F9318-08E2-40D7-9CB5-36F3B2E3BDD8}C:\users\markus\downloads\nw.1.20130128a.11.exe" = protocol=6 | dir=in | app=c:\users\markus\downloads\nw.1.20130128a.11.exe |
"TCP Query User{2295834D-8CBF-4A30-95E1-7CF726F44D8B}C:\users\markus\downloads\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\markus\downloads\gunblade-dlm.exe |
"TCP Query User{38FD8E30-1141-4C4F-A522-B980BB9B2E7C}C:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"TCP Query User{5CA0EA8F-C7D3-4ED2-AE79-9537F714FB61}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{6EF9FA03-B2F9-4CD9-8CC4-CEF389627AA4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9ED0879F-CFFE-437C-87BC-DDABC69DDB59}C:\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{DFD5CC82-8462-4637-A1B0-0CB005F64C3C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{0C060C46-7B89-4837-AE6F-7FAB62315939}C:\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{15810FA7-85BC-467C-B5A5-B2E1437A5FB1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{93523668-CD6A-4BD1-970B-6B5E29159C6E}C:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"UDP Query User{A58008D7-B03A-4547-9F07-CA931B0AF61A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{B02D0FB6-8DE9-40A7-9948-32E8F32A3BA2}C:\users\markus\downloads\nw.1.20130128a.11.exe" = protocol=17 | dir=in | app=c:\users\markus\downloads\nw.1.20130128a.11.exe |
"UDP Query User{CF06EEDC-8E67-480B-BF10-F6B98534D63E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D72E9F6C-A289-40FE-B451-F739E4AF7E60}C:\users\markus\downloads\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\markus\downloads\gunblade-dlm.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{008C42A1-FB22-7DB4-618F-08E2C5059C0C}" = ccc-utility64
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{04573C2A-8756-E9F0-7878-C6029F6C7F25}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{393D3B4C-1F95-CDD2-4F0A-395D99D5F553}" = AMD Accelerated Video Transcoding
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{53A19094-2C04-A9B9-7309-3E92152D4845}" = AMD Catalyst Install Manager
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{C0FFB192-3484-9AA0-7505-3A5B6688752F}" = AMD Media Foundation Decoders
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.95.0
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"0D67E68137594F860C6712BEED012C751CF0CEA1" = Windows-Treiberpaket - Marvell Inc. System  (10/12/2011 1.2.0.1016)
"240BB28E74B329EFB17394F360F9BAF50AF54729" = Windows-Treiberpaket - Marvell Semiconductor Inc. (mv91cons) System  (10/12/2011 1.2.0.1016)
"3BEB4E6B8B7551C65A3625F56B382E01416A19C9" = Windows-Treiberpaket - Marvell Inc. (mv91xx) SCSIAdapter  (10/12/2011 1.2.0.1016)
"9408E68BC8A20B75E31B2992F0B23CEAF9743213" = Windows-Treiberpaket - Asmedia Technology (asahci64) hdc  (07/18/2012 1.3.8.000)
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"C5447D3383070620C3892FF393F522D6225CBA13" = Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (09/01/2012 11.6.0.1030)
"F9F15A450A238282ACAE7B69A18C8395A48659E3" = Windows-Treiberpaket - Intel Corporation (iaStorA) SCSIAdapter  (09/01/2012 11.6.0.1030)
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"PROSetDX" = Intel(R) Network Connections 17.4.95.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1050A3D4-BC3B-4443-BD60-68C2BAE65EF4}" = CCC Help English
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{1321BDD4-C5FC-BCFA-F281-7C66D5DE187F}" = CCC Help French
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{1D6DF721-54B7-6AA4-2050-7E286CCE13E8}" = Catalyst Control Center
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1EF73F13-8A60-7910-A59D-8F62A8BCD47D}" = CCC Help Swedish
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{22E62B37-5D05-C5AD-F53E-691342495A45}" = CCC Help Spanish
"{23528772-43DB-1E20-E845-DB1CE00FBB10}" = CCC Help Danish
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5B09F344-4406-11D5-96E8-0050BA84F5F7}" = Baldurs Gate(TM) II - Thron des Bhaal (TM)
"{5F32FD5A-6F9D-50FD-1896-0AEC107DE5D0}" = CCC Help Portuguese
"{60AAE030-8621-5187-F7CF-41A241698407}" = CCC Help Dutch
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{619DC4E1-DA11-48A1-4587-4E3E3D02D103}" = Catalyst Control Center Graphics Previews Common
"{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6F05E0AC-22D3-BE6E-05DD-623504F54FB2}" = CCC Help Chinese Standard
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{7668B02B-DDDA-A67C-F86B-9D1061DD08CD}" = CCC Help Hungarian
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7BA420C3-3629-2AD6-19D0-0A6E27D6B782}" = CCC Help Thai
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{8EFA9357-75F9-EF3D-B7F9-BC913BA8DAC5}" = CCC Help Norwegian
"{91DA5EBA-C240-289B-0AB4-6604CDE6A27F}" = CCC Help Czech
"{92000C16-939B-44CA-802F-0D552019D7C8}" = Sound Blaster Tactic(3D)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9711CA3C-614D-5B3B-E10F-062FD292075E}" = CCC Help Italian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{9FCBD98D-F8B3-6ECC-5293-9C28817E3269}" = Catalyst Control Center InstallProxy
"{A0B1B905-88E8-CBBB-C936-0FFECD06BBDC}" = Catalyst Control Center Localization All
"{A47642B2-4CB5-4325-8093-C88D4747953F}" = GeekBuddy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF749638-8C8C-84E8-DA4A-37D014824E33}" = CCC Help German
"{B0B4575E-EB62-1BDC-994A-A42ED7E8FF46}" = CCC Help Greek
"{B1504E18-0D34-1554-20FB-2BF6459D4683}" = CCC Help Russian
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy
"{B90B9B89-2B62-B281-25C3-A59B189C249F}" = CCC Help Finnish
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{C5ED3F69-3A6D-EA6E-EE57-342C0274FE5F}" = CCC Help Japanese
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1F7D0DE-A172-45FB-BF16-8875A380D5E7}" = UPC Install Master
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{DBD353DB-F37D-3CBB-65A7-0B3BA8634263}" = CCC Help Turkish
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE6EBBD2-C278-5F48-B021-C9314ABE7593}" = CCC Help Korean
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5C1211F-8F5E-B4BE-8046-3BB6B7944BA0}" = CCC Help Polish
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA115E3B-1A2D-F0F1-52CE-99D1BD346C08}" = CCC Help Chinese Traditional
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BioShock Infinite_is1" = BioShock Infinite
"Cisco Connect" = Cisco Connect
"Diablo III" = Diablo III
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"OpenAL" = OpenAL
"Origin" = Origin
"Saints Row The Third_is1" = Saints Row The Third
"StarCraft II" = StarCraft II
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 205790" = Dota 2 Test
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SysInfo" = Creative Systeminformationen
"Tomb Raider Survival Edition DLC-Pack 1.0" = Tomb Raider Survival Edition DLC-Pack 1.0
"Tomb Raider Update v.1.0.718.4 1.0" = Tomb Raider Update v.1.0.718.4 1.0
"Tomb Raider_is1" = Tomb Raider
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Uplay" = Uplay
"VGhlIFdhbGtpbmcgRGVhZCBTdXJ2aXZhbCBJbnN0aW5jdCAo~1255DFC2_is1" = The Walking Dead Survival Instinct (c) Activision version 1
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 13.04.2013 18:35:41 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 15.04.2013 12:44:57 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 15.04.2013 12:53:41 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 15.04.2013 18:07:55 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 16.04.2013 09:37:47 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 16.04.2013 18:45:32 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 17.04.2013 08:08:09 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.04.2013 10:27:43 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 18.04.2013 10:36:06 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 18.04.2013 22:51:54 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 19.04.2013 08:35:13 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.04.2013 23:57:08 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 20.04.2013 00:09:02 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1dc4    Startzeit:
 01ce3d7c08c4ab06    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 051d92ab-a970-11e2-a874-94dbc98a8974 
 
Error - 20.04.2013 02:58:40 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 19.03.2013 11:38:59 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 16:38:59, Tue, Mar 19, 13 Error - (CCC.exe-4816)  Unable to get interface
 information to enumerate interfaces
 
Error - 19.03.2013 11:59:02 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 16:59:02, Tue, Mar 19, 13 Error - (CCC.exe-5196)  Unable to get interface
 information to enumerate interfaces
 
Error - 25.03.2013 13:37:27 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 18:37:26, Mon, Mar 25, 13 Error - Unable to gain access to user store

 
Error - 07.04.2013 19:54:38 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 01:54:27, Mon, Apr 08, 13 Error - (CCC.exe-4844)  Unable to start peernet
 session, after 200 iterations
 
Error - 27.04.2013 10:39:06 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 16:39:00, Sat, Apr 27, 13 Error - (CCC.exe-4760)  Unable to start peernet
 session, after 200 iterations
 
[ Spybot - Search and Destroy Events ]
Error - 20.04.2013 10:11:07 | Computer Name = Markus-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 20.04.2013 10:11:22 | Computer Name = Markus-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 21.04.2013 06:38:51 | Computer Name = Markus-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
Error - 27.04.2013 07:15:20 | Computer Name = Markus-PC | Source = SDCleaner | ID = 100
Description = LoadCleaningInstructions
 
[ System Events ]
Error - 20.04.2013 03:36:42 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AMD External Events Utility" wurde aufgrund folgenden
Fehlers nicht gestartet:  %%1053
 
Error - 20.04.2013 09:54:04 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 21.04.2013 06:37:10 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 22.04.2013 08:53:27 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 23.04.2013 08:05:05 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 24.04.2013 11:19:57 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 24.04.2013 13:18:25 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 25.04.2013 10:45:44 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 25.04.2013 10:55:17 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 25.04.2013 10:55:17 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
 
< End of report >

PS: Trotz der MBAM Säuberung ist die Musik immer noch da
Ich glaub ich habs ins falsche Forum gepostet :( Wenn dies der fall ist, sry :(

M-K-D-B 29.04.2013 11:39
:hallo:


Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Bevor wir mit der Bereinigung starten, brauche ich noch ein paar Informationen:





Schritt 1
Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
  • Klicke nun auf den Disable Button, um die Treiber gewisser Emulatoren zu deaktivieren.
  • Defogger wird dich fragen "Defogger will forcefully terminate and disable all CD Emulator related drivers and processes... Continue?" bestätige diese Sicherheitsabfrage mit Ja.
  • Wenn der Scan beendet wurde (Finished), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.
  • Defogger erstellt auf dem Desktop eine Logdatei mit dem Namen defogger_disable.log. Poste deren Inhalt mit deiner nächsten Antwort.
Klicke den Re-enable Button nicht ohne Anweisung!





Schritt 2
Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von DeFogger,
  • die Logdatei von GMER.

Maeddy 29.04.2013 11:52
Hallo Matthias und danke für deine schnelle Antwort :)

Hier die 2 Log Files!

Defogger:
Code:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 12:41 on 29/04/2013 (Markus)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-
GMER:
Code:
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-29 12:49:41
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000070 ATA_____ rev.0A80 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Markus\AppData\Local\Temp\pxliypoc.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                    0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe[1464] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[3012] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69  0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe[1176] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155  0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                          0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[3120] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe[3508] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4832] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter                        00000000774087b1 5 bytes [33, C0, C2, 04, 00]
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[4832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                  0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe[2196] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                  0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                              0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe[4716] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                            0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4844] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69                            0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe[4844] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155                          0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe[4080] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                        0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe[4588] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                        0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Windows\SysWOW64\RunDll32.exe[5620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                                                        0000000076bd1465 2 bytes [BD, 76]
.text  C:\Windows\SysWOW64\RunDll32.exe[5620] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                                                        0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69          0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe[2352] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155          0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2
.text  C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                  0000000076bd1465 2 bytes [BD, 76]
.text  C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe[4276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                  0000000076bd14bb 2 bytes [BD, 76]
.text  ...                                                                                                                                                    * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\94dbc98a8974                                                                           
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04                                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                    C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                    0
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                0x21 0x81 0x79 0x70 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001                                                             
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                          0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                        0xD5 0x1E 0x09 0x30 ...
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40                                                     
Reg    HKLM\SYSTEM\CurrentControlSet\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                0x4D 0xE8 0x40 0xA8 ...
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\94dbc98a8974 (not active ControlSet)                                                       
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04 (not active ControlSet)                                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@p0                                                                        C:\Program Files (x86)\Alcohol Soft\Alcohol 120\
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@h0                                                                        0
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04@ujdew                                                                    0x21 0x81 0x79 0x70 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001 (not active ControlSet)                                         
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@a0                                                              0xA0 0x02 0x00 0x00 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001@ujdew                                                            0xD5 0x1E 0x09 0x30 ...
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40 (not active ControlSet)                                 
Reg    HKLM\SYSTEM\ControlSet002\services\sptd\Cfg\0D79C293C1ED61418462E24595C90D04\00000001\jdgg40@ujdew                                                    0x4D 0xE8 0x40 0xA8 ...

---- EOF - GMER 2.1 ----
Mfg
Markus

M-K-D-B 29.04.2013 11:54
Servus Markus,


dann starten wir mal die Bereinigung. ;)



Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).





Schritt 2
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von ComboFix.

Maeddy 29.04.2013 13:05
Hallo

Eine Frage zu Combofix.
Es läuft jetzt schon fast 1 Stunde am PC ( Bin mitn Tablet Online ). Ist das normal? Weil im Infofenster steht, das es 10 Minuten bis max. 20 dauern kann!

Mfg Markus

M-K-D-B 29.04.2013 14:28
Servus,


das ist etwas ungewöhnlich... in der Tat. :)

Maeddy 29.04.2013 14:29
Soll ich abbrechen und neu starten oder einfach mal laufen lassen und das Wetter geniessen :-)

M-K-D-B 29.04.2013 14:31
Zitat:
Zitat von Maeddy (Beitrag 1053845)
Soll ich abbrechen und neu starten oder einfach mal laufen lassen und das Wetter geniessen :-)
Was steht denn in der Konsole aktuell? Evtl. hat es sich ja aufgehängt...
Geht was vorwärts?

Maeddy 29.04.2013 14:34
Also im Fenster steht als letzes:
Fertiggestellt Stufe_4

Ich hör aber wie die Festplatte rattert, also nehme ich an das da alles okay ist!
Bei der G510 Tastatur rennt di Uhr auch weiter

M-K-D-B 29.04.2013 14:36
Wenn sich in 20 Minuten nichts mehr weiter tut, dann starte den Rechner in den abgesicherten Modus und führe ComboFix dort aus. :)

Maeddy 29.04.2013 14:38
Jawohl mach ich!

Um 16 Uhr geb ich dann bescheid was los is :-)

M-K-D-B 29.04.2013 14:41
Zitat:
Zitat von Maeddy (Beitrag 1053854)
Um 16 Uhr geb ich dann bescheid was los is :-)
Bin ja gespannt. :lach:

Poste schon mal die Logdatei von AdwCleaner.

Maeddy 29.04.2013 15:01
Huhu :)

War jetzt im abgesicherten Modus und da gings ruckzuck :P

Hier die 2 Logs:

AdwCleaner:
Code:
# AdwCleaner v2.300 - Datei am 29/04/2013 um 12:56:04 erstellt
# Aktualisiert am 28/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Markus - MARKUS-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Markus\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\ProgramData\BrowSoe2asaaveey
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BrowSoe2asaaveey
Ordner Gelöscht : C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Extensions\obfhpphiakcmaklmdebmlgdmejaobopp
Ordner Gelöscht : C:\Users\Markus\AppData\Local\PackageAware
Ordner Gelöscht : C:\Users\Markus\AppData\Local\Temp\OCS
Ordner Gelöscht : C:\Users\Markus\AppData\LocalLow\BrowSoe2asaaveey
Ordner Gelöscht : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\q8s81j6k.default\extensions\0yyydxol@dapiiayyeeuo.org

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\SProtector
Schlüssel Gelöscht : HKCU\Software\OCS
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{E2343056-CC08-46AC-B898-BFC7ACF4E755}
Schlüssel Gelöscht : HKLM\Software\SP Global
Schlüssel Gelöscht : HKLM\Software\SProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16537

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v20.0.1 (de)

Datei : C:\Users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\q8s81j6k.default\prefs.js

Gelöscht : user_pref("aol_toolbar.default.homepage.check", false);
Gelöscht : user_pref("aol_toolbar.default.search.check", false);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Gelöscht : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
Gelöscht : user_pref("sweetim.toolbar.previous.browser.startup.homepage", "");
Gelöscht : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Gelöscht : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "");
Gelöscht : user_pref("sweetim.toolbar.searchguard.enable", "");

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Markus\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [2865 octets] - [29/04/2013 12:56:04]

########## EOF - C:\AdwCleaner[S1].txt - [2925 octets] ##########
und hier Combofix:

Code:
ComboFix 13-04-28.01 - Markus 29.04.2013  15:50:10.2.4 - x64 MINIMAL
Microsoft Windows 7 Home Premium  6.1.7601.1.1252.43.1031.18.8137.7191 [GMT 2:00]
ausgeführt von:: c:\users\Markus\Desktop\Trojaner\ComboFix.exe
AV: ZoneAlarm Antivirus *Enabled/Updated* {DE038A5B-9EDD-18A9-2361-FF7D98D43730}
FW: ZoneAlarm Firewall *Enabled* {E6380B7E-D4B2-19F1-083E-56486607704B}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: ZoneAlarm Anti-Spyware *Enabled/Updated* {65626BBF-B8E7-1727-19D1-C40FE3537D8D}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((  Weitere Löschungen  ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
c:\windows\wininit.ini
.
.
(((((((((((((((((((((((  Dateien erstellt von 2013-03-28 bis 2013-04-29  ))))))))))))))))))))))))))))))
.
.
2013-04-29 13:55 . 2013-04-29 13:55        --------        d-----w-        c:\users\hedev\AppData\Local\temp
2013-04-29 13:55 . 2013-04-29 13:55        --------        d-----w-        c:\users\Default\AppData\Local\temp
2013-04-29 10:43 . 2013-04-29 10:43        --------        d-----w-        c:\programdata\ATI
2013-04-29 10:29 . 2013-04-29 10:29        --------        d-----w-        c:\program files (x86)\AMD AVT
2013-04-29 10:26 . 2013-04-29 10:26        --------        d-----w-        C:\AMD
2013-04-27 11:10 . 2013-04-27 11:10        --------        d-----w-        c:\users\Markus\AppData\Roaming\Malwarebytes
2013-04-27 11:09 . 2013-04-27 11:09        --------        d-----w-        c:\programdata\Malwarebytes
2013-04-27 11:09 . 2013-04-27 11:09        --------        d-----w-        c:\program files (x86)\Malwarebytes' Anti-Malware
2013-04-27 11:09 . 2013-04-04 12:50        25928        ----a-w-        c:\windows\system32\drivers\mbam.sys
2013-04-26 12:07 . 2013-04-10 03:46        9317456        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{04EE9E85-B93C-4873-8405-73A68EB57B7C}\mpengine.dll
2013-04-24 15:24 . 2013-04-12 14:45        1656680        ----a-w-        c:\windows\system32\drivers\ntfs.sys
2013-04-22 17:35 . 2008-07-12 06:18        467984        ----a-w-        c:\windows\SysWow64\d3dx10_39.dll
2013-04-22 17:35 . 2008-07-12 06:18        3851784        ----a-w-        c:\windows\SysWow64\D3DX9_39.dll
2013-04-22 17:35 . 2008-07-12 06:18        1493528        ----a-w-        c:\windows\SysWow64\D3DCompiler_39.dll
2013-04-22 17:31 . 2013-04-22 17:31        --------        d-----w-        C:\Riot Games
2013-04-22 16:42 . 2013-04-22 16:58        --------        d-----w-        C:\LoL
2013-04-22 16:41 . 2013-04-22 16:41        --------        d-----w-        c:\users\Markus\.swt
2013-04-20 07:37 . 2013-04-20 07:37        --------        d-----w-        c:\program files (x86)\AMD APP
2013-04-20 07:37 . 2013-04-20 07:37        --------        d-----w-        c:\program files\Common Files\ATI Technologies
2013-04-20 07:37 . 2013-04-20 07:37        --------        d-----w-        c:\program files (x86)\Common Files\ATI Technologies
2013-04-20 07:36 . 2013-04-20 07:36        --------        d-----w-        c:\program files (x86)\ATI Technologies
2013-04-20 07:35 . 2013-04-29 10:29        --------        d-----w-        c:\program files\ATI Technologies
2013-04-20 07:35 . 2013-04-21 07:57        71048        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-04-20 07:35 . 2013-04-21 07:57        691592        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe
2013-04-19 14:33 . 2013-04-20 14:10        --------        d-----w-        c:\programdata\Spybot - Search & Destroy
2013-04-19 14:33 . 2013-04-29 13:47        --------        d-----w-        c:\program files (x86)\Spybot - Search & Destroy 2
2013-04-18 14:37 . 2013-04-18 14:37        --------        d-----w-        c:\program files (x86)\Common Files\COMODO
2013-04-13 18:41 . 2013-04-13 18:41        --------        d-----w-        C:\aweff
2013-04-11 22:09 . 2013-04-11 22:32        --------        d-----w-        c:\program files (x86)\Diablo III
2013-04-09 20:21 . 2013-03-01 03:36        3153408        ----a-w-        c:\windows\system32\win32k.sys
2013-04-09 20:21 . 2013-01-24 06:01        223752        ----a-w-        c:\windows\system32\drivers\fvevol.sys
2013-04-09 20:21 . 2013-03-19 06:04        5550424        ----a-w-        c:\windows\system32\ntoskrnl.exe
2013-04-09 20:21 . 2013-03-19 05:04        3968856        ----a-w-        c:\windows\SysWow64\ntkrnlpa.exe
2013-04-09 20:21 . 2013-03-19 05:04        3913560        ----a-w-        c:\windows\SysWow64\ntoskrnl.exe
2013-04-09 20:21 . 2013-03-19 05:46        43520        ----a-w-        c:\windows\system32\csrsrv.dll
2013-04-09 20:21 . 2013-03-19 04:47        6656        ----a-w-        c:\windows\SysWow64\apisetschema.dll
2013-04-09 20:21 . 2013-03-19 03:06        112640        ----a-w-        c:\windows\system32\smss.exe
2013-04-09 00:11 . 2013-04-09 00:12        --------        d-----w-        c:\users\Markus\AppData\Roaming\Curse Advertising
2013-04-08 03:24 . 2013-01-28 13:19        37664        ----a-w-        c:\windows\system32\uxtuneup.dll
2013-04-08 03:24 . 2013-01-28 13:19        29984        ----a-w-        c:\windows\SysWow64\uxtuneup.dll
2013-04-08 03:20 . 2013-01-28 13:19        35104        ----a-w-        c:\windows\system32\TURegOpt.exe
2013-04-08 03:20 . 2013-01-28 13:19        26400        ----a-w-        c:\windows\system32\authuitu.dll
2013-04-08 03:20 . 2013-01-28 13:19        21792        ----a-w-        c:\windows\SysWow64\authuitu.dll
2013-04-08 03:10 . 2013-04-08 03:14        --------        d-----w-        c:\users\Markus\AppData\Roaming\Systweak
2013-04-08 03:10 . 2013-01-01 16:32        20488        ----a-w-        c:\windows\system32\roboot64.exe
2013-04-08 03:10 . 2013-04-08 03:10        --------        d-----w-        c:\users\Markus\AppData\Local\Google
2013-04-08 03:02 . 2013-04-08 03:35        --------        d-----w-        c:\program files (x86)\BioShock Infinite
2013-04-07 13:36 . 2013-04-07 13:36        --------        d-----w-        c:\users\Markus\AppData\Roaming\CheckPoint
2013-04-07 13:35 . 2013-04-07 13:35        --------        d-----w-        c:\program files\CheckPoint
2013-04-07 13:35 . 2012-11-15 19:06        89432        ----a-w-        c:\windows\system32\drivers\klflt.sys
2013-04-07 13:35 . 2012-11-15 19:06        611160        ----a-w-        c:\windows\system32\drivers\klif.sys
2013-04-07 13:34 . 2013-04-07 13:35        --------        d-----w-        c:\program files (x86)\CheckPoint
2013-04-07 13:33 . 2013-04-07 13:33        --------        d-----w-        c:\programdata\CheckPoint
2013-04-07 12:34 . 2013-04-07 12:34        --------        d-----w-        C:\VTRoot
2013-04-07 12:32 . 2013-04-07 12:32        --------        d-----w-        c:\program files\COMODO
2013-04-07 12:32 . 2013-04-07 12:33        --------        d-----w-        c:\programdata\COMODO
2013-04-07 12:32 . 2013-04-07 12:33        --------        d-----w-        c:\program files (x86)\Comodo
2013-04-07 12:32 . 2013-04-07 12:32        348160        ----a-w-        c:\windows\SysWow64\msvcr71.dll
2013-04-07 12:32 . 2013-04-07 12:32        1700352        ----a-w-        c:\windows\SysWow64\gdiplus.dll
2013-04-07 12:32 . 2013-04-07 12:32        1060864        ----a-w-        c:\windows\SysWow64\mfc71.dll
2013-04-07 12:32 . 2013-04-07 12:32        --------        d-----w-        c:\programdata\Comodo Downloader
2013-04-05 00:21 . 2013-04-05 00:21        --------        d-----w-        c:\program files (x86)\FF14
2013-04-02 00:19 . 2013-04-02 00:19        95648        ----a-w-        c:\windows\SysWow64\WindowsAccessBridge-32.dll
.
.
.
((((((((((((((((((((((((((((((((((((  Find3M Bericht  ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-04-11 20:58 . 2012-12-04 12:01        72702784        ----a-w-        c:\windows\system32\MRT.exe
2013-04-02 00:19 . 2013-02-13 13:33        861088        ----a-w-        c:\windows\SysWow64\npDeployJava1.dll
2013-04-02 00:19 . 2013-02-13 13:33        782240        ----a-w-        c:\windows\SysWow64\deployJava1.dll
2013-03-29 02:37 . 2013-03-29 02:37        78432        ----a-w-        c:\windows\system32\atimpc64.dll
2013-03-29 02:37 . 2013-03-29 02:37        78432        ----a-w-        c:\windows\system32\amdpcom64.dll
2013-03-29 02:37 . 2013-03-29 02:37        71704        ----a-w-        c:\windows\SysWow64\atimpc32.dll
2013-03-29 02:37 . 2013-03-29 02:37        71704        ----a-w-        c:\windows\SysWow64\amdpcom32.dll
2013-03-29 02:37 . 2012-11-04 19:25        139696        ----a-w-        c:\windows\system32\atiuxp64.dll
2013-03-29 02:37 . 2012-12-19 19:31        118584        ----a-w-        c:\windows\SysWow64\atiuxpag.dll
2013-03-29 02:37 . 2012-12-19 19:31        112440        ----a-w-        c:\windows\system32\atiu9p64.dll
2013-03-29 02:37 . 2012-12-19 19:30        92304        ----a-w-        c:\windows\SysWow64\atiu9pag.dll
2013-03-29 02:37 . 2012-11-04 19:25        1155264        ----a-w-        c:\windows\system32\aticfx64.dll
2013-03-29 02:37 . 2012-12-19 20:09        970912        ----a-w-        c:\windows\SysWow64\aticfx32.dll
2013-03-29 02:36 . 2012-11-04 19:25        8272136        ----a-w-        c:\windows\system32\atidxx64.dll
2013-03-29 02:36 . 2012-12-19 20:06        7233336        ----a-w-        c:\windows\SysWow64\atidxx32.dll
2013-03-29 02:36 . 2012-11-04 19:25        4450264        ----a-w-        c:\windows\SysWow64\atiumdva.dll
2013-03-29 02:36 . 2012-11-04 19:25        5944264        ----a-w-        c:\windows\SysWow64\atiumdag.dll
2013-03-29 02:36 . 2013-03-29 02:36        5000320        ----a-w-        c:\windows\system32\atiumd6a.dll
2013-03-29 02:36 . 2013-03-29 02:36        6985624        ----a-w-        c:\windows\system32\atiumd64.dll
2013-03-29 02:35 . 2013-03-29 02:35        11658752        ----a-w-        c:\windows\system32\drivers\atikmdag.sys
2013-03-29 02:13 . 2013-03-29 02:13        222720        ----a-w-        c:\windows\system32\clinfo.exe
2013-03-29 02:13 . 2013-03-29 02:13        798734        ----a-w-        c:\windows\SysWow64\amdocl_ld32.exe
2013-03-29 02:13 . 2013-03-29 02:13        1187342        ----a-w-        c:\windows\system32\amdocl_as64.exe
2013-03-29 02:13 . 2013-03-29 02:13        1061902        ----a-w-        c:\windows\system32\amdocl_ld64.exe
2013-03-29 02:13 . 2013-03-29 02:13        995342        ----a-w-        c:\windows\SysWow64\amdocl_as32.exe
2013-03-29 02:13 . 2013-03-29 02:13        76288        ----a-w-        c:\windows\system32\OpenVideo64.dll
2013-03-29 02:13 . 2013-03-29 02:13        65536        ----a-w-        c:\windows\SysWow64\OpenVideo.dll
2013-03-29 02:13 . 2013-03-29 02:13        64000        ----a-w-        c:\windows\system32\OVDecode64.dll
2013-03-29 02:12 . 2013-03-29 02:12        56320        ----a-w-        c:\windows\SysWow64\OVDecode.dll
2013-03-29 02:12 . 2013-03-29 02:12        29150720        ----a-w-        c:\windows\system32\amdocl64.dll
2013-03-29 02:10 . 2013-03-29 02:10        23810560        ----a-w-        c:\windows\SysWow64\amdocl.dll
2013-03-29 02:09 . 2013-03-29 02:09        54784        ----a-w-        c:\windows\system32\OpenCL.dll
2013-03-29 02:09 . 2013-03-29 02:09        50176        ----a-w-        c:\windows\SysWow64\OpenCL.dll
2013-03-29 02:04 . 2012-11-04 19:25        24229376        ----a-w-        c:\windows\system32\atio6axx.dll
2013-03-29 02:00 . 2013-03-29 02:00        76800        ----a-w-        c:\windows\system32\coinst_12.104.dll
2013-03-29 01:57 . 2013-03-29 01:57        163840        ----a-w-        c:\windows\system32\atiapfxx.exe
2013-03-29 01:55 . 2013-03-29 01:55        51200        ----a-w-        c:\windows\system32\aticalrt64.dll
2013-03-29 01:55 . 2013-03-29 01:55        46080        ----a-w-        c:\windows\SysWow64\aticalrt.dll
2013-03-29 01:55 . 2013-03-29 01:55        44544        ----a-w-        c:\windows\system32\aticalcl64.dll
2013-03-29 01:55 . 2013-03-29 01:55        44032        ----a-w-        c:\windows\SysWow64\aticalcl.dll
2013-03-29 01:55 . 2013-03-29 01:55        16082944        ----a-w-        c:\windows\system32\aticaldd64.dll
2013-03-29 01:51 . 2013-03-29 01:51        13703168        ----a-w-        c:\windows\SysWow64\aticaldd.dll
2013-03-29 01:48 . 2013-03-29 01:48        19870720        ----a-w-        c:\windows\SysWow64\atioglxx.dll
2013-03-29 01:35 . 2013-03-29 01:35        442368        ----a-w-        c:\windows\system32\atidemgy.dll
2013-03-29 01:35 . 2013-03-29 01:35        562688        ----a-w-        c:\windows\system32\atieclxx.exe
2013-03-29 01:34 . 2013-03-29 01:34        241152        ----a-w-        c:\windows\system32\atiesrxx.exe
2013-03-29 01:33 . 2013-03-29 01:33        120320        ----a-w-        c:\windows\system32\atitmm64.dll
2013-03-29 01:32 . 2013-03-29 01:32        26112        ----a-w-        c:\windows\system32\atimuixx.dll
2013-03-29 01:32 . 2013-03-29 01:32        59392        ----a-w-        c:\windows\system32\atiedu64.dll
2013-03-29 01:32 . 2013-03-29 01:32        43520        ----a-w-        c:\windows\SysWow64\ati2edxx.dll
2013-03-29 01:11 . 2013-03-29 01:11        79360        ----a-w-        c:\windows\system32\amdave64.dll
2013-03-29 01:11 . 2013-03-29 01:11        78336        ----a-w-        c:\windows\SysWow64\amdave32.dll
2013-03-29 01:11 . 2013-03-29 01:11        74240        ----a-w-        c:\windows\system32\atisamu64.dll
2013-03-29 01:11 . 2013-03-29 01:11        71168        ----a-w-        c:\windows\SysWow64\atisamu32.dll
2013-03-29 01:10 . 2012-11-04 19:26        636416        ----a-w-        c:\windows\system32\atiadlxx.dll
2013-03-29 01:10 . 2013-03-29 01:10        430080        ----a-w-        c:\windows\SysWow64\atiadlxy.dll
2013-03-29 01:10 . 2012-11-04 19:25        17920        ----a-w-        c:\windows\system32\atig6pxx.dll
2013-03-29 01:10 . 2013-03-29 01:10        14848        ----a-w-        c:\windows\SysWow64\atiglpxx.dll
2013-03-29 01:10 . 2013-03-29 01:10        14848        ----a-w-        c:\windows\system32\atiglpxx.dll
2013-03-29 01:10 . 2012-11-04 19:25        44032        ----a-w-        c:\windows\system32\atig6txx.dll
2013-03-29 01:09 . 2013-03-29 01:09        34816        ----a-w-        c:\windows\SysWow64\atigktxx.dll
2013-03-29 01:09 . 2013-03-29 01:09        581120        ----a-w-        c:\windows\system32\drivers\atikmpag.sys
2013-03-29 01:07 . 2013-03-29 01:07        53248        ----a-w-        c:\windows\system32\drivers\ati2erec.dll
2013-03-16 14:35 . 2013-02-15 22:01        466520        ----a-w-        c:\windows\system32\wrap_oal.dll
2013-03-16 14:35 . 2013-02-15 22:01        445016        ----a-w-        c:\windows\SysWow64\wrap_oal.dll
2013-03-16 14:35 . 2013-02-15 14:29        123480        ----a-w-        c:\windows\system32\OpenAL32.dll
2013-03-16 14:35 . 2013-02-15 14:29        109144        ----a-w-        c:\windows\SysWow64\OpenAL32.dll
2013-03-15 05:30 . 2013-03-15 05:30        719360        ----a-w-        c:\windows\SysWow64\mshtmlmedia.dll
2013-03-15 05:30 . 2013-03-15 05:30        523264        ----a-w-        c:\windows\SysWow64\vbscript.dll
2013-03-15 05:30 . 2013-03-15 05:30        38400        ----a-w-        c:\windows\SysWow64\imgutil.dll
2013-03-15 05:30 . 2013-03-15 05:30        226304        ----a-w-        c:\windows\system32\elshyph.dll
2013-03-15 05:30 . 2013-03-15 05:30        185344        ----a-w-        c:\windows\SysWow64\elshyph.dll
2013-03-15 05:30 . 2013-03-15 05:30        158720        ----a-w-        c:\windows\SysWow64\msls31.dll
2013-03-15 05:30 . 2013-03-15 05:30        150528        ----a-w-        c:\windows\SysWow64\iexpress.exe
2013-03-15 05:30 . 2013-03-15 05:30        138752        ----a-w-        c:\windows\SysWow64\wextract.exe
2013-03-15 05:30 . 2013-03-15 05:30        137216        ----a-w-        c:\windows\SysWow64\ieUnatt.exe
2013-03-15 05:30 . 2013-03-15 05:30        12800        ----a-w-        c:\windows\SysWow64\mshta.exe
2013-03-15 05:30 . 2013-03-15 05:30        1054720        ----a-w-        c:\windows\system32\MsSpellCheckingFacility.exe
2013-03-15 05:30 . 2013-03-15 05:30        905728        ----a-w-        c:\windows\system32\mshtmlmedia.dll
2013-03-15 05:30 . 2013-03-15 05:30        81408        ----a-w-        c:\windows\system32\icardie.dll
2013-03-15 05:30 . 2013-03-15 05:30        762368        ----a-w-        c:\windows\system32\ieapfltr.dll
2013-03-15 05:30 . 2013-03-15 05:30        73728        ----a-w-        c:\windows\SysWow64\SetIEInstalledDate.exe
2013-03-15 05:30 . 2013-03-15 05:30        61952        ----a-w-        c:\windows\SysWow64\tdc.ocx
2013-03-15 05:30 . 2013-03-15 05:30        48640        ----a-w-        c:\windows\SysWow64\mshtmler.dll
2013-03-15 05:30 . 2013-03-15 05:30        452096        ----a-w-        c:\windows\system32\dxtmsft.dll
2013-03-15 05:30 . 2013-03-15 05:30        441856        ----a-w-        c:\windows\system32\html.iec
2013-03-15 05:30 . 2013-03-15 05:30        361984        ----a-w-        c:\windows\SysWow64\html.iec
2013-03-15 05:30 . 2013-03-15 05:30        281600        ----a-w-        c:\windows\system32\dxtrans.dll
2013-03-15 05:30 . 2013-03-15 05:30        27648        ----a-w-        c:\windows\system32\licmgr10.dll
2013-03-15 05:30 . 2013-03-15 05:30        270848        ----a-w-        c:\windows\system32\iedkcs32.dll
2013-03-15 05:30 . 2013-03-15 05:30        247296        ----a-w-        c:\windows\system32\webcheck.dll
2013-03-15 05:30 . 2013-03-15 05:30        235008        ----a-w-        c:\windows\system32\url.dll
2013-03-15 05:30 . 2013-03-15 05:30        23040        ----a-w-        c:\windows\SysWow64\licmgr10.dll
2013-03-15 05:30 . 2013-03-15 05:30        216064        ----a-w-        c:\windows\system32\msls31.dll
2013-03-15 05:30 . 2013-03-15 05:30        197120        ----a-w-        c:\windows\system32\msrating.dll
2013-03-15 05:30 . 2013-03-15 05:30        1509376        ----a-w-        c:\windows\system32\inetcpl.cpl
2013-03-15 05:30 . 2013-03-15 05:30        1441280        ----a-w-        c:\windows\SysWow64\inetcpl.cpl
2013-03-15 05:30 . 2013-03-15 05:30        1400416        ----a-w-        c:\windows\system32\ieapfltr.dat
2013-03-15 05:30 . 2013-03-15 05:30        110592        ----a-w-        c:\windows\SysWow64\IEAdvpack.dll
2013-03-15 05:30 . 2013-03-15 05:30        102912        ----a-w-        c:\windows\system32\inseng.dll
.
.
((((((((((((((((((((((((((((  Autostartpunkte der Registrierung  ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 17:05        1722976        ----a-w-        c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 17:05        1722976        ----a-w-        c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 17:05        1722976        ----a-w-        c:\progra~2\MICROS~4\Office15\GROOVEEX.DLL
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-02-15 3093624]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2013-03-20 3494992]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-10-16 291648]
"ASUS WiFi GO! FileTransfer Execute"="c:\program files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe" [2012-03-01 1376896]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2013-01-28 59720]
"ZoneAlarm"="c:\program files (x86)\CheckPoint\ZoneAlarm\zatray.exe" [2013-01-29 73832]
"gbrspcontrol"="c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe" [2013-04-17 1851088]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2013-03-28 642656]
.
c:\users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2013-1-6 0]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2011-11-28 1338656]
Start GeekBuddy.lnk - c:\program files (x86)\Comodo\GeekBuddy\launcher.exe [2013-4-17 49352]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute        REG_MULTI_SZ          autocheck autochk *\0\0sdnclean64.exe
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages        REG_MULTI_SZ          scecli c:\program files\WIDCOMM\Bluetooth Software\BtwProximityCP.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 CFRMD;CFRMD;c:\windows\system32\DRIVERS\CFRMD.sys [x]
R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2013-03-29 241152]
R2 asComSvc;ASUS Com Service;c:\program files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe [2011-10-29 918448]
R2 asHmComSvc;ASUS HM Com Service;c:\program files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe [2012-02-02 951936]
R2 AsSysCtrlService;ASUS System Control Service;c:\program files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe [2012-02-17 149120]
R2 AxAutoMntSrv;Alcohol Virtual Drive Auto-mount Service;c:\program files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe [2012-01-05 75624]
R2 CLPSLauncher;COMODO LPS Launcher;c:\program files (x86)\Common Files\COMODO\launcher_service.exe [2013-04-17 70344]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2012-07-08 123856]
R2 DTSAudioSvc;DTSAudioSvc;c:\program files\Realtek\Audio\HDA\DTSU2PAuSrv64.exe [2012-01-23 233328]
R2 GeekBuddyRSP;GeekBuddyRSP Service;c:\program files (x86)\Common Files\COMODO\GeekBuddyRSP.exe [2013-04-17 1851088]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-06-19 634632]
R2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-09-06 170824]
R2 ISWKL;ZoneAlarm LTD Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [2012-11-22 33712]
R2 IswSvc;ZoneAlarm LTD Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\IswSvc.exe [2012-11-22 828072]
R2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-09-12 166688]
R2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2013-01-28 2402080]
R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-09-12 365344]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2013-02-14 96768]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;c:\windows\system32\drivers\bcbtums.sys [2011-11-03 134696]
R3 BcmVWL;Broadcom Virtual Wireless;c:\windows\system32\DRIVERS\bcmvwl64.sys [2012-12-03 21568]
R3 btwampfl;btwampfl Bluetooth filter driver;c:\windows\system32\drivers\btwampfl.sys [2011-09-20 620584]
R3 BTWDPAN;Bluetooth Personal Area Network;c:\windows\system32\DRIVERS\btwdpan.sys [2011-05-20 89640]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2011-02-13 39976]
R3 cpuz136;cpuz136;c:\windows\TEMP\cpuz136\cpuz136_x64.sys [x]
R3 Creative ALchemy AL6 Licensing Service;Creative ALchemy AL6 Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [2013-03-16 79360]
R3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [2013-03-16 79360]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 137488]
R3 ioatdma1;ioatdma1;c:\windows\System32\Drivers\qd162x64.sys [2009-11-16 40144]
R3 ioatdma2;Intel(R) QuickData Technology device ver.2;c:\windows\System32\Drivers\qd262x64.sys [2009-11-16 42192]
R3 LGPBTDD;LGPBTDD.sys Display Driver;c:\windows\system32\Drivers\LGPBTDD.sys [2009-07-01 30728]
R3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-24 16008]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2012-03-26 22528]
R3 ose64;Office 64 Source Engine;c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2012-10-01 178824]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2012-04-11 708200]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-11-16 11880]
R3 UHSfiltv;UHSfiltv;c:\windows\system32\drivers\UHSfiltv.sys [2012-09-28 23552]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-12-13 54784]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-07-05 1255736]
R4 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 asahci64;asahci64;c:\windows\system32\drivers\asahci64.sys [2012-07-18 49048]
S0 iaStorA;iaStorA;c:\windows\system32\drivers\iaStorA.sys [2012-09-01 647736]
S0 iaStorF;iaStorF;c:\windows\system32\drivers\iaStorF.sys [2012-09-01 28216]
S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\drivers\iusb3hcs.sys [2012-10-16 20024]
S0 mv91cons;Marvell 91xx Config Device Driver;c:\windows\system32\drivers\mv91cons.sys [2011-10-12 27440]
S0 mv91xx;mv91xx;c:\windows\system32\drivers\mv91xx.sys [2011-10-12 313648]
S3 asmthub3;ASMedia USB3 Hub Service;c:\windows\system32\DRIVERS\asmthub3.sys [2012-08-20 138568]
S3 asmtxhci;ASMEDIA XHCI Service;c:\windows\system32\drivers\asmtxhci.sys [2012-08-20 416072]
S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-10-16 358456]
S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\drivers\iusb3xhc.sys [2012-10-16 791608]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-24 22408]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-29 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-04-20 07:57]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro1 (ErrorConflict)]
@="{8BA85C75-763B-4103-94EB-9470F12FE0F7}"
[HKEY_CLASSES_ROOT\CLSID\{8BA85C75-763B-4103-94EB-9470F12FE0F7}]
2013-02-22 16:59        2325624        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro2 (SyncInProgress)]
@="{CD55129A-B1A1-438E-A425-CEBC7DC684EE}"
[HKEY_CLASSES_ROOT\CLSID\{CD55129A-B1A1-438E-A425-CEBC7DC684EE}]
2013-02-22 16:59        2325624        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrivePro3 (InSync)]
@="{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}"
[HKEY_CLASSES_ROOT\CLSID\{E768CD3B-BDDC-436D-9C13-E1B39CA257B1}]
2013-02-22 16:59        2325624        ----a-w-        c:\progra~1\MICROS~2\Office15\GROOVEEX.DLL
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RtkNGUI64.exe" [2012-06-12 6548112]
"RtHDVBg_DTS"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2012-06-13 1212560]
"Broadcom Wireless Manager UI"="c:\program files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe" [2012-12-03 7138816]
"Launch LCore"="c:\program files\Logitech Gaming Software\LCore.exe" [2012-11-29 7406392]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2012-11-22 1127592]
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - NetSvcs
UxTuneUp
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService
FontCache
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 212.186.211.21 195.34.133.21
Filter: text/xml - {807583E5-5146-11D5-A672-00B0D022E945} - c:\program files (x86)\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL
FF - ProfilePath - c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\q8s81j6k.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - ExtSQL: 2013-04-07 15:36; {FFB96CC1-7EB3-449D-B827-DB661701C6BB}; c:\program files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - ExtSQL: 2013-04-08 05:28; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Markus\AppData\Roaming\Mozilla\Firefox\Profiles\q8s81j6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
HKLM_Wow6432Node-ActiveSetup-{2D46B6DC-2207-486B-B523-A557E6D54B47} - start
Toolbar-Locked - (no file)
ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file)
ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file)
ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file)
AddRemove-{631141AD-79AA-447F-B403-21C704D39B8C} - c:\programdata\{27B0A538-DF16-44D6-820D-D0B042C42C20}\upc optimizer.exe
AddRemove-{D1F7D0DE-A172-45FB-BF16-8875A380D5E7} - c:\programdata\{A79D03BF-C5DB-49B2-AD5F-6CED14FFE4D6}\UPC Install Master.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_7_700_169_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_7_700_169.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-29  15:56:29
ComboFix-quarantined-files.txt  2013-04-29 13:56
.
Vor Suchlauf: 18 Verzeichnis(se), 432.565.673.984 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 432.109.379.584 Bytes frei
.
- - End Of File - - E96CF2445ABC7517CD05BD8B430C68D9

M-K-D-B 29.04.2013 15:09
Servus,



Zitat:
Zitat von Maeddy (Beitrag 1053872)
Huhu :)

War jetzt im abgesicherten Modus und da gings ruckzuck :P
Hehe... :lach:





Schritt 1
Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.





Schritt 2
Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop.
SystemLook (64 bit)
  • Doppelklicke auf die SystemLook_x64.exe, um das Tool zu starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:
    Code:
    :filefind
    *BrowSoe2asaaveey*
    *SProtector*
    *Softonic*

    :folderfind
    *BrowSoe2asaaveey*
    *SProtector*
    *Softonic*


    :regfind
    BrowSoe2asaaveey
    SProtector
    Softonic
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Der Suchlauf kann einige Zeit dauern.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, poste diese in deinen Thread.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.





Hörst du immer noch im Hintergrund Musik beim Surfen mit Firefox?





Bitte poste mit deiner nächsten Antwort
  • die Logdateien von OTL,
  • die Logdatei von SystemLook,
  • die Beantwortung der gestellten Frage.

Maeddy 29.04.2013 15:30
So hier einmal die 2 Logs:

OLT:
Code:
OTL logfile created on: 29.04.2013 16:12:23 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Markus\Desktop\Trojaner
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,24 Gb Available Physical Memory | 65,91% Memory free
15,89 Gb Paging File | 12,91 Gb Available in Paging File | 81,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,50 Gb Total Space | 396,71 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Markus\Desktop\Trojaner\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Steam\Steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit_manager.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Comodo\GeekBuddy\unit.exe (Comodo Security Solutions, Inc.)
PRC - C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFi GO! Server.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AsDLNAServerReal.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AI Suite II.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
PRC - C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\AlertHelper.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\ASUS\AI Suite II\AsRoutineController.exe (ASUSTeK Computer Inc.)
PRC - C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
PRC - C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
MOD - C:\Program Files (x86)\Steam\bin\chromehtml.DLL ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Steam\bin\libcef.dll ()
MOD - C:\Program Files (x86)\Steam\SDL2.dll ()
MOD - C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
MOD - C:\Program Files (x86)\Steam\bin\avcodec-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avformat-53.dll ()
MOD - C:\Program Files (x86)\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\WiFiGO.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\MirrorOpSender.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\DLCapPP.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiMoveHelp.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\Sensor.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\IsSupported.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFiGO_HookKey.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\PhoneCtrlAPI.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\TabGadget\TabGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor Graph\SensorGraph.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\BarGadget\BarGadget.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Settings\Settings.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\AudioProjection.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\awiscale.DLL ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Splitter\Splitter.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\AssistFunc.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\CoreAudioCap.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\pngio.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\ImageHelper.dll ()
MOD - C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMLib.dll ()
MOD - C:\Program Files (x86)\ASUS\AI Suite II\Sensor\AlertHelper\pngio.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (GeekBuddyRSP) -- C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
SRV - (CLPSLauncher) -- C:\Program Files (x86)\Common Files\COMODO\launcher_service.exe (Comodo Security Solutions Inc.)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (vsmon) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe (Check Point Software Technologies LTD)
SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software)
SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (IswSvc) -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe (Check Point Software Technologies)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose64) -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation)
SRV - (AsSysCtrlService) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.13\AsSysCtrlService.exe (ASUSTeK Computer Inc.)
SRV - (asHmComSvc) -- C:\Program Files (x86)\ASUS\AAHM\1.00.20\aaHMSvc.exe (ASUSTeK Computer Inc.)
SRV - (DTSAudioSvc) -- C:\Programme\Realtek\Audio\HDA\DTSU2PAuSrv64.exe (DTS, Inc)
SRV - (AxAutoMntSrv) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\AxAutoMntSrv.exe (Alcohol Soft Development Team)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (asComSvc) -- C:\Program Files (x86)\ASUS\AXSP\1.00.18\atkexComSvc.exe ()
SRV - (CTAudSvcService) -- C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe (Creative Technology Ltd)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (NAUpdate) -- C:\Program Files (x86)\Nero\Update\NASvc.exe (Nero AG)
SRV - (StarWindServiceAE) -- C:\Program Files (x86)\Alcohol Soft\Alcohol 120\StarWind\StarWindServiceAE.exe (StarWind Software)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (SANDRA) -- C:\Program Files\SiSoftware\SiSoftware Sandra Lite 2013.SP2\WNt500x64\Sandra.sys File not found
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (Vsdatant) -- C:\Windows\SysNative\drivers\vsdatant.sys (Check Point Software Technologies LTD)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BcmVWL) -- C:\Windows\SysNative\drivers\bcmvwl64.sys (Broadcom Corporation)
DRV:64bit: - (KLIF) -- C:\Windows\SysNative\drivers\klif.sys (Kaspersky Lab)
DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation)
DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation)
DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation)
DRV:64bit: - (UHSfiltv) -- C:\Windows\SysNative\drivers\UHSfiltv.sys (Creative Technology Ltd.)
DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation)
DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (asahci64) -- C:\Windows\SysNative\drivers\asahci64.sys (Asmedia Technology)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (Netaapl) -- C:\Windows\SysNative\drivers\netaapl64.sys (Apple Inc.)
DRV:64bit: - (bcbtums) -- C:\Windows\SysNative\drivers\bcbtums.sys (Broadcom Corporation.)
DRV:64bit: - (mv91cons) -- C:\Windows\SysNative\drivers\mv91cons.sys (Marvell Semiconductor Inc.)
DRV:64bit: - (mv91xx) -- C:\Windows\SysNative\drivers\mv91xx.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (BTWDPAN) -- C:\Windows\SysNative\drivers\btwdpan.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (ioatdma2) -- C:\Windows\SysNative\drivers\qd262x64.sys (Intel Corporation)
DRV:64bit: - (ioatdma1) -- C:\Windows\SysNative\drivers\qd162x64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (LGPBTDD) -- C:\Windows\SysNative\drivers\LGPBTDD.sys (Logitech Inc.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ISWKL) -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys (Check Point Software Technologies)
DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software)
DRV - (CFRMD) -- C:\Windows\SysWOW64\drivers\CFRMD.sys (Windows (R) Win 7 DDK provider)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{40A2848A-BE74-4D09-902B-064F8C0483AB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{40A2848A-BE74-4D09-902B-064F8C0483AB}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://nmd.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 29 4E B8 BD 26 01 CE 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaultenginename,S: S", ""
FF - prefs.js..browser.search.defaultthis.engineName: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.order.1,S: S", ""
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.selectedEngine,S: S", ""
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/"
FF - prefs.js..extensions.enabledAddons: UjmcOUshkBS5D7k%40qh8QRM8F.com:11
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.gopher: ""
FF - prefs.js..network.proxy.gopher_port: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/Lync,version=15.0: C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office15\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3503.0728: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2013.04.07 15:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2013.04.07 15:36:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:43:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:43:30 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.11 23:43:32 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.11 23:43:30 | 000,000,000 | ---D | M]
 
[2012.12.04 13:10:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Extensions
[2013.04.29 12:56:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\Firefox\Profiles\q8s81j6k.default\extensions
[2013.02.28 05:03:19 | 000,003,265 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\q8s81j6k.default\extensions\UjmcOUshkBS5D7k@qh8QRM8F.com.xpi
[2013.04.08 05:28:39 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Markus\AppData\Roaming\mozilla\firefox\profiles\q8s81j6k.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.04.11 23:43:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.11 23:43:32 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2013.01.11 04:06:08 | 000,033,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
 
O1 HOSTS File: ([2013.04.29 15:55:25 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1      localhost
O2:64bit: - BHO: (Lync Browser Helper) - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office15\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Programme\Microsoft Office\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office15\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Microsoft SkyDrive Pro Browser Helper) - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\PROGRA~2\MICROS~4\Office15\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\Trustchecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Programme\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RtHDVBg_DTS] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [ASUS WiFi GO! FileTransfer Execute] C:\Program Files (x86)\ASUS\AI Suite II\Wi-Fi GO!\AssistTools\WiFile\WiFileTransfer.exe (ASUSTeK Computer Inc.)
O4 - HKLM..\Run: [gbrspcontrol] C:\Program Files (x86)\Common Files\COMODO\GeekBuddyRSP.exe (Comodo Security Solutions, Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - Startup: C:\Users\Markus\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office15\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office15\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Lync: Anruf per Mausklick - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Programme\Microsoft Office\Office15\OCHelper.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office15\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} hxxp://ccfiles.creative.com/Web/softwareupdate/su/ocx/15102/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/121022/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{714A5B49-B63A-45E2-8C6F-C248B7B92B02}: DhcpNameServer = 212.186.211.21 195.34.133.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C876299D-C36B-4860-BE3F-47D5CF2C54B7}: DhcpNameServer = 213.94.78.16 213.94.78.17
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FF48319F-9DBE-4DD9-BBE3-38F4CAA06568}: DhcpNameServer = 212.186.211.21 195.34.133.21
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\osf {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Programme\Microsoft Office\Office15\MSOSB.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807583E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE15\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2013.04.29 15:58:31 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.29 15:56:30 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.29 13:02:47 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.29 13:02:47 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.29 13:02:47 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.29 13:00:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.29 13:00:04 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.29 12:58:26 | 000,000,000 | ---D | C] -- C:\Users\Markus\Desktop\Trojaner
[2013.04.29 12:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2013.04.29 12:29:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2013.04.29 12:29:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Catalyst Control Center
[2013.04.29 12:28:06 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.04.29 12:26:29 | 000,000,000 | ---D | C] -- C:\AMD
[2013.04.27 13:10:05 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Malwarebytes
[2013.04.27 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.27 13:09:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.27 13:09:53 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.27 13:09:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.22 19:35:03 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.04.22 19:35:03 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.04.22 19:35:03 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.04.22 19:31:50 | 000,000,000 | ---D | C] -- C:\Riot Games
[2013.04.22 18:42:34 | 000,000,000 | ---D | C] -- C:\LoL
[2013.04.22 18:41:35 | 000,000,000 | ---D | C] -- C:\Users\Markus\.swt
[2013.04.20 09:37:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2013.04.20 09:37:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ATI Technologies
[2013.04.20 09:37:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ATI Technologies
[2013.04.20 09:36:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2013.04.20 09:35:36 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2013.04.20 09:35:22 | 000,691,592 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.20 09:35:22 | 000,071,048 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.19 16:33:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.04.19 16:33:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.04.18 16:37:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\COMODO
[2013.04.13 20:41:05 | 000,000,000 | ---D | C] -- C:\aweff
[2013.04.12 00:32:39 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\Diablo III
[2013.04.12 00:09:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[2013.04.12 00:09:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Diablo III
[2013.04.11 23:43:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.10 03:01:20 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 03:01:20 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 03:01:19 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 03:01:19 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.04.10 03:01:19 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.04.10 03:01:19 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.04.10 03:01:19 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.04.10 03:01:19 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.04.10 03:01:19 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.04.10 03:01:19 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.04.10 03:01:19 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.04.10 03:01:19 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.04.10 03:01:17 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.04.10 03:01:17 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.04.10 03:01:17 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.04.09 22:21:03 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.09 22:21:03 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.09 22:21:03 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.09 22:21:02 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.09 22:21:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.09 22:21:02 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013.04.09 02:11:48 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Curse Advertising
[2013.04.08 05:24:18 | 000,037,664 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll
[2013.04.08 05:24:18 | 000,029,984 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll
[2013.04.08 05:20:45 | 000,035,104 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2013.04.08 05:20:45 | 000,026,400 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2013.04.08 05:20:45 | 000,021,792 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2013.04.08 05:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013
[2013.04.08 05:10:44 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\Systweak
[2013.04.08 05:10:42 | 000,020,488 | ---- | C] (Systweak Inc., (www.systweak.com)) -- C:\Windows\SysNative\roboot64.exe
[2013.04.08 05:10:26 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Local\Google
[2013.04.08 05:02:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BioShock Infinite
[2013.04.07 15:36:03 | 000,000,000 | ---D | C] -- C:\Users\Markus\Documents\ForceField Shared Files
[2013.04.07 15:36:02 | 000,000,000 | ---D | C] -- C:\Users\Markus\AppData\Roaming\CheckPoint
[2013.04.07 15:35:56 | 000,000,000 | ---D | C] -- C:\Program Files\CheckPoint
[2013.04.07 15:35:50 | 000,611,160 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys
[2013.04.07 15:35:50 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys
[2013.04.07 15:35:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Check Point
[2013.04.07 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CheckPoint
[2013.04.07 15:33:53 | 000,000,000 | ---D | C] -- C:\ProgramData\CheckPoint
[2013.04.07 14:34:47 | 000,000,000 | ---D | C] -- C:\VTRoot
[2013.04.07 14:32:54 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO
[2013.04.07 14:32:48 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO
[2013.04.07 14:32:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Comodo
[2013.04.07 14:32:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Comodo
[2013.04.07 14:32:32 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.04.07 14:32:32 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.04.07 14:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader
[2013.04.05 02:21:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SQUARE ENIX
[2013.04.05 02:21:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FF14
[2013.04.02 02:19:55 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.02 02:19:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.02 02:19:52 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.02 02:19:52 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.29 16:11:12 | 000,000,222 | ---- | M] () -- C:\Users\Markus\Desktop\Dead Island Riptide.url
[2013.04.29 16:05:53 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 16:05:53 | 000,021,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.29 16:04:40 | 001,646,938 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.29 16:04:40 | 000,709,314 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.29 16:04:40 | 000,662,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.29 16:04:40 | 000,153,750 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.29 16:04:40 | 000,125,582 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.29 15:57:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.29 15:55:25 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.29 15:33:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.29 12:41:30 | 000,000,020 | ---- | M] () -- C:\Users\Markus\defogger_reenable
[2013.04.27 13:09:54 | 000,001,116 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.25 17:50:33 | 000,004,489 | -H-- | M] () -- C:\Windows\SysWow64\BTImages.dat
[2013.04.25 17:03:59 | 000,000,219 | ---- | M] () -- C:\Users\Markus\Desktop\Dota 2.url
[2013.04.25 17:03:59 | 000,000,193 | ---- | M] () -- C:\Users\Markus\Desktop\Dota 2 Test.url
[2013.04.23 16:22:14 | 000,028,009 | ---- | M] () -- C:\Users\Markus\Desktop\19199_000.jpg
[2013.04.22 19:35:04 | 000,001,729 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.04.21 09:57:24 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.04.21 09:57:24 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.04.20 09:16:16 | 000,188,713 | ---- | M] () -- C:\Users\Markus\Desktop\agcLogonewAlpha.gif
[2013.04.19 16:39:03 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130419-164107.backup
[2013.04.19 16:37:38 | 000,444,830 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.20130419-163903.backup
[2013.04.18 16:37:12 | 000,002,054 | ---- | M] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.04.18 16:37:12 | 000,002,050 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.04.18 16:37:12 | 000,002,050 | ---- | M] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.04.12 00:10:08 | 000,001,165 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.04.11 16:07:15 | 000,191,571 | ---- | M] () -- C:\Users\Markus\Desktop\Unbenannt1.jpg
[2013.04.10 04:25:01 | 000,441,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.08 16:56:05 | 000,000,767 | ---- | M] () -- C:\Users\Markus\Documents\ax_files.xml
[2013.04.08 05:20:42 | 000,002,216 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.08 05:20:42 | 000,002,196 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.08 05:19:23 | 000,002,242 | ---- | M] () -- C:\Users\Public\Desktop\Launch BioShock Infinite.lnk
[2013.04.08 05:10:41 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2013.04.07 15:38:39 | 000,417,507 | ---- | M] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.04.07 15:30:39 | 000,434,720 | ---- | M] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.07 15:12:49 | 000,098,606 | ---- | M] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.04.07 14:32:32 | 001,700,352 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\gdiplus.dll
[2013.04.07 14:32:32 | 001,060,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mfc71.dll
[2013.04.05 02:22:00 | 000,002,653 | ---- | M] () -- C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn (Beta Version).lnk
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.02 02:19:49 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.04.02 02:19:49 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.04.02 02:19:49 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.04.02 02:19:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.04.02 02:19:49 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.04.02 02:19:49 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.03.31 15:16:07 | 000,305,958 | ---- | M] () -- C:\Users\Markus\Desktop\Unbenannt.jpg
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.29 16:11:12 | 000,000,222 | ---- | C] () -- C:\Users\Markus\Desktop\Dead Island Riptide.url
[2013.04.29 13:02:47 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.29 13:02:47 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.29 13:02:47 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.29 13:02:47 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.29 13:02:47 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.29 12:41:30 | 000,000,020 | ---- | C] () -- C:\Users\Markus\defogger_reenable
[2013.04.27 13:09:54 | 000,001,116 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.04.25 17:03:59 | 000,000,219 | ---- | C] () -- C:\Users\Markus\Desktop\Dota 2.url
[2013.04.25 17:03:59 | 000,000,193 | ---- | C] () -- C:\Users\Markus\Desktop\Dota 2 Test.url
[2013.04.23 16:22:13 | 000,028,009 | ---- | C] () -- C:\Users\Markus\Desktop\19199_000.jpg
[2013.04.22 19:35:04 | 000,001,729 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2013.04.20 09:35:25 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.20 09:16:15 | 000,188,713 | ---- | C] () -- C:\Users\Markus\Desktop\agcLogonewAlpha.gif
[2013.04.18 16:37:12 | 000,002,054 | ---- | C] () -- C:\Users\Public\Desktop\AntiError.lnk
[2013.04.18 16:37:12 | 000,002,050 | ---- | C] () -- C:\Users\Public\Desktop\GeekBuddy.lnk
[2013.04.12 00:09:56 | 000,001,165 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2013.04.11 16:07:15 | 000,191,571 | ---- | C] () -- C:\Users\Markus\Desktop\Unbenannt1.jpg
[2013.04.10 02:19:30 | 000,004,489 | -H-- | C] () -- C:\Windows\SysWow64\BTImages.dat
[2013.04.08 05:20:42 | 000,002,216 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2013.04.08 05:20:42 | 000,002,208 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2013.lnk
[2013.04.08 05:20:42 | 000,002,196 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2013.lnk
[2013.04.08 05:19:23 | 000,002,242 | ---- | C] () -- C:\Users\Public\Desktop\Launch BioShock Infinite.lnk
[2013.04.07 15:36:05 | 000,417,507 | ---- | C] () -- C:\Windows\SysNative\drivers\vsconfig.xml
[2013.04.07 14:43:21 | 000,002,050 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Start GeekBuddy.lnk
[2013.04.07 14:40:44 | 000,098,606 | ---- | C] () -- C:\Windows\SysNative\drivers\fvstore.dat
[2013.04.07 14:34:23 | 000,434,720 | ---- | C] () -- C:\Windows\SysNative\drivers\sfi.dat
[2013.04.05 02:22:00 | 000,002,653 | ---- | C] () -- C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn (Beta Version).lnk
[2013.03.31 15:16:07 | 000,305,958 | ---- | C] () -- C:\Users\Markus\Desktop\Unbenannt.jpg
[2013.03.29 04:13:14 | 000,798,734 | ---- | C] () -- C:\Windows\SysWow64\amdocl_ld32.exe
[2013.03.29 04:13:12 | 000,995,342 | ---- | C] () -- C:\Windows\SysWow64\amdocl_as32.exe
[2013.03.16 16:35:42 | 000,246,272 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2013.03.16 16:35:42 | 000,074,240 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2013.02.15 19:24:37 | 000,000,094 | ---- | C] () -- C:\Users\Markus\AppData\Local\fusioncache.dat
[2012.12.07 16:39:20 | 000,000,000 | ---- | C] () -- C:\Users\Markus\AppData\Roaming\.NANotifyHere
[2012.12.03 16:45:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.03 15:35:21 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.12.03 15:35:16 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.12.03 15:28:19 | 000,074,107 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.12.03 15:27:23 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.12.03 15:27:12 | 000,049,875 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.12.03 14:55:31 | 001,672,858 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.11.04 21:25:59 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.04 21:25:56 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.11.04 21:25:52 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.09.28 05:12:10 | 000,002,302 | ---- | C] () -- C:\Windows\UHScfg.ini
[2012.09.28 05:12:10 | 000,000,388 | ---- | C] () -- C:\Windows\UHSMCcfg.ini
[2012.09.28 05:12:10 | 000,000,238 | ---- | C] () -- C:\Windows\UHSConfig.ini
[2012.06.19 19:52:42 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.07.12 18:57:17 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.07.12 18:57:17 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
Extra:
Code:
OTL Extras logfile created on: 29.04.2013 16:12:23 - Run 2
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\Markus\Desktop\Trojaner
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,95 Gb Total Physical Memory | 5,24 Gb Available Physical Memory | 65,91% Memory free
15,89 Gb Paging File | 12,91 Gb Available in Paging File | 81,23% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 919,50 Gb Total Space | 396,71 Gb Free Space | 43,14% Space Free | Partition Type: NTFS
 
Computer Name: MARKUS-PC | User Name: Markus | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0116D8CF-F4DA-48ED-9645-BF968D80F9C9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{057B5207-0663-4D0A-9B4F-F876F58C62E3}" = rport=138 | protocol=17 | dir=out | app=system |
"{0ADA5616-7E87-4D8B-BC11-BC3A57271F16}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{10016627-ECE9-4839-8402-9A8D5809A51C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{1007F53E-B0E4-4EEC-9A6A-B6CFC5A692B2}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{12FED12C-2E63-45E0-AF72-44D96A9D4294}" = lport=445 | protocol=6 | dir=in | app=system |
"{156413BC-A27A-46CD-908D-90B74A612701}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{19AAF5D6-1481-4EF8-9FF5-AB36A46A6F8C}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{19B9F202-C131-46B2-9936-821BE2CD371E}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{1F79B60B-5083-47E5-802F-4D91263A30DF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{219908CB-148C-457E-ABB3-34D5C75C9A09}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{235DC2BB-7DF4-47D4-ACDF-FD555596A72D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{25AF86E5-BC74-4915-9CF1-1F30E31D5CC4}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{2A6D6316-6374-4EA9-8903-DE11D0194F93}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3051BAED-6FAD-483D-97A9-1E5A791E311C}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{3825AC87-2D8D-4017-A67D-5E1B845EBB18}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{459C43CA-B30B-496E-A610-B062A4AAA355}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{49380573-2A35-4AF0-9445-39F6D62D3762}" = rport=10243 | protocol=6 | dir=out | app=system |
"{49721035-88C3-4E55-A0E4-07D16B27129E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{59AB9909-B889-46CE-8BD8-36EEC0F8AAB4}" = lport=138 | protocol=17 | dir=in | app=system |
"{604CB83A-CAE4-4719-A226-C195179ED863}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{73AAD80E-7D9D-4970-90D3-D1143F6191B3}" = rport=137 | protocol=17 | dir=out | app=system |
"{763821BC-6987-4E95-9295-FBA418CA131E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{7EDB6EF8-D596-4824-9931-A6EE3E84825E}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{844E2C11-4217-4496-9E86-39DA67CC3685}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{8F62F4DD-D762-4B51-9459-AB97895BCF92}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office15\outlook.exe |
"{9BEB4B33-1255-47E6-9571-251B27A9BF4D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{9C6815F0-F603-45A5-A109-950C929D6990}" = lport=139 | protocol=6 | dir=in | app=system |
"{A367B897-35C8-464C-90F8-3393DCDCDFD5}" = lport=137 | protocol=17 | dir=in | app=system |
"{A64DC111-A026-4E1D-AC90-8C98F860CCC1}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A6890FAD-5871-46BC-9601-01455D8A74BE}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A75F5C0A-A6D9-4DD4-A343-248E6DFB9C88}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{A9191926-6A7E-439A-8608-1CB165E184EA}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{AA3C9B51-79A4-4C13-8D92-807401F7A3CB}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{B4712E8E-CD51-4E4C-A67C-1D4013A95176}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{BBD2FF5F-FB50-4AF5-AA84-552EACCD8CCA}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC057A12-5E50-4331-90EC-E1F1DF819B89}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{BE126586-7D3D-47F9-A6E8-2D3020BB0B6B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C155D94B-7C8E-4D9B-B1D4-F45239FB6AAF}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{C9B7B359-DFAD-4889-9DC6-D0BDB6CA7E6B}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D23FB9F6-8234-457F-BF96-A8F9BE1B4DC7}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E093C999-1D1B-4280-B04B-56041859981B}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E3789029-5B00-4B13-B9C8-64A1FCE8481A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E395F633-C8A3-4AD4-BB2D-13EF29E3B8C0}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{E737484B-DB50-40A8-BAA2-735D0A6B5223}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E7FD21BF-97E7-43DE-8BF9-980D84E9D1B5}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E897BAF3-AF5B-4F50-ACC9-0BBB5DB2944A}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{EC3C5770-CB23-4D71-BE3B-A06E96199375}" = rport=139 | protocol=6 | dir=out | app=system |
"{F3CA84E2-35BB-4425-B4A7-786FD0561AC4}" = rport=445 | protocol=6 | dir=out | app=system |
"{F946797D-A2EC-47EF-9DCF-EC348B4D4714}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{FEB70661-BD65-435C-A923-6AE44271C24D}" = lport=4000 | protocol=6 | dir=out | app=c:\program files (x86)\dll-files.com fixer\dllfixer.exe |
"{FF293C89-9EF1-46E6-B22F-4F934D69FA29}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05B29253-BF70-4EE1-9259-728427105630}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{05E1E433-6F9F-4063-B9C0-FB8269030D01}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\chess.exe |
"{0CF3F13B-871D-466A-A57A-32119A5868A1}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{118FB52B-2B3B-4761-9B67-778696859C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{1497A505-7DBE-48AC-A4BF-A4C01C2EA698}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{163DD510-AC93-48D3-8159-A310C5CE94C7}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\easychat.exe |
"{1AE90269-5525-4CDE-840B-546A0F4858EA}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{1F2AF8BA-7FAB-4519-BD64-962212664D43}" = protocol=6 | dir=out | app=system |
"{1F3F8F84-2EDD-490F-9D89-0BEBE450AC1B}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\xcom-enemy-unknown\binaries\win32\xcomgame.exe |
"{20141344-BB0D-40E6-ADA5-734AD0DE9E66}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{203A0789-F9D3-45DA-9B65-B8E7F97EB535}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{25188BAD-2456-4B95-8983-C662B6E7743D}" = protocol=6 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{287A4299-BF33-424C-B196-64778CCCE343}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{28A4DD48-DEBA-490F-8093-F9A7AEFA85E2}" = protocol=17 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{299D5751-2444-40B6-9E40-D17E606D92CB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{2B255A48-A8E6-423A-9F6E-99210A5DEE1D}" = protocol=6 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{2C91321F-E555-446E-8639-A4BC51756F07}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{302A73A9-3952-4EF3-8F71-833D3D0EC6FA}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{32D544F0-43EF-44F4-8E33-463F5A639BF4}" = protocol=6 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivboot.exe |
"{3671E9F4-19FE-4361-9297-AE2545A83C18}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{37CFB71C-394F-48A1-959F-C9A31528E9C1}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{39948B51-559A-48B5-9F0A-F7DC8A6D8249}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{39F6A2DF-E498-43E7-900C-A233D9DF0980}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{3A945920-8B01-4F28-A383-93B011C2892C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{3B837596-C80D-416D-8BB3-A32A23E99FAC}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{40A833AB-6AAF-4499-88B7-273097C5AD09}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{428FA699-C822-4039-A906-A854CF714C85}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{45C14D02-D1B7-4CBD-B5C2-ED96BCA0F2A6}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\checkers.exe |
"{4645B95A-72C2-4B08-BFE2-C5C07E609A67}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{46E60941-F607-4940-B587-0F21A3CCF196}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
"{48C02431-29F1-4565-8966-EBC888B6EAD2}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\backgammon.exe |
"{4D7D6075-2BBC-4F34-8A8A-CA376AA201FE}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{538A6EB5-4D19-4875-8E73-D772D3351903}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{5624D3E2-C637-4FBF-9069-AB567A3EBAE4}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{573C4F02-8480-4FFD-A7DF-4274E5A2DE8A}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\ai suite ii.exe |
"{57C6E5C7-CC00-4F9E-9FEA-00954B37ADD0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5A9EC0B5-52C8-49C3-823E-12FFA33DE2ED}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6A57727B-45E4-4D3A-999B-C0BE6A8FC48E}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\tictactoe.exe |
"{6B6A2ACB-376F-431A-9FCA-5694101CFB23}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{74458F48-006A-4BA1-9B68-A6E6D53DAFF1}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{81D72965-931C-48B8-BDBB-222C40A7D4AA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{843219BF-34EF-4CC3-885C-29A57F60DDD3}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{84A7F276-5114-4C5F-8EDD-809485C83749}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{854C8066-D4F1-4F92-849B-D5EB0F8E2747}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 test\dota.exe |
"{85FF3835-4561-4C35-86F7-287D5A61061A}" = dir=in | app=c:\program files\widcomm\bluetooth software\easybits games\seabattle.exe |
"{8CE46A7C-841B-4F95-B63F-D36F0FD47B60}" = protocol=17 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{96B94B27-2A39-431E-AC0F-1598F7F159BA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dota 2 beta\dota.exe |
"{99245D46-E36F-4A26-B1E1-12AAF1AF2AF2}" = protocol=17 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe |
"{A01B475F-C6B5-4111-B23B-7D46B97D2B3B}" = protocol=17 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\boot\ffxivlauncher.exe |
"{A4D109CE-072A-4937-ABBA-7FE55A1D9F88}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii.exe |
"{AC0F52C1-644C-4EE6-B30D-6C9172FEC880}" = protocol=17 | dir=in | app=c:\program files (x86)\common files\comodo\geekbuddyrsp.exe |
"{ACFB70DD-CF49-4831-9A67-89C65453EEFA}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\mass effect 3\binaries\win32\masseffect3.exe |
"{AEFA362B-2932-4A9C-9754-7B2C5D6BEEC7}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{AF0197E1-5366-468C-845B-5068AE90BC4C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{AF10B33B-BA16-4EE6-8F24-A337FBAB7D28}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\lync.exe |
"{B4747960-669D-46A0-9C29-C6EF10E18B75}" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{B768B981-00EE-4EE0-9DC9-F8C58E4895B1}" = protocol=6 | dir=in | app=c:\program files (x86)\origin games\simcity\simcity\simcity.exe |
"{BA8F9607-8D5A-401A-853D-2B5E72D691F7}" = protocol=17 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe |
"{C027672F-55F4-4C8C-9479-1DE62D28CE14}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{C35AC962-A92C-47A1-9DC1-5BC05E535810}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C401A5B6-395A-484D-953F-46CC2AE019CD}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C84E2DDB-8390-46FD-B991-7663794B5B68}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\diriptide\deadislandgame_x86_rwdi.exe |
"{CBA6BBE2-24AD-4935-9F1A-244B9412EDDF}" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\starcraft ii public test.exe |
"{D0C15B3C-D191-466E-9AC3-FE0428D3BEA8}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D80B3DF0-81EC-4060-A51E-B178F23360A8}" = protocol=1 | dir=in | name=sisoftware sandra agent service (icmp-in) |
"{D99DA380-78E2-435E-B369-82E4934DD044}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{DE2F46A1-CEDC-4FA9-B015-D4566C1A8321}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{E056986C-021A-4FC0-B693-EE2F0E2F8F3B}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1737\agent.exe |
"{E158EFBA-83A2-4A40-9E3E-FF5F770DD56E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E22DE688-2217-4636-914C-9BDFB6831736}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office15\ucmapi.exe |
"{E2DD9870-2B17-4A77-B542-FFA5D5459C84}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E3293467-7A7D-44B5-93C0-517704486A16}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{E4B86C0E-DDB8-4731-AEA3-66B9A81360E7}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ECC6FCF3-08AE-4151-ACEF-2A9DBD6BD360}" = protocol=6 | dir=in | app=c:\program files (x86)\asus\ai suite ii\wi-fi go!\assisttools\wifi go! server.exe |
"{ED2A60A5-DEA6-4E68-9FA2-D7C770AAC9B0}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{EFB69622-BD53-4DB9-82D1-4ACCDEEED02A}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{F249DFE7-C548-46A3-B977-F68333A319AF}" = protocol=6 | dir=in | app=c:\program files (x86)\upc austria\install master\upc_install_master.exe |
"{F84BBF8D-3B91-413A-8FA0-A51771B0375E}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{FCD0F4F6-F664-412F-813F-40A8F57C005A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{200F9318-08E2-40D7-9CB5-36F3B2E3BDD8}C:\users\markus\downloads\nw.1.20130128a.11.exe" = protocol=6 | dir=in | app=c:\users\markus\downloads\nw.1.20130128a.11.exe |
"TCP Query User{2295834D-8CBF-4A30-95E1-7CF726F44D8B}C:\users\markus\downloads\gunblade-dlm.exe" = protocol=6 | dir=in | app=c:\users\markus\downloads\gunblade-dlm.exe |
"TCP Query User{38FD8E30-1141-4C4F-A522-B980BB9B2E7C}C:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"TCP Query User{5CA0EA8F-C7D3-4ED2-AE79-9537F714FB61}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"TCP Query User{6EF9FA03-B2F9-4CD9-8CC4-CEF389627AA4}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{9ED0879F-CFFE-437C-87BC-DDABC69DDB59}C:\cryptic studios\neverwinter\live\gameclient.exe" = protocol=6 | dir=in | app=c:\cryptic studios\neverwinter\live\gameclient.exe |
"TCP Query User{DFD5CC82-8462-4637-A1B0-0CB005F64C3C}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{0C060C46-7B89-4837-AE6F-7FAB62315939}C:\cryptic studios\neverwinter\live\gameclient.exe" = protocol=17 | dir=in | app=c:\cryptic studios\neverwinter\live\gameclient.exe |
"UDP Query User{15810FA7-85BC-467C-B5A5-B2E1437A5FB1}C:\program files (x86)\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\guild wars 2\gw2.exe |
"UDP Query User{93523668-CD6A-4BD1-970B-6B5E29159C6E}C:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ff14\squareenix\final fantasy xiv - a realm reborn (beta version)\game\ffxiv.exe |
"UDP Query User{A58008D7-B03A-4547-9F07-CA931B0AF61A}C:\program files (x86)\starcraft ii\versions\base24944\sc2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\starcraft ii\versions\base24944\sc2.exe |
"UDP Query User{B02D0FB6-8DE9-40A7-9948-32E8F32A3BA2}C:\users\markus\downloads\nw.1.20130128a.11.exe" = protocol=17 | dir=in | app=c:\users\markus\downloads\nw.1.20130128a.11.exe |
"UDP Query User{CF06EEDC-8E67-480B-BF10-F6B98534D63E}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{D72E9F6C-A289-40FE-B451-F739E4AF7E60}C:\users\markus\downloads\gunblade-dlm.exe" = protocol=17 | dir=in | app=c:\users\markus\downloads\gunblade-dlm.exe |
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{003B37AE-21F5-5BC5-F5EB-CD60A8928696}" = AMD Accelerated Video Transcoding
"{0225AD21-F3E2-4916-BFF3-65D3F9052582}" = iTunes
"{04573C2A-8756-E9F0-7878-C6029F6C7F25}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{1AD147D0-BE0E-3D6C-AC11-64F6DC4163F1}" = Microsoft .NET Framework 4.5
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417015FF}" = Java 7 Update 15 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{57DD35E9-D9BB-4089-BB05-EF933C586CB3}" = Broadcom InConcert Maestro
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{653B9326-BD45-53BE-681A-A49CAAEE8A3C}" = ccc-utility64
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{6E7F4CA3-B2DE-413C-A7A1-43AA5BE19EA1}" = WIDCOMM Bluetooth Software
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90150000-0015-0407-1000-0000000FF1CE}" = Microsoft Access MUI (German) 2013
"{90150000-0016-0407-1000-0000000FF1CE}" = Microsoft Excel MUI (German) 2013
"{90150000-0018-0407-1000-0000000FF1CE}" = Microsoft PowerPoint MUI (German) 2013
"{90150000-0019-0407-1000-0000000FF1CE}" = Microsoft Publisher MUI (German) 2013
"{90150000-001A-0407-1000-0000000FF1CE}" = Microsoft Outlook MUI (German) 2013
"{90150000-001B-0407-1000-0000000FF1CE}" = Microsoft Word MUI (German) 2013
"{90150000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Korrekturhilfen 2013 - Deutsch
"{90150000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - English
"{90150000-001F-040C-1000-0000000FF1CE}" = Outils de vérification linguistique 2013 de Microsoft Office*- Français
"{90150000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proofing Tools 2013 - Italiano
"{90150000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2013
"{90150000-0044-0407-1000-0000000FF1CE}" = Microsoft InfoPath MUI (German) 2013
"{90150000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2013
"{90150000-0090-0407-1000-0000000FF1CE}" = Microsoft DCF MUI (German) 2013
"{90150000-00A1-0407-1000-0000000FF1CE}" = Microsoft OneNote MUI (German) 2013
"{90150000-00BA-0407-1000-0000000FF1CE}" = Microsoft Groove MUI (German) 2013
"{90150000-00C1-0000-1000-0000000FF1CE}" = Microsoft Office 32-bit Components 2013
"{90150000-00C1-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2013
"{90150000-00E1-0407-1000-0000000FF1CE}" = Microsoft Office OSM MUI (German) 2013
"{90150000-00E2-0407-1000-0000000FF1CE}" = Microsoft Office OSM UX MUI (German) 2013
"{90150000-012B-0407-1000-0000000FF1CE}" = Microsoft Lync MUI (German) 2013
"{91150000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2013
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{977D1ABF-4089-4CA7-BA33-CC75808B7ACE}" = Intel® Trusted Connect Service Client
"{9AB0D5B6-4779-8C4F-CA91-A1FEDB56D7EC}" = AMD Catalyst Install Manager
"{AAFE68DD-A2D5-BDBF-E1B2-CB01DEFD6EB0}" = AMD Media Foundation Decoders
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{CE52672C-A0E9-4450-8875-88A221D5CD50}" = Windows Live ID Sign-in Assistant
"{D54ADF6B-2164-4394-AF70-2778422E9DD8}" = Intel(R) Network Connections 17.4.95.0
"{F842F8B0-6942-4930-821F-543E976B2C66}" = MSVCRT110_amd64
"0D67E68137594F860C6712BEED012C751CF0CEA1" = Windows-Treiberpaket - Marvell Inc. System  (10/12/2011 1.2.0.1016)
"240BB28E74B329EFB17394F360F9BAF50AF54729" = Windows-Treiberpaket - Marvell Semiconductor Inc. (mv91cons) System  (10/12/2011 1.2.0.1016)
"3BEB4E6B8B7551C65A3625F56B382E01416A19C9" = Windows-Treiberpaket - Marvell Inc. (mv91xx) SCSIAdapter  (10/12/2011 1.2.0.1016)
"9408E68BC8A20B75E31B2992F0B23CEAF9743213" = Windows-Treiberpaket - Asmedia Technology (asahci64) hdc  (07/18/2012 1.3.8.000)
"Broadcom Wireless Utility" = Broadcom Wireless Utility
"C5447D3383070620C3892FF393F522D6225CBA13" = Windows-Treiberpaket - Intel Corporation (iaStorA) HDC  (09/01/2012 11.6.0.1030)
"F9F15A450A238282ACAE7B69A18C8395A48659E3" = Windows-Treiberpaket - Intel Corporation (iaStorA) SCSIAdapter  (09/01/2012 11.6.0.1030)
"Logitech Gaming Software" = Logitech Gaming Software 8.40
"Office15.PROPLUSR" = Microsoft Office Professional Plus 2013
"PROSetDX" = Intel(R) Network Connections 17.4.95.0
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.20 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{1057511B-F8FE-4230-9ED3-AB949A57EE4A}" = Windows Live PIMT Platform
"{13464292-6666-B2DB-1B0C-A3FE14DAD1F9}" = CCC Help Dutch
"{16456401-9621-4F3D-836A-59EA425C471D}" = ZoneAlarm Security
"{1E03DB52-D5CB-4338-A338-E526DD4D4DB1}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F7FB68F-52F6-46A3-B42F-38CE46295AE5}" = Nero MediaHub 10
"{237CCB62-8454-43E3-B158-3ACD0134852E}" = High-Definition Video Playback
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2436F2A8-4B7E-4B6C-AE4E-604C84AA6A4F}" = Nero Core Components 10
"{24ADC5BE-8B82-426F-8779-2308B54B00EE}" = ZoneAlarm Antivirus
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17
"{29315CEC-E6CE-4394-84DC-6F862E8D9A52}" = Windows Live UX Platform
"{2FAFE37E-D796-47B8-BA8F-D09819B12DF6}" = Windows Live Essentials
"{33643918-7957-4839-92C7-EA96CB621A98}" = Nero Express 10 Help (CHM)
"{338CD56F-1CDC-CF32-33F6-DED2DF92284E}" = CCC Help French
"{34490F4E-48D0-492E-8249-B48BECF0537C}" = Nero DiscSpeed 10
"{34D3688E-A737-44C5-9E2A-FF73618728E1}" = AI Suite II
"{43FBAB46-5969-4200-9958-1FF81FEE506F}" = Nero 10 Movie ThemePack 1
"{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support
"{46458556-5C46-79A9-A6FF-81DF1F8B2729}" = CCC Help Hungarian
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F9A382F-4478-4036-905C-F77DF2EA0370}" = Windows Live SOXE
"{4FA8F084-C42F-45E1-B7E5-E0C8A1083DC5}" = Windows Live SOXE Definitions
"{519D68B8-A768-4CDC-E4C9-B115D49CED93}" = CCC Help Norwegian
"{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module
"{51D383BC-D988-8C1E-FAA1-BC5260A32A87}" = CCC Help Polish
"{523B2B1B-D8DB-4B41-90FF-C4D799E2758A}" = Nero ControlCenter 10 Help (CHM)
"{534A31BD-20F4-46b0-85CE-09778379663C}" = Mass Effect™ 3
"{555868C6-49FB-484F-BB43-8980651A1B00}" = Nero BurnRights 10 Help (CHM)
"{5A883D2B-D279-0D01-6E62-B810AFD8CC62}" = Catalyst Control Center InstallProxy
"{5B09F344-4406-11D5-96E8-0050BA84F5F7}" = Baldurs Gate(TM) II - Thron des Bhaal (TM)
"{618F39BD-9720-47CF-A89C-108AB41B1493}" = Windows Live UX Platform Language Pack
"{631141AD-79AA-447F-B403-21C704D39B8C}" = UPC Fiber Power Optimizer
"{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module
"{64DF7404-9D46-44AF-AFA1-A2F8D5648C2D}" = Windows Live Photo Common
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{66049135-9659-4AAD-9169-9CCA269EBB3E}" = Nero InfoTool 10 Help (CHM)
"{67A4760F-9804-CCF6-C319-27840ED77924}" = CCC Help Korean
"{6BE5E4A9-D88B-532D-26E6-883C32BF098A}" = CCC Help Thai
"{6DFB899F-17A2-48F0-A533-ED8D6866CF38}" = Nero Control Center 10
"{6E0D26C1-4265-1D02-4D19-D0A8F6A463F8}" = Catalyst Control Center
"{70550193-1C22-445C-8FA4-564E155DB1A7}" = Nero Express 10
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{737B13C5-990B-4339-8A4D-0FFEBBC3DB17}" = ZoneAlarm Firewall
"{76EE8FE7-1957-4C51-9074-4930A8CFB1AF}" = Windows Live Installer
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7DD62206-7B6C-E32E-BD11-B49B3B089D16}" = CCC Help Danish
"{7F682A00-6497-4551-A2A6-063AE667D1CF}" = Movie Maker
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E14DDC8-EA60-4E18-B3E3-1937104D5BDA}" = MSVCRT110
"{92000C16-939B-44CA-802F-0D552019D7C8}" = Sound Blaster Tactic(3D)
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92E25238-61A3-4ACD-A407-3C480EEF47A7}" = Nero RescueAgent 10 Help (CHM)
"{943CFD7D-5336-47AF-9418-E02473A5A517}" = Nero BurnRights 10
"{9530AE42-DAE1-4619-9594-B23487285D17}" = NVIDIA PhysX
"{9739158D-EDED-D628-9865-1460B5A7FAE3}" = CCC Help Portuguese
"{9809124C-0C4C-2367-7889-1E16D8EF1AAF}" = CCC Help Chinese Standard
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B2E55F8-5BA8-4A45-9682-ACB6F2CC0DA5}" = Photo Gallery
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C1BB613-F398-49B7-B346-5DEBA8ABBF38}" = FINAL FANTASY XIV - A Realm Reborn (Beta Version)
"{A47642B2-4CB5-4325-8093-C88D4747953F}" = GeekBuddy
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A6E1EE9D-01DD-82FD-BDBC-193BCEF9FD5C}" = CCC Help Greek
"{AB13F192-49FC-A065-F15C-746B10CC43C8}" = CCC Help Japanese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{ADEF1F0B-635E-4041-B50F-A510C1B4D2C5}" = Nero Multimedia Suite 10 Essentials
"{AE548812-D611-608D-61C6-7E40F28573A2}" = CCC Help Russian
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B19E03EA-067C-412F-A81E-271720E601AB}" = Fotogalerie
"{B27FA0A3-D80F-41A9-8BAD-C5F2D859AB22}" = Photo Common
"{BA73469B-D8C7-4FE3-B33C-1340D09F0709}" = Windows Live Communications Platform
"{BC63AEF9-1367-9F7C-5926-52E56450EDCD}" = CCC Help Spanish
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C18A0418-442A-4186-AF98-D08F5054A2FC}" = Nero DiscSpeed 10 Help (CHM)
"{C1E2D27F-B363-588E-8859-9EF7F4EBF418}" = CCC Help Chinese Traditional
"{C3273C55-E1E4-41FF-8D69-0158090DB8D8}" = Nero CoverDesigner 10 Help (CHM)
"{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}" = TuneUp Utilities 2013
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{D1F7D0DE-A172-45FB-BF16-8875A380D5E7}" = UPC Install Master
"{D71BC54E-A4E6-4E06-866C-FD6EE16EA187}" = Movie Maker
"{D76AC809-CCC1-6198-4970-A63FA5CF7DCB}" = CCC Help Swedish
"{DA675EE2-4C04-9699-0EE2-7EF9FE7AB870}" = CCC Help German
"{E06F7C95-4D68-63D9-2231-AA5F8E186FCB}" = CCC Help English
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E21A8F3C-1ACB-46B1-CE72-E9CF09549DED}" = Catalyst Control Center Localization All
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E2F52AC2-B925-C18F-E1AE-42FBD46ECAC7}" = CCC Help Czech
"{E337E787-CF61-4B7B-B84F-509202A54023}" = Nero RescueAgent 10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E649AC39-69C0-C6FE-0A54-4752DB5D1FD2}" = Catalyst Control Center Graphics Previews Common
"{E9463114-898C-7C2A-2C47-E9ABC63F5D43}" = CCC Help Finnish
"{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F412B4AF-388C-4FF5-9B2F-33DB1C536953}" = Nero InfoTool 10
"{F467862A-D9CA-47ED-8D81-B4B3C9399272}" = Nero MediaHub 10 Help (CHM)
"{F4811919-F252-4B25-9AB2-8859A85810B5}" = TuneUp Utilities Language Pack (de-DE)
"{F5CB822F-B365-43D1-BCC0-4FDA1A2017A7}" = Nero 10 Movie ThemePack Basic
"{F6117F9C-ADB5-4590-9BE4-12C7BEC28702}" = Nero StartSmart 10 Help (CHM)
"{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}" = Nero StartSmart 10
"{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}" = SimCity™
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FF10AC4D-3349-99DA-3E58-5197CEA1D833}" = CCC Help Italian
"{FFEC93FF-C162-C0C3-B5E7-01214B0E5F2D}" = CCC Help Turkish
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"BioShock Infinite_is1" = BioShock Infinite
"Cisco Connect" = Cisco Connect
"Diablo III" = Diablo III
"Guild Wars 2" = Guild Wars 2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Neverwinter" = Neverwinter
"OpenAL" = OpenAL
"Origin" = Origin
"Saints Row The Third_is1" = Saints Row The Third
"StarCraft II" = StarCraft II
"Steam App 200510" = XCOM: Enemy Unknown
"Steam App 205790" = Dota 2 Test
"Steam App 216250" = Dead Island Riptide
"Steam App 570" = Dota 2
"Steam App 72850" = The Elder Scrolls V: Skyrim
"SysInfo" = Creative Systeminformationen
"Tomb Raider Survival Edition DLC-Pack 1.0" = Tomb Raider Survival Edition DLC-Pack 1.0
"Tomb Raider Update v.1.0.718.4 1.0" = Tomb Raider Update v.1.0.718.4 1.0
"Tomb Raider_is1" = Tomb Raider
"TuneUp Utilities 2013" = TuneUp Utilities 2013
"Uplay" = Uplay
"VGhlIFdhbGtpbmcgRGVhZCBTdXJ2aXZhbCBJbnN0aW5jdCAo~1255DFC2_is1" = The Walking Dead Survival Instinct (c) Activision version 1
"VLC media player" = VLC media player 2.0.5
"WinLiveSuite" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"ZoneAlarm Free Antivirus + Firewall" = ZoneAlarm Free Antivirus + Firewall
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.04.2013 08:35:13 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 19.04.2013 23:57:08 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 20.04.2013 00:09:02 | Computer Name = Markus-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 20.0.1.4847 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1dc4    Startzeit:
 01ce3d7c08c4ab06    Endzeit: 31    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 051d92ab-a970-11e2-a874-94dbc98a8974 
 
Error - 20.04.2013 02:58:40 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.04.2013 03:32:49 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.04.2013 09:54:03 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 20.04.2013 21:02:36 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 21.04.2013 03:20:40 | Computer Name = Markus-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: WoW-64.exe, Version: 5.2.0.16826,
 Zeitstempel: 0x516376db  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
 Zeitstempel: 0x4ec4aa8e  Ausnahmecode: 0xc0000374  Fehleroffset: 0x00000000000c40f2
ID
 des fehlerhaften Prozesses: 0x1d18  Startzeit der fehlerhaften Anwendung: 0x01ce3e568c5a53be
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\World of Warcraft\WoW-64.exe
Pfad
 des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll  Berichtskennung: f843e7de-aa53-11e2-8380-94dbc98a8974
 
Error - 21.04.2013 06:37:09 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 21.04.2013 20:27:54 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 22.04.2013 08:53:26 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 22.04.2013 19:28:40 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
Error - 23.04.2013 08:05:45 | Computer Name = Markus-PC | Source = WinMgmt | ID = 10
Description =
 
Error - 23.04.2013 21:28:21 | Computer Name = Markus-PC | Source = Office 2013 Licensing Service | ID = 0
Description =
 
[ Broadcom Wireless LAN Events ]
Error - 19.03.2013 11:38:59 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 16:38:59, Tue, Mar 19, 13 Error - (CCC.exe-4816)  Unable to get interface
 information to enumerate interfaces
 
Error - 19.03.2013 11:59:02 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 16:59:02, Tue, Mar 19, 13 Error - (CCC.exe-5196)  Unable to get interface
 information to enumerate interfaces
 
Error - 25.03.2013 13:37:27 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 18:37:26, Mon, Mar 25, 13 Error - Unable to gain access to user store

 
Error - 07.04.2013 19:54:38 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 01:54:27, Mon, Apr 08, 13 Error - (CCC.exe-4844)  Unable to start peernet
 session, after 200 iterations
 
Error - 27.04.2013 10:39:06 | Computer Name = Markus-PC | Source = WLAN-Tray | ID = 0
Description = 16:39:00, Sat, Apr 27, 13 Error - (CCC.exe-4760)  Unable to start peernet
 session, after 200 iterations
 
[ System Events ]
Error - 22.04.2013 08:53:27 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 23.04.2013 08:05:05 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 24.04.2013 11:19:57 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 24.04.2013 13:18:25 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 25.04.2013 10:45:44 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 25.04.2013 10:55:17 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Steam Client Service erreicht.
 
Error - 25.04.2013 10:55:17 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Steam Client Service" wurde aufgrund folgenden Fehlers
 nicht gestartet:  %%1053
 
Error - 26.04.2013 08:03:25 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 27.04.2013 03:28:45 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
Error - 27.04.2013 06:52:30 | Computer Name = Markus-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
  CFRMD
 
 
< End of report >
Systemlook:
Code:
SystemLook 30.07.11 by jpshortstuff
Log created at 16:27 on 29/04/2013 by Markus
Administrator - Elevation successful

========== filefind ==========

Searching for "*BrowSoe2asaaveey*"
No files found.

Searching for "*SProtector*"
No files found.

Searching for "*Softonic*"
C:\Users\Markus\Downloads\SoftonicDownloader_fuer_directx.exe        --a---- 393040 bytes        [07:06 15/03/2013]        [07:06 15/03/2013] 490E13A6BFE1288471BA453EAD090A83

========== folderfind ==========

Searching for "*BrowSoe2asaaveey*"
No folders found.

Searching for "*SProtector*"
No folders found.

Searching for "*Softonic*"
No folders found.

========== regfind ==========

Searching for "BrowSoe2asaaveey"
No data found.

Searching for "SProtector"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\antivirusprotector.com]

Searching for "Softonic"
No data found.

-= EOF =-
Als ich vorhin bei euch wieder auf der Seite war, hörte ich wieder ne Musik im Hintergrund. ( War glaub ich irgendso ein Game oda so )


Alle Zeitangaben in WEZ +1. Es ist jetzt 11:13 Uhr.
Seite 1 von 2 1 2
100 Beiträge dieses Themas auf einer Seite anzeigen

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131