Trojaner-Board - Entfernen unerwünschter Programme

Hallo,

Ich habe mir vor kurzem durch einen Download unbewusst Delta Search eingefangen und nachdem ich geschaut habe wie ich es wieder los werde bin ich durch einen Scan von SpyHunter darauf aufmerksam gemacht worden das da noch etwas mehr auf meinem Pc sitzt was dort nichts zu suchen hat. Avira, welches ich sonst als Schutz benutze hatte mir bei seinem Scan lediglich eine Warnung angezeigt und in Quarantäne verschoben, SpyHunter hatte diese in seinem Bericht nicht erwähnt.

Ich habe mein bisheriges Vertrauen in Avira nach diesen Scans leider ganz verloren und suche nun ein anderes Programm um meinen Pc zu schützen. Würde mich sehr drüber freuen wenn ihr mir da etwas empfehlen könntet, am besten etwas das auch nach einen solchen Scan Probleme entfernt, dabei sollte es sich möglichst um Freeware handeln.

Nun habe ich einmal die von euch geforderten Checks gemacht, hier sind die Logs.

Extras.txt

Zitat:

OTL Extras logfile created on: 12.04.2013 23:54:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 81,16% Memory free
15,79 Gb Paging File | 14,18 Gb Available in Paging File | 89,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 23,27 Gb Free Space | 23,86% Space Free | Partition Type: NTFS
Drive D: | 976,56 Gb Total Space | 727,15 Gb Free Space | 74,46% Space Free | Partition Type: NTFS
Drive E: | 788,80 Gb Total Space | 718,41 Gb Free Space | 91,08% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 22,29 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 0,19 Gb Free Space | 5,11% Space Free | Partition Type: FAT32

Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "E:\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "E:\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Directory [Winamp.Bookmark] -- "E:\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "E:\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "E:\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0

========== Authorized Applications List ==========

========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{010E7205-980E-46B0-9BD9-07CF75793168}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{02A7A163-9544-4A15-8E1C-1AEB49537F11}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{02F51B19-1ED2-4077-8B69-009A9603A7B9}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{04104107-FFB0-4F5A-960A-2D17BB180A2C}" = protocol=6 | dir=in | app=d:\elsword_de\data\x2.exe |
"{04921C95-DC9C-43AD-9D5B-426EC4AE3822}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe |
"{0655CA07-6064-4614-AD68-3B95F456ABD9}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{07EB3022-C4E0-4288-ACB1-D706DD128026}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{083B29FA-8CF8-48F0-88A1-EA883BCB3513}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dxhrml\dxhrml.exe |
"{087B5C47-DCB3-422F-86B5-A86114D8699D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{089B5AA0-133B-436B-BE14-13F288FD8F35}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{09662893-3321-40D3-9790-C617DE9DC2AE}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\utorrent\utorrent.exe |
"{0AFB9D09-1219-408D-9667-16E94EF76D19}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller overdose\bin\overdose.exe |
"{1033F6D4-1BE5-47F7-A73F-F85EA81F2798}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{13015220-9AE2-4FDC-9A48-6A6D7C075C2F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{1493344D-AE5B-4DBE-BDCB-91BDCAEBAA63}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{156FECBB-F251-45E8-9528-92238D841748}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{16CDA75E-4A0C-4E51-B58A-87385A9A11D3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
"{1824C992-E95C-4CE4-B67D-039A77420B74}" = protocol=6 | dir=in | app=d:\steam\steam.exe |
"{19D69B5D-6A98-44CC-BD05-196D7D0EBA5F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{1B58F68E-E2C7-4B47-A326-2FE2E3E47F07}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller recurring evil\bin\recurringevil.exe |
"{1BF38C44-065D-46E2-83FF-42FD7B621088}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{1BF65CF3-5F43-4476-83E4-37C22D3A2F8A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{1CA907A0-3F2D-4E52-9745-F1C564BB56E7}" = protocol=17 | dir=in | app=d:\elsword_de\data\x2.exe |
"{2124A9D6-518B-44C7-80B9-9A107BEB830F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller recurring evil\bin\recurringevil.exe |
"{23428CBB-68D1-469A-9720-57656D21519E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller resurrection\bin\resurrection.exe |
"{247AE967-3843-40B8-8438-AC86B30ACCB3}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex\system\deusex.exe |
"{268880A2-9DAD-4B15-8733-6FBFC2A7C43B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller resurrection\bin\resurrection.exe |
"{27DB1BA2-B9B7-4FE2-A96A-FA87F9761AF5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dawn of war 2\dow2.exe |
"{289E892B-32D1-4A4F-B422-EEEF2548EE4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{2AF8AF77-B3DC-4E54-9C76-F2076B2AB10F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{2F456866-EEE7-42BE-AAE6-4BC5405C5F85}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{2F4FC81D-2B88-4D09-8540-035A07A9BB87}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\orcs must die 2\build\release\orcsmustdie2.exe |
"{319E70A7-6D7F-426C-8A21-92854A10BD82}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller overdose\bin\overdose.exe |
"{377554FB-75B5-45B0-8FFD-280523B4974C}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{381DF5F5-444C-4AFA-9E64-9B91D5E4655E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dmc devil may cry\binaries\win32\dmc-devilmaycry.exe |
"{394E1108-8C5E-4B4D-A1ED-F23ECBBDEB72}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{3C4AABE0-283E-4D08-9770-A5E8F71EA230}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller redemption\bin\redemption.exe |
"{3E785B8E-03DE-42DF-8058-FEF37038CE77}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe |
"{4264E73E-7D39-4A3B-AAD4-3A935CAFAECD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dxhrml\dxhrml.exe |
"{44D1459B-7911-4A78-8946-64D38268011A}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\utorrent\utorrent.exe |
"{45E4D907-3BBF-47EB-939C-735CBC4EC50D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller recurring evil\bin\recurringevileditor.exe |
"{46F0326D-41A6-4CFB-AC7E-85A2E5016CC9}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\amnesia the dark descent\launcher.exe |
"{47A11E8F-A674-438A-9FD8-95DCDD87E786}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{48766376-4D59-48FC-9E1C-F8FED9C70705}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe |
"{494053A8-ACA8-4672-9A48-6FA75D39C267}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\supermnc\uberlauncher.exe |
"{4A5D02EB-86CE-4044-ABC2-4766434A300D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{4B084681-751D-4D3A-A9C6-B34E50FC88F2}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{4B5B52FF-28BD-499C-B862-6D2B23D25C54}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{4B712B6F-3E0D-4D05-B58B-F9FBDECDB8AA}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{4C7B9BFF-72F6-47A3-831E-C905A41C992D}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\prince of persia\launcher\launcher.exe |
"{4F7C6A31-A9D8-4BA3-95F5-9674EBB06BE6}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{55A0DD25-D090-4BE2-B940-5754D4A7CA3E}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{562BADC8-732A-4C35-BC24-8C0229F75D10}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{56A53577-CC45-4819-A863-468F23FD6726}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\fallout new vegas\falloutnvlauncher.exe |
"{592D34ED-BA84-496D-BA2B-B417A1AB8367}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{59ED1D4B-2B7A-4850-A0E8-1234FA373E4B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe |
"{5A2B44E9-72C9-4100-BE35-3C1F6B5B40EF}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{5A7BDF8D-E28E-443D-A875-D4DBDC98B78D}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{5B78A2E0-0669-400E-BD7F-7EA1D4056C73}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{5ED6854F-3BB5-40BC-80B0-ACA2C65BC20C}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{600F4751-211C-455A-A1F7-E6CF6594B9C4}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{604B9431-1458-4CDC-A6EA-71279C78B253}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe |
"{616ACF5C-E32B-4CE7-95F8-4DA1BA4DB7C0}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\benchmark.bat |
"{628C1054-F0BF-4899-9C3A-1722AF20BBE9}" = dir=in | app=e:\itunes.exe |
"{6907DD20-5117-4AC1-BC3A-3FFEDF006549}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dishonored\binaries\win32\dishonored.exe |
"{6A1FEF1E-1D6D-4511-87F0-D2F0FE36AFF0}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\supermnc\uberlauncher.exe |
"{6C6FA7AA-CA5C-4813-AC24-F8D890857783}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\mirrors edge\binaries\mirrorsedge.exe |
"{70FC63D0-61C3-4F02-A5A7-909DB2AD52D8}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\tomb raider\tombraider.exe |
"{7117C7BB-F750-48A3-AC32-E35CBB12E544}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{721F04DB-9099-4479-B22D-14FD1ACF4415}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{72AFDD19-7EB1-4826-91D9-570B3125B2CF}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{7348C5BD-2F56-4886-9DEF-7DE0387A17F5}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dawn of war ii - retribution\dow2.exe |
"{750383C4-84DE-402F-B8EB-3ED9F9C0B25A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{78A9BFC4-2868-4A45-88D5-EA97D9D14088}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\prince of persia the sands of time\princeofpersia.exe |
"{7A410AAF-1522-469D-B77D-1023FA317533}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller redemption\bin\redemptioneditor.exe |
"{7FDB1A04-19D2-40D5-9B4B-55A470518AFE}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{80267607-D8E5-480A-AB7F-644260D19EE8}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{805ABD89-24FA-456B-AE62-30F928706DE9}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\duke nukem forever\system\dukeforever.exe |
"{82651D62-5A5A-4A08-9D41-22707DC821BD}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{83D33C78-3E2F-4736-A484-44AB6DEEC42B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\velvet assassin\launcher.exe |
"{85D5C481-0EBF-425B-AA61-B407C531E2F7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dawn of war 2\dow2.exe |
"{879E59E2-E385-42AC-A104-827E5139D439}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{8A523BB6-502E-4818-BB73-D469AF76B245}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\velvet assassin\launcher.exe |
"{8BA0C9A4-0BEE-4D3A-BC2C-A9688DFB2F87}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\f.e.a.r. 3\f.e.a.r. 3.exe |
"{8D17D563-5F32-4142-B5BD-237998D8027F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\mirrors edge\support\ea help\electronic_arts_technical_support.htm |
"{905B72FB-CA88-4743-8928-BD7706E1EB35}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\world of goo\worldofgoo.exe |
"{93E9FCD2-55BE-4B13-898F-1680A0DF8FB8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{943E4963-D537-4B26-A0C9-B939EE340695}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{94572620-BE54-4AD8-BC31-3D3A4CD4FA6E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller hell & damnation\binaries\win32\pkhdgame-win32-shipping.exe |
"{961938AF-971B-4752-B5EA-688D76A89121}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{9D0778FD-ECBC-4D6C-ADCB-CD9C729B7AFD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1544\agent.exe |
"{9E4DB936-498F-442A-AC41-E623286FCD3A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock infinite\binaries\win32\bioshockinfinite.exe |
"{A22BF110-8414-42A0-BACF-4E237B8D83BC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\i am alive\src\system\iamalive_game.exe |
"{A30A4B5F-CAEC-4D34-979C-B3D5568EBEF6}" = protocol=17 | dir=in | app=d:\steam\steam.exe |
"{A3C3AA2B-CDEE-41C3-848C-15248652C45D}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1675\agent.exe |
"{A3EB78B5-729E-4CA4-A69F-78D122F95526}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe |
"{A6DBA2A0-D43C-421B-B0C3-68EA20EBBBB1}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\deus ex\system\deusex.exe |
"{A9566834-A8E1-46B1-9457-9BC049D84D09}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam 2\bin\sam2.exe |
"{A963F473-670F-4BFA-A16A-91798519DB25}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\deus ex - human revolution\dxhr.exe |
"{AAB52540-2F46-42CA-B243-36D679B1CD9B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller redemption\bin\redemption.exe |
"{ABBA0AAC-37C8-4DD4-83E2-EC293316C16A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse_unrestricted.exe |
"{B3C7F30B-68DF-442B-ACD3-509D9033EA6B}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{BB372307-6C55-4592-9252-58CC613D5E1C}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the second encounter\bin\samhd_tse.exe |
"{BCD654F4-1401-4722-A7AF-E90351A6B7C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{C024015D-522E-4659-9B91-0F56FD3A044A}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller recurring evil\bin\recurringevileditor.exe |
"{C3554F92-FBD9-4742-A1EE-F168F2A5F0A6}" = protocol=6 | dir=in | app=e:\utorrent\utorrent.exe |
"{C49A9E13-C5C8-49B4-AF3A-C49C13C5E940}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\prince of persia the warrior within\princeofpersia.exe |
"{C5BD4152-F972-410D-ACB8-5636CAAC6FEE}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\painkiller redemption\bin\redemptioneditor.exe |
"{C8BA6452-DF0E-4D37-8A68-BB7141A6A890}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{CC039B27-B010-48C0-AE60-E19F2C7281A1}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam 2\bin\dedicatedserver.exe |
"{CF8BA783-1855-4DC8-BB34-D5C994EE544E}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\natural selection 2\ns2.exe |
"{D1B3A2CA-D0F2-474D-8D5C-67CD8F57084F}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\painkiller black edition\bin\painkiller.exe |
"{D48A3010-EA91-4516-85D6-E08D2E1BFACC}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1637\agent.exe |
"{D52C8977-7F1D-403D-B5CE-83776E671793}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{D9F06817-C561-4466-A711-691779A3444C}" = protocol=17 | dir=in | app=e:\utorrent\utorrent.exe |
"{DB10C922-AF8F-41B6-A436-993FC52BFD4F}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3.exe |
"{DF70C957-960C-4EB7-9044-8AD05BC179F2}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii\diablo iii.exe |
"{E1BA2B19-4133-4FF8-9C9D-7348A7EC7D91}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E1E18B90-360C-45DF-AC98-9A8EF75E1417}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\launcher.exe |
"{E3E8DF76-DF3A-4A26-ADFC-C8911B8078FC}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\bioshock\builds\release\bioshock.exe |
"{E44C5492-6C64-40D2-9C0C-E5BA313EB05C}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E6DA08A8-13AB-44F8-B963-A3FB1534227A}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\serious sam 3\bin\sam3_unrestricted.exe |
"{EFDA89CC-F3A9-4FD7-9F3E-6C07AE539BCD}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\natural selection 2\ns2.exe |
"{F035FFFF-A8B7-4A4B-AE3A-0466711310CC}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\prince of persia two thrones\princeofpersia.exe |
"{F1A5B765-3B79-46E8-A53F-243452D85CFE}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\tomb raider\tombraider.exe |
"{F4BF2B4D-E0AE-4A92-9CEF-4262D5F68927}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\darksiders 2\darksiders2.exe |
"{F87FC042-1046-4A8B-B978-DE0B24F2E89B}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\borderlands 2\binaries\win32\borderlands2.exe |
"{FACE33BB-8F5F-4121-A25F-AA60CF9429E7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\serious sam hd the first encounter\bin\samhd.exe |
"{FCE37583-84D0-4B39-B656-480E525A4E43}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\prince of persia forgotten sands\prince of persia.exe |
"{FFDA3363-7A83-4981-94D9-2AEE948C8828}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"TCP Query User{3B2AB274-1311-44E6-B90D-36DC4A747153}D:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"TCP Query User{548B7467-8E32-497E-91E3-FD73216907AB}D:\diablo iii\diablo iii.exe" = protocol=6 | dir=in | app=d:\diablo iii\diablo iii.exe |
"TCP Query User{55B00665-70E2-448D-9C07-C959A08FB855}D:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{90C339E2-52D9-4882-9BAB-B9B9F4F15917}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\michi\appdata\local\akamai\netsession_win.exe |
"TCP Query User{9C8FA1B4-BAB8-4715-865D-D0A12093744F}E:\winamp\winamp.exe" = protocol=6 | dir=in | app=e:\winamp\winamp.exe |
"TCP Query User{C2445DDB-B28E-4E75-AF13-D20FA7B6962C}C:\program files (x86)\ea games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{078E50FC-2695-4476-AA72-477E0EF89B8B}D:\diablo iii\diablo iii.exe" = protocol=17 | dir=in | app=d:\diablo iii\diablo iii.exe |
"UDP Query User{0E347352-DC95-40A5-A66F-7C1B1E91D997}C:\program files (x86)\ea games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\alice madness returns\game\alice2\binaries\win32\alicemadnessreturns.exe |
"UDP Query User{391AFF8D-BEB7-4C2C-93AE-F9FD4300D87A}E:\winamp\winamp.exe" = protocol=17 | dir=in | app=e:\winamp\winamp.exe |
"UDP Query User{737872B2-DD8F-4FFD-83BC-C541B9AA939E}C:\users\***\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\michi\appdata\local\akamai\netsession_win.exe |
"UDP Query User{751F2BD6-B830-4A3F-AC17-E6B45EDD04B1}D:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\supermnc\binaries\win32\supermncgameclient.exe |
"UDP Query User{8DB7E463-9630-4DEC-AE58-80E8C78D56CE}D:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=d:\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09536BA1-E498-4CC3-B834-D884A67D7E34}" = Intel® Trusted Connect Service Client
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{54F8B6C7-9B25-4E85-A1E0-26CFB80DE787}" = Intel(R) Smart Connect Technology 2.0 x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 310.70
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"ASRock App Charger_is1" = ASRock App Charger v1.0.5
"ASRock SmartConnect_is1" = ASRock SmartConnect v1.0.6
"ASRock XFast RAM_is1" = ASRock XFast RAM v2.0.9
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"VIRTU MVP_is1" = VIRTU MVP 2.1.111
"VLC media player" = VLC media player 2.0.5
"XFast LAN" = XFast LAN v6.61

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{14D08502-FEE4-40E5-90D3-8A967A1D8BA2}" = Readiris Pro 10
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{2FA94A64-C84E-49d1-97DD-7BF06C7BBFB2}.WildTangent Games App" = Update Installer for WildTangent Games App
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{70B446D1-E03B-4ab0-9B3C-0832142C9AA8}.WildTangent Games App-wildgames" = WildTangent Games App
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90120000-0016-0000-0000-0000000FF1CE}" = Microsoft Office Excel 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-001B-0000-0000-0000000FF1CE}" = Microsoft Office Word 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90F1943D-EA4A-4460-B59F-30023F3BA69A}" = SmarThru 4
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{93A3AB24-36E8-41BA-80C6-CCEC237836DC}" = Alice Madness Returns
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A6C48A9F-694A-4234-B3AA-62590B668927}" = Intel(R) Manageability Engine Firmware Recovery Agent
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{AFB907F5-C0E6-4753-8284-DE955EF86AC2}" = THX TruStudio
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240D6}" = WinZip 17.0
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.6
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4759AAB-A8AA-4955-8BF8-C702F14660B7}" = Aeria Ignite
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FCB3772C-B7D0-4933-B1A9-3707EBACC573}" = Intel(R) OpenCL CPU Runtime
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Aeria Ignite" = Aeria Ignite
"Aeria Ignite 1.12.2400" = Aeria Ignite
"ASRock eXtreme Tuner_is1" = ASRock eXtreme Tuner v0.1.248
"ASRock InstantBoot_is1" = ASRock InstantBoot v1.29
"Avira AntiVir Desktop" = Avira Free Antivirus
"Cheat Engine 6.2_is1" = Cheat Engine 6.2
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Diablo III" = Diablo III
"Elsword_DE_is1" = Elsword_DE
"EXCEL" = Microsoft Office Excel 2007
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.1.320
"InstallShield_{532F6E8A-AF97-41C3-915F-39F718EC07D1}" = ASUS GPU Tweak
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Origin" = Origin
"Samsung CLX-3170 Series" = Samsung CLX-3170 Series
"Scarlet Blade" = Scarlet Blade
"SmarThru PC Fax" = SmarThru PC Fax
"SpeedFan" = SpeedFan (remove only)
"Steam App 104700" = Super Monday Night Combat
"Steam App 13500" = Prince of Persia: Warrior Within
"Steam App 13530" = Prince of Persia: The Two Thrones
"Steam App 13600" = Prince of Persia: The Sands of Time
"Steam App 15620" = Warhammer® 40,000™: Dawn of War® II
"Steam App 16720" = Velvet Assassin
"Steam App 17410" = Mirror's Edge
"Steam App 19980" = Prince of Persia
"Steam App 201280" = Deus Ex: Human Revolution - The Missing Link
"Steam App 201790" = Orcs Must Die! 2
"Steam App 203160" = Tomb Raider
"Steam App 204340" = Serious Sam 2
"Steam App 205100" = Dishonored
"Steam App 20570" = Warhammer® 40,000™: Dawn of War® II - Chaos Rising™
"Steam App 206760" = Painkiller: Recurring Evil
"Steam App 21100" = F.E.A.R. 3
"Steam App 214250" = I Am Alive
"Steam App 214870" = Painkiller Hell & Damnation
"Steam App 22000" = World of Goo
"Steam App 22380" = Fallout: New Vegas
"Steam App 28050" = Deus Ex: Human Revolution
"Steam App 3270" = Painkiller Overdose
"Steam App 33320" = Prince of Persia: The Forgotten Sands
"Steam App 39530" = Painkiller: Black Edition
"Steam App 39560" = Painkiller: Resurrection
"Steam App 41000" = Serious Sam HD: The First Encounter
"Steam App 41010" = Serious Sam HD: The Second Encounter
"Steam App 41070" = Serious Sam 3: BFE
"Steam App 4920" = Natural Selection 2
"Steam App 49520" = Borderlands 2
"Steam App 50650" = Darksiders II
"Steam App 56400" = Warhammer® 40,000™: Dawn of War® II – Retribution™
"Steam App 57300" = Amnesia: The Dark Descent
"Steam App 57900" = Duke Nukem Forever
"Steam App 65560" = Painkiller: Redemption
"Steam App 65800" = Dungeon Defenders
"Steam App 6910" = Deus Ex: Game of the Year Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7670" = BioShock
"Steam App 8870" = BioShock Infinite
"uTorrent" = µTorrent
"Wakfu" = Wakfu
"WildTangent wildgames Master Uninstall" = WildTangent-Spiele
"Winamp" = Winamp
"WORD" = Microsoft Office Word 2007
"WTA-842ac1e3-bb13-487c-b4aa-d2ecb96d0fe8" = Beat Hazard
"XFastUSB" = XFastUSB

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"ICQ" = ICQ 8.0 (build 5977, für aktuellen Benutzer)
"uTorrent" = µTorrent
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 10.04.2013 10:44:38 | Computer Name = ***-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 10.04.2013 10:46:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 10.04.2013 23:08:46 | Computer Name = ***-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 10.04.2013 23:10:32 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 11.04.2013 10:19:44 | Computer Name = ***-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 11.04.2013 10:21:12 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.04.2013 01:06:15 | Computer Name = ***-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 12.04.2013 01:08:00 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

Error - 12.04.2013 17:52:20 | Computer Name = ***-PC | Source = ISCT Agent | ID = 1003
Description =

Error - 12.04.2013 17:54:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10
Description =

[ System Events ]
Error - 11.04.2013 10:21:59 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 12.04.2013 01:06:14 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 12.04.2013 01:08:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 12.04.2013 01:08:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

Error - 12.04.2013 17:40:18 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 12.04.2013 17:40:18 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 12.04.2013 17:40:20 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.

Error - 12.04.2013 17:52:20 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet:
%%20

Error - 12.04.2013 17:55:15 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden: %%1330 Vergewissern
Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
Management Console (MMC).

Error - 12.04.2013 17:55:15 | Computer Name = Michi-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1069

< End of report >

OTL.txt

Zitat:

OTL logfile created on: 12.04.2013 23:54:59 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Michi\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

7,90 Gb Total Physical Memory | 6,41 Gb Available Physical Memory | 81,16% Memory free
15,79 Gb Paging File | 14,18 Gb Available in Paging File | 89,79% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 23,27 Gb Free Space | 23,86% Space Free | Partition Type: NTFS
Drive D: | 976,56 Gb Total Space | 727,15 Gb Free Space | 74,46% Space Free | Partition Type: NTFS
Drive E: | 788,80 Gb Total Space | 718,41 Gb Free Space | 91,08% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 22,29 Gb Free Space | 4,79% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 0,19 Gb Free Space | 5,11% Space Free | Partition Type: FAT32

Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.04.12 23:41:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
PRC - [2013.04.05 22:46:14 | 001,043,536 | ---- | M] (BitTorrent Inc.) -- E:\UTorrent\uTorrent.exe
PRC - [2013.03.28 00:23:21 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.28 00:23:12 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.28 00:23:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.26 09:34:37 | 003,497,552 | ---- | M] (Electronic Arts) -- E:\Origin\Origin.exe
PRC - [2013.03.15 22:09:22 | 001,910,296 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe
PRC - [2013.01.26 08:08:50 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.04 22:56:08 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.12.15 16:59:22 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe
PRC - [2012.12.12 14:57:10 | 000,152,544 | ---- | M] (Apple Inc.) -- E:\iTunesHelper.exe
PRC - [2012.11.30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- E:\Winamp\winampa.exe
PRC - [2012.05.30 15:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
PRC - [2012.02.21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
PRC - [2012.02.21 13:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
PRC - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe
PRC - [2011.05.19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe
PRC - [2009.02.27 06:03:15 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
PRC - [2009.01.30 13:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

========== Modules (No Company Name) ==========

MOD - [2013.03.26 09:35:23 | 000,062,976 | ---- | M] () -- E:\Origin\tufao.dll
MOD - [2013.02.14 18:14:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll
MOD - [2013.02.14 00:39:11 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll
MOD - [2013.01.10 19:06:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll
MOD - [2013.01.10 19:05:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll
MOD - [2013.01.10 19:05:41 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll
MOD - [2013.01.10 19:05:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll
MOD - [2013.01.10 19:05:39 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll
MOD - [2013.01.10 19:05:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll
MOD - [2013.01.10 19:04:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll
MOD - [2013.01.09 23:52:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.09 23:51:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.09 23:51:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.09 23:51:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll
MOD - [2013.01.09 23:51:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.09 23:51:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2013.01.09 18:22:03 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll
MOD - [2013.01.09 18:21:55 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll
MOD - [2013.01.09 18:21:55 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll
MOD - [2013.01.09 18:21:52 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll
MOD - [2013.01.09 18:21:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll
MOD - [2013.01.09 18:21:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll
MOD - [2013.01.09 18:21:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll
MOD - [2013.01.09 18:21:49 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll
MOD - [2013.01.09 18:21:48 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll
MOD - [2013.01.09 18:21:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll
MOD - [2013.01.09 18:21:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll
MOD - [2013.01.04 22:56:08 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe
MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll
MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll
MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll
MOD - [2011.05.04 17:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll
MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll
MOD - [2010.11.21 05:24:23 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll
MOD - [2010.11.21 05:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
MOD - [2009.02.27 06:03:15 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe
MOD - [2009.01.30 13:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe
MOD - [2008.06.26 04:46:07 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll
MOD - [2008.06.26 04:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll
MOD - [2008.06.26 04:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll
MOD - [2006.10.26 14:56:46 | 000,757,008 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL

========== Services (SafeList) ==========

SRV - [2013.04.12 08:20:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.28 00:23:21 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.28 00:23:12 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.14 17:31:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.11.30 23:43:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.05.24 09:16:54 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.02.28 18:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2012.02.28 18:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2012.02.21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)
SRV - [2012.02.21 13:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)
SRV - [2012.02.09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)
SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)
SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)
SRV - [2011.10.19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)
SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

========== Driver Services (SafeList) ==========

DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys -- (esgiguard)
DRV:64bit: - [2013.04.12 23:52:20 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)
DRV:64bit: - [2013.03.28 00:23:24 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.28 00:23:24 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.28 00:23:24 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.01.31 21:42:36 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)
DRV:64bit: - [2012.12.15 16:59:22 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.05.30 14:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2012.05.21 06:04:18 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.03.12 12:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.02.09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)
DRV:64bit: - [2012.02.09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)
DRV:64bit: - [2012.02.09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)
DRV:64bit: - [2012.01.13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)
DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.07.04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)
DRV:64bit: - [2011.05.10 17:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV:64bit: - [2007.10.22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)
DRV:64bit: - [2007.10.22 08:55:45 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)
DRV - [2013.03.26 15:33:45 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Scarlet Blade\ScarletBlade\avital\scarlb64.sys -- (slb)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - prefs.js..network.proxy.type: 0

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: E:\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:20:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:20:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:20:01 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:20:00 | 000,000,000 | ---D | M]

[2012.12.15 17:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions
[2013.04.12 20:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\406zyrw7.default\extensions
[2013.04.05 12:36:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\406zyrw7.default\extensions\ich@maltegoetz.de
[2013.04.12 18:37:27 | 000,001,294 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\406zyrw7.default\searchplugins\delta.xml
[2013.04.12 08:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.12 08:20:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()
O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)
O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe ()
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] E:\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()
O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)
O4 - HKLM..\Run: [WinampAgent] E:\Winamp\winampa.exe (Nullsoft, Inc.)
O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [ASRockXTU] File not found
O4 - HKCU..\Run: [EADM] E:\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [icq] C:\Users\Michi\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)
O4 - HKCU..\Run: [uTorrent] E:\UTorrent\uTorrent.exe (BitTorrent Inc.)
O4 - HKCU..\Run: [zASRockInstantBoot] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()
O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()
O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()
O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{981E5BBA-EBAF-44DF-8189-3E5A52BD054C}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (c:\windows\syswow64\appinit_dll.dll) - c:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)
O20 - AppInit_DLLs: (c:\windows\syswow64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.04.12 22:34:56 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{9ed207cd-46f6-11e2-b45f-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{9ed207cd-46f6-11e2-b45f-806e6f6e6963}\Shell\AutoRun\command - "" = F:\ASRSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.04.12 23:51:14 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.04.12 23:41:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2013.04.12 22:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.04.12 22:33:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.04.12 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\My Cheat Tables
[2013.04.12 18:37:13 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Babylon
[2013.04.12 18:37:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Babylon
[2013.04.12 18:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2
[2013.04.12 18:37:08 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\OpenCandy
[2013.04.12 08:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.04.05 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\uTorrent
[2013.04.03 00:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak
[2013.03.30 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\WinZip
[2013.03.30 14:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip
[2013.03.30 14:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip
[2013.03.28 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Bioshock
[2013.03.28 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Bioshock
[2013.03.28 00:23:33 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 00:23:33 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 00:23:33 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.26 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2013.03.26 14:08:01 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Aeria Games
[2013.03.26 14:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2013.03.26 14:07:22 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.03.26 14:04:47 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\AI_RecycleBin
[2013.03.26 14:04:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.03.26 14:04:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2013.03.26 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Aeria Games & Entertainment
[2013.03.26 13:39:12 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Akamai
[2013.03.26 13:39:10 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2013.03.24 21:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core
[2013.03.24 21:17:23 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Origin
[2013.03.24 21:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts
[2013.03.24 21:17:22 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Origin
[2013.03.24 21:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2013.03.24 20:46:25 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Electronic Arts
[2013.03.24 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2013.03.24 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2013.03.24 18:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games
[2013.03.22 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.03.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\DVDVideoSoft
[2013.03.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.03.17 12:08:38 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Awesomium
[2013.03.16 14:56:10 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Uber_Entertainment
[2013.03.16 14:56:09 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\UberLauncher
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.04.12 23:54:24 | 000,000,000 | ---- | M] () -- C:\Users\Michi\defogger_reenable
[2013.04.12 23:52:24 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
[2013.04.12 23:52:20 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys
[2013.04.12 23:52:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.12 23:52:07 | 2064,912,383 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.12 23:44:09 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini
[2013.04.12 23:42:26 | 000,377,856 | ---- | M] () -- C:\Users\Michi\Desktop\gmer_2.1.19163.exe
[2013.04.12 23:41:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe
[2013.04.12 23:41:27 | 000,050,477 | ---- | M] () -- C:\Users\Michi\Desktop\Defogger.exe
[2013.04.12 23:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.12 22:34:56 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.04.12 19:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
[2013.04.12 18:37:09 | 000,000,775 | ---- | M] () -- C:\Users\Michi\Desktop\Cheat Engine.lnk
[2013.04.12 07:13:30 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 07:13:30 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.12 07:12:09 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.12 07:12:09 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.12 07:12:09 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.12 07:12:09 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.12 07:12:09 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 16:19:37 | 000,298,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.04.05 22:37:16 | 000,000,813 | ---- | M] () -- C:\Users\Michi\Desktop\µTorrent.lnk
[2013.03.28 00:23:24 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2013.03.28 00:23:24 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2013.03.28 00:23:24 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2013.03.22 16:07:38 | 000,010,763 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\SmarThruOptions.xml
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.04.12 23:54:24 | 000,000,000 | ---- | C] () -- C:\Users\Michi\defogger_reenable
[2013.04.12 23:42:48 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini
[2013.04.12 23:42:26 | 000,377,856 | ---- | C] () -- C:\Users\Michi\Desktop\gmer_2.1.19163.exe
[2013.04.12 23:41:26 | 000,050,477 | ---- | C] () -- C:\Users\Michi\Desktop\Defogger.exe
[2013.04.12 22:34:56 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.04.12 18:37:09 | 000,000,775 | ---- | C] () -- C:\Users\Michi\Desktop\Cheat Engine.lnk
[2013.04.05 22:37:16 | 000,000,813 | ---- | C] () -- C:\Users\Michi\Desktop\µTorrent.lnk
[2012.12.16 00:44:04 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.12.16 00:43:59 | 000,010,763 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\SmarThruOptions.xml
[2012.12.16 00:43:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe
[2012.12.16 00:43:45 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll
[2012.12.16 00:43:41 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini
[2012.12.16 00:43:39 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll
[2012.12.16 00:42:33 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe
[2012.12.15 17:02:34 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini
[2012.12.15 17:02:34 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini
[2012.12.15 17:02:34 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini
[2012.12.15 17:02:31 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL
[2012.12.15 17:02:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL
[2012.12.15 16:59:29 | 000,000,003 | ---- | C] () -- C:\Users\Michi\AppData\Local\user_data.ini
[2012.12.15 16:48:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.15 16:48:53 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll
[2012.12.15 16:48:53 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin
[2012.12.15 16:48:53 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin
[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
[2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe

========== ZeroAccess Check ==========

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.01.07 00:33:55 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\7road
[2013.03.26 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Aeria Games & Entertainment
[2013.03.17 12:12:49 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Awesomium
[2013.04.12 18:37:13 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Babylon
[2013.04.06 12:45:33 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Bioshock
[2012.12.23 02:21:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Day 1 Studios
[2013.03.22 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DVDVideoSoft
[2013.01.14 20:12:48 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\fltk.org
[2012.12.18 00:26:01 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICQ-Profile
[2012.12.15 17:33:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICQM
[2012.12.15 17:50:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView
[2013.01.05 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LolClient
[2012.12.21 03:07:04 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Natural Selection 2
[2013.04.12 18:37:08 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OpenCandy
[2013.03.25 08:16:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Origin
[2012.12.16 00:44:01 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\SmarThru4
[2013.02.10 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TS3Client
[2013.04.12 23:57:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\uTorrent
[2013.02.07 10:21:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\WildTangent
[2012.12.20 10:50:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\XMedia Recode

========== Purity Check ==========

< End of report >

Gmer.txt

Zitat:

GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-13 00:05:45
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST2000DM rev.CC43 1863,02GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Michi\AppData\Local\Temp\pgloypow.sys

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe[3412] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f687b1 5 bytes [33, C0, C2, 04, 00]
.text C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778f1465 2 bytes [8F, 77]
.text C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe[3748] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778f14bb 2 bytes [8F, 77]
.text ... * 2
.text E:\UTorrent\uTorrent.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778f1465 2 bytes [8F, 77]
.text E:\UTorrent\uTorrent.exe[3756] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778f14bb 2 bytes [8F, 77]
.text ... * 2
.text C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe[1200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778f1465 2 bytes [8F, 77]
.text C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe[1200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778f14bb 2 bytes [8F, 77]
.text ... * 2
.text C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 00000000778f1465 2 bytes [8F, 77]
.text C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe[3564] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000778f14bb 2 bytes [8F, 77]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 166 000000002f9a1974 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 253 000000002f9a19cb 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 320 000000002f9a1a0e 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 390 000000002f9a1a54 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 738 000000002f9a1bb0 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 937 000000002f9a1c77 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 958 000000002f9a1c8c 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE!wdGetApplicationObject + 970 000000002f9a1c98 2 bytes [9A, 2F]
.text C:\Program Files (x86)\Microsoft Office\Office12\WINWORD.EXE[2888] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 0000000076f687b1 5 bytes JMP 00000001579c5629

---- Threads - GMER 2.1 ----

Thread C:\Windows\SysWOW64\ntdll.dll [3976:3980] 0000000000173fe1
Thread C:\Windows\SysWOW64\ntdll.dll [3976:3348] 000000006b618c3c
Thread C:\Windows\SysWOW64\ntdll.dll [3976:3220] 000000006b618f11
Thread C:\Windows\SysWOW64\ntdll.dll [3976:3020] 000000006b61882e

---- EOF - GMER 2.1 ----

So, hier die neuesten Ergebnisse

ComboFix

Combofix Logfile:

Code:

ComboFix 13-04-15.01 - Michi 16.04.2013  17:30:58.2.4 - x64

Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.8087.6103 [GMT 2:00]

ausgeführt von:: c:\users\Michi\Desktop\ComboFix.exe

Benutzte Befehlsschalter :: c:\users\Michi\Desktop\CFScript.txt

AV: Kaspersky Anti-Virus *Disabled/Updated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}

SP: Kaspersky Anti-Virus *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}

SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

.

.

((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))

.

.

c:\program files (x86)\Common Files\Wise Installation Wizard

c:\program files (x86)\Common Files\Wise Installation Wizard\WIS22B3AE667A374118BADB3680C15CA366_4_12_13_4202.MSI

c:\program files (x86)\Common Files\Wise Installation Wizard\WIS22B3AE667A374118BADB3680C15CA366_4_12_13_4202.MST

c:\program files\Enigma Software Group

c:\program files\Enigma Software Group\SpyHunter\gil.dat

c:\program files\Enigma Software Group\SpyHunter\INSTALL.LOG

c:\program files\Enigma Software Group\SpyHunter\Log\SpyHunter4_20130412_223450.log

c:\program files\Enigma Software Group\SpyHunter\safeol.dat

c:\program files\Enigma Software Group\SpyHunter\scanlog.log

c:\program files\Enigma Software Group\SpyHunter\supportlog.txt

c:\program files\Enigma Software Group\SpyHunter\unkcache.dat

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCall.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla2.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla21.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla31.exe

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla32.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla33.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla34.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla36.dll

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseCustomCalla36.exe

c:\windows\22B3AE667A374118BADB3680C15CA366.TMP\WiseData.ini

.

.

(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))

.

.

-------\Legacy_ESGIGUARD

-------\Service_esgiguard

.

.

(((((((((((((((((((((((   Dateien erstellt von 2013-03-16 bis 2013-04-16  ))))))))))))))))))))))))))))))

.

.

2013-04-16 15:34 . 2013-04-16 15:34        --------        d-----w-        c:\users\UpdatusUser\AppData\Local\temp

2013-04-16 14:18 . 2013-04-16 14:18        --------        d-----w-        c:\windows\ERUNT

2013-04-16 14:17 . 2013-04-16 14:17        --------        d-----w-        C:\JRT

2013-04-16 12:16 . 2013-03-19 03:50        9311288        ----a-w-        c:\programdata\Microsoft\Windows Defender\Definition Updates\{B25969B3-BE48-4AE0-AC82-72B8DD5FDB2C}\mpengine.dll

2013-04-16 03:20 . 2013-04-16 03:20        --------        d-----w-        c:\program files (x86)\Aeria Games

2013-04-15 14:23 . 2013-04-16 15:35        94656        ----a-w-        c:\windows\system32\WPRO_41_2001woem.tmp

2013-04-14 08:58 . 2012-07-11 15:09        64856        ----a-w-        c:\windows\system32\klfphc.dll

2013-04-14 08:58 . 2013-04-14 08:58        --------        d-----w-        c:\windows\ELAMBKUP

2013-04-14 08:58 . 2013-04-16 15:35        --------        d-----w-        c:\programdata\Kaspersky Lab

2013-04-14 08:58 . 2013-04-14 08:58        --------        d-----w-        c:\program files (x86)\Kaspersky Lab

2013-04-14 08:58 . 2013-04-14 09:01        613720        ----a-w-        c:\windows\system32\drivers\klif.sys

2013-04-14 08:58 . 2012-08-13 16:24        89432        ----a-w-        c:\windows\system32\drivers\klflt.sys

2013-04-13 08:18 . 2013-04-13 08:18        --------        d-----w-        c:\program files (x86)\Common Files\Skype

2013-04-11 03:13 . 2013-02-15 06:08        44032        ----a-w-        c:\windows\system32\tsgqec.dll

2013-04-05 20:36 . 2013-04-16 14:11        --------        d-----w-        c:\users\Michi\AppData\Roaming\uTorrent

2013-03-30 12:55 . 2013-03-30 12:55        --------        d-----w-        c:\users\Michi\AppData\Local\WinZip

2013-03-30 12:55 . 2013-03-30 12:55        --------        d-----w-        c:\programdata\WinZip

2013-03-28 14:41 . 2013-04-06 10:45        --------        d-----w-        c:\users\Michi\AppData\Roaming\Bioshock

2013-03-26 12:08 . 2013-03-26 12:08        --------        d-----w-        c:\users\Michi\AppData\Local\Aeria Games

2013-03-26 12:07 . 2013-03-26 12:07        --------        d-----w-        c:\programdata\Aeria Games

2013-03-26 12:04 . 2013-03-26 12:04        --------        d-----w-        c:\users\Michi\AppData\Roaming\Aeria Games & Entertainment

2013-03-26 11:39 . 2013-03-26 11:39        --------        d-----w-        c:\users\Michi\AppData\Local\Akamai

2013-03-26 11:39 . 2013-03-26 11:39        --------        d-----w-        C:\AeriaGames

2013-03-26 07:37 . 2013-02-12 04:12        19968        ----a-w-        c:\windows\system32\drivers\usb8023.sys

2013-03-24 19:20 . 2013-03-24 19:20        --------        d-----w-        c:\programdata\EA Core

2013-03-24 19:17 . 2013-03-25 06:16        --------        d-----w-        c:\users\Michi\AppData\Roaming\Origin

2013-03-24 19:17 . 2013-03-24 19:17        --------        d-----w-        c:\program files (x86)\Electronic Arts

2013-03-24 19:17 . 2013-03-24 19:19        --------        d-----w-        c:\users\Michi\AppData\Local\Origin

2013-03-24 18:46 . 2013-03-24 18:46        --------        d-----w-        c:\users\Michi\AppData\Local\Electronic Arts

2013-03-24 18:46 . 2013-03-24 19:20        --------        d-----w-        c:\programdata\Electronic Arts

2013-03-24 18:46 . 2013-03-24 19:19        --------        d-----w-        c:\programdata\Origin

2013-03-24 16:57 . 2013-03-24 16:57        --------        d-----w-        c:\program files (x86)\EA Games

2013-03-22 15:15 . 2013-03-22 15:15        --------        d-----w-        c:\users\Michi\AppData\Roaming\DVDVideoSoft

2013-03-22 15:15 . 2013-03-22 15:15        --------        d-----w-        c:\program files (x86)\Common Files\DVDVideoSoft

.

.

.

((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2013-04-16 15:35 . 2012-12-15 14:57        34752        ----a-w-        c:\windows\system32\drivers\WPRO_41_2001.sys

2013-04-14 09:01 . 2012-06-08 09:38        54104        ----a-w-        c:\windows\system32\drivers\kltdi.sys

2013-03-14 15:31 . 2012-12-15 15:17        73432        ----a-w-        c:\windows\SysWow64\FlashPlayerCPLApp.cpl

2013-03-14 15:31 . 2012-12-15 15:17        693976        ----a-w-        c:\windows\SysWow64\FlashPlayerApp.exe

2013-03-11 23:10 . 2010-11-21 03:27        282744        ------w-        c:\windows\system32\MpSigStub.exe

2013-02-25 22:32 . 2013-02-25 22:32        25256224        ----a-w-        c:\windows\system32\nvcompiler.dll

2013-02-25 22:32 . 2012-10-10 20:22        2505144        ----a-w-        c:\windows\SysWow64\nvapi.dll

2013-02-25 22:32 . 2012-10-10 20:22        15129960        ----a-w-        c:\windows\SysWow64\nvd3dum.dll

2013-02-25 22:32 . 2013-02-25 22:32        6262608        ----a-w-        c:\windows\SysWow64\nvopencl.dll

2013-02-25 22:32 . 2012-10-10 20:23        2826040        ----a-w-        c:\windows\system32\nvapi64.dll

2013-02-25 22:32 . 2013-02-25 22:32        18055184        ----a-w-        c:\windows\system32\nvd3dumx.dll

2013-02-25 22:32 . 2012-12-15 14:42        1814304        ----a-w-        c:\windows\system32\nvdispco64.dll

2013-02-25 22:32 . 2012-10-10 20:23        1107440        ----a-w-        c:\windows\system32\nvumdshimx.dll

2013-02-25 22:32 . 2013-02-25 22:32        420128        ----a-w-        c:\windows\system32\nvEncodeAPI64.dll

2013-02-25 22:32 . 2013-02-25 22:32        2720544        ----a-w-        c:\windows\SysWow64\nvcuvid.dll

2013-02-25 22:32 . 2013-02-25 22:32        26929440        ----a-w-        c:\windows\system32\nvoglv64.dll

2013-02-25 22:32 . 2012-12-19 14:55        958120        ----a-w-        c:\windows\SysWow64\nvumdshim.dll

2013-02-25 22:32 . 2013-02-25 22:32        7932256        ----a-w-        c:\windows\SysWow64\nvcuda.dll

2013-02-25 22:32 . 2013-02-25 22:32        2346784        ----a-w-        c:\windows\system32\nvcuvenc.dll

2013-02-25 22:32 . 2013-02-25 22:32        11036448        ----a-w-        c:\windows\system32\drivers\nvlddmkm.sys

2013-02-25 22:32 . 2012-12-19 14:55        245872        ----a-w-        c:\windows\system32\nvinitx.dll

2013-02-25 22:32 . 2012-10-10 20:23        1510176        ----a-w-        c:\windows\system32\nvdispgenco64.dll

2013-02-25 22:32 . 2013-02-25 22:32        364832        ----a-w-        c:\windows\SysWow64\nvEncodeAPI.dll

2013-02-25 22:32 . 2013-02-25 22:32        2904352        ----a-w-        c:\windows\system32\nvcuvid.dll

2013-02-25 22:32 . 2013-02-25 22:32        20449056        ----a-w-        c:\windows\SysWow64\nvoglv32.dll

2013-02-25 22:32 . 2012-10-10 20:23        15053264        ----a-w-        c:\windows\system32\nvwgf2umx.dll

2013-02-25 22:32 . 2013-02-25 22:32        17560352        ----a-w-        c:\windows\SysWow64\nvcompiler.dll

2013-02-25 22:32 . 2013-02-25 22:32        7564040        ----a-w-        c:\windows\system32\nvopencl.dll

2013-02-25 22:32 . 2013-02-25 22:32        1985824        ----a-w-        c:\windows\SysWow64\nvcuvenc.dll

2013-02-25 22:32 . 2012-10-10 20:23        12641992        ----a-w-        c:\windows\SysWow64\nvwgf2um.dll

2013-02-25 22:32 . 2013-02-25 22:32        9390760        ----a-w-        c:\windows\system32\nvcuda.dll

2013-02-25 22:32 . 2012-12-19 14:55        201576        ----a-w-        c:\windows\SysWow64\nvinit.dll

2013-02-12 05:45 . 2013-03-13 22:30        135168        ----a-w-        c:\windows\apppatch\AppPatch64\AcXtrnal.dll

2013-02-12 05:45 . 2013-03-13 22:30        350208        ----a-w-        c:\windows\apppatch\AppPatch64\AcLayers.dll

2013-02-12 05:45 . 2013-03-13 22:30        308736        ----a-w-        c:\windows\apppatch\AppPatch64\AcGenral.dll

2013-02-12 05:45 . 2013-03-13 22:30        111104        ----a-w-        c:\windows\apppatch\AppPatch64\acspecfc.dll

2013-02-12 04:48 . 2013-03-13 22:30        474112        ----a-w-        c:\windows\apppatch\AcSpecfc.dll

2013-02-12 04:48 . 2013-03-13 22:30        2176512        ----a-w-        c:\windows\apppatch\AcGenral.dll

2013-01-31 19:42 . 2012-12-15 16:10        32320        ----a-w-        c:\windows\system32\drivers\FNETTBOH_305.SYS

2013-01-18 15:00 . 2012-12-15 14:42        6390048        ----a-w-        c:\windows\system32\nvcpl.dll

2013-01-18 15:00 . 2012-12-15 14:42        3460896        ----a-w-        c:\windows\system32\nvsvc64.dll

2013-01-18 15:00 . 2012-12-15 14:42        884512        ----a-w-        c:\windows\system32\nvvsvc.exe

2013-01-18 15:00 . 2012-12-15 14:42        63776        ----a-w-        c:\windows\system32\nvshext.dll

2013-01-18 15:00 . 2012-12-15 14:42        2953448        ----a-w-        c:\windows\system32\nvcoproc.bin

2013-01-18 15:00 . 2012-12-15 14:42        2558240        ----a-w-        c:\windows\system32\nvsvcr.dll

2013-01-18 15:00 . 2012-12-15 14:42        118560        ----a-w-        c:\windows\system32\nvmctray.dll

2013-01-18 06:15 . 2013-01-18 06:15        550176        ----a-w-        c:\windows\SysWow64\nvStreaming.exe

.

.

((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))

.

.

*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 

REGEDIT4

.

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Steam"="d:\steam\steam.exe" [2013-03-29 1631144]

"icq"="c:\users\Michi\AppData\Roaming\ICQM\icq.exe" [2012-12-15 26596344]

"Pando Media Booster"="c:\program files (x86)\Pando Networks\Media Booster\PMB.exe" [2013-01-04 3093624]

"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-02-28 18642024]

"EADM"="e:\origin\Origin.exe" [2013-03-26 3497552]

"Akamai NetSession Interface"="c:\users\Michi\AppData\Local\Akamai\netsession_win.exe" [2013-01-26 4480768]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]

"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-06-07 56128]

"USB3MON"="c:\program files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe" [2012-02-26 291608]

"XFastUSB"="c:\program files (x86)\XFastUSB\XFastUsb.exe" [2012-12-15 5019360]

"THX TruStudio NB Settings"="c:\program files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe" [2011-05-19 909824]

"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]

"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2009-02-27 552960]

"3170 Scan2PC"="c:\windows\Twain_32\Samsung\CLX3170\Scan2pc.exe" [2009-01-30 503808]

"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]

"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]

"iTunesHelper"="E:\iTunesHelper.exe" [2012-12-12 152544]

"WinampAgent"="e:\winamp\winampa.exe" [2012-06-20 74752]

"AVP"="c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe" [2013-04-14 356376]

"Aeria Ignite"="c:\program files (x86)\Aeria Games\Ignite\aeriaignite.exe" [2013-04-08 1917464]

.

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]

"ConsentPromptBehaviorAdmin"= 5 (0x5)

"ConsentPromptBehaviorUser"= 3 (0x3)

"EnableUIADesktopToggle"= 0 (0x0)

.

[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]

"LoadAppInit_DLLs"=1 (0x1)

"AppInit_DLLs"=c:\windows\SysWOW64\appinit_dll.dll c:\windows\SysWOW64\nvinit.dll c:\windows\SysWOW64\nvinit.dll

.

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]

"DisableMonitoring"=dword:00000001

.

R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]

R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-05-30 13632]

R2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-02-28 363800]

R3 cpuz134;cpuz134;c:\users\Michi\AppData\Local\Temp\cpuz134\cpuz134_x64.sys [x]

R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]

R3 slb;slb;d:\scarlet blade\ScarletBlade\avital\scarlb64.sys [2013-03-26 81880]

R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]

R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]

S0 AsrRamDisk;AsrRamDisk;c:\windows\system32\DRIVERS\AsrRamDisk.sys [2012-01-13 31016]

S0 iusb3hcs;Intel(R) USB 3.0 Hostcontroller-Switchtreiber;c:\windows\system32\DRIVERS\iusb3hcs.sys [2012-02-26 16152]

S1 AsrAppCharger;AsrAppCharger;c:\windows\system32\DRIVERS\AsrAppCharger.sys [2011-05-10 17192]

S1 FNETURPX;FNETURPX;c:\windows\system32\drivers\FNETURPX.SYS [2012-12-15 15936]

S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\DRIVERS\klim6.sys [2012-08-02 28504]

S1 kltdi;kltdi;c:\windows\system32\DRIVERS\kltdi.sys [2013-04-14 54104]

S1 kneps;kneps;c:\windows\system32\DRIVERS\kneps.sys [2012-08-13 178008]

S2 ASGT;ASGT;c:\windows\SysWOW64\ASGT.exe [2012-01-17 55296]

S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-02-02 628448]

S2 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-02-21 128280]

S2 ISCTAgent;ISCT Always Updated Agent;c:\program files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [2012-02-09 133632]

S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [2012-02-21 161560]

S2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2013-02-28 161384]

S2 SSPORT;SSPORT;c:\windows\system32\Drivers\SSPORT.sys [2007-10-22 11576]

S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2013-01-18 383264]

S3 FNETTBOH_305;FNETTBOH_305;c:\windows\system32\drivers\FNETTBOH_305.SYS [2013-01-31 32320]

S3 ikbevent;Intel Upper keyboard Class Filter Driver;c:\windows\system32\DRIVERS\ikbevent.sys [2012-02-09 25536]

S3 imsevent;Intel Upper Mouse Class Filter Driver;c:\windows\system32\DRIVERS\imsevent.sys [2012-02-09 25536]

S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2011-12-05 331264]

S3 ISCT;Intel(R) Smart Connect Technology Device Driver;c:\windows\system32\DRIVERS\ISCTD64.sys [2012-02-09 44992]

S3 iusb3hub;Intel(R) USB 3.0-Hubtreiber;c:\windows\system32\DRIVERS\iusb3hub.sys [2012-02-26 356120]

S3 iusb3xhc;Intel(R) USB 3.0 eXtensible-Hostcontrollertreiber;c:\windows\system32\DRIVERS\iusb3xhc.sys [2012-02-26 788760]

S3 klkbdflt;Kaspersky Lab KLKBDFLT;c:\windows\system32\DRIVERS\klkbdflt.sys [2012-10-25 29016]

S3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\DRIVERS\klmouflt.sys [2012-10-25 29528]

S3 Lycosa;Lycosa Keyboard;c:\windows\system32\drivers\Lycosa.sys [2008-01-17 18816]

S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-17 32344]

S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-08-23 565352]

S3 VirtuWDDM;VirtuWDDM;c:\windows\system32\DRIVERS\VirtuWDDM.sys [2012-03-12 66336]

S3 WPRO_41_2001;WinPcap Packet Driver (WPRO_41_2001);c:\windows\system32\drivers\WPRO_41_2001.sys [2013-04-16 34752]

.

.

Inhalt des "geplante Tasks" Ordners

.

2013-04-16 c:\windows\Tasks\Adobe Flash Player Updater.job

- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-15 15:31]

.

2013-04-16 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]

.

2013-04-15 c:\windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

- c:\program files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2011-11-25 12:41]

.

.

--------- X64 Entries -----------

.

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"IgfxTray"="c:\windows\system32\igfxtray.exe" [2012-05-24 170304]

"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2012-05-24 398656]

"Persistence"="c:\windows\system32\igfxpers.exe" [2012-05-24 440128]

"RTHDVCPL"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-10-17 13307496]

"VIRTU MVP"="c:\program files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe" [2012-03-12 3006240]

"XFast LAN"="c:\program files\ASRock\XFast LAN\cFosSpeed.exe" [2011-10-19 1441152]

"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2011-05-13 26624]

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]

"AppInit_DLLs"=c:\windows\System32\appinit_dll.dll c:\windows\System32\nvinitx.dll

.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost  - LocalService

FontCache

.

------- Zusätzlicher Suchlauf -------

.

uLocal Page = c:\windows\system32\blank.htm

uStart Page = about:blank

mLocal Page = c:\windows\SysWOW64\blank.htm

uInternet Settings,ProxyOverride = *.local;<local>

IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000

IE: SmarThru4 Als HTML speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll1.htm

IE: SmarThru4 Auswahl erfassen - c:\program files (x86)\SmarThru 4\WebCapture.dll2.htm

IE: SmarThru4 Capture Selection - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll2.htm

IE: SmarThru4 Markierten Text speichern - c:\program files (x86)\SmarThru 4\WebCapture.dll.htm

IE: SmarThru4 Save as HTML - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll1.htm

IE: SmarThru4 Save Selected Text - c:\program files (x86)\SmarThru 4\x64\WebCapture.dll.htm

IE: SmarThru4 Web Capture - c:\program files (x86)\SmarThru 4\WebCapture.dll

Trusted Zone: aeriagames.com

TCP: DhcpNameServer = 192.168.178.1

FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\406zyrw7.default\

FF - prefs.js: network.proxy.type - 0

FF - ExtSQL: 2013-04-14 11:01; content_blocker@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com

FF - ExtSQL: 2013-04-14 11:01; url_advisor@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com

FF - ExtSQL: 2013-04-14 11:01; virtual_keyboard@kaspersky.com; c:\program files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com

.

.

--------------------- Gesperrte Registrierungsschluessel ---------------------

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="FlashBroker"

"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]

"Enabled"=dword:00000001

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Shockwave Flash Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]

@="0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]

@="ShockwaveFlash.ShockwaveFlash.11"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="ShockwaveFlash.ShockwaveFlash"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]

@Denied: (A 2) (Everyone)

@="Macromedia Flash Factory Object"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx"

"ThreadingModel"="Apartment"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]

@="FlashFactory.FlashFactory.1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]

@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_6_602_180.ocx, 1"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]

@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]

@="1.0"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]

@="FlashFactory.FlashFactory"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]

@Denied: (A 2) (Everyone)

@="IFlashBroker5"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]

@="{00020424-0000-0000-C000-000000000046}"

.

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]

@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

"Version"="1.0"

.

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]

@Denied: (Full) (Everyone)

.

------------------------ Weitere laufende Prozesse ------------------------

.

c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

.

**************************************************************************

.

Zeit der Fertigstellung: 2013-04-16  17:37:33 - PC wurde neu gestartet

ComboFix-quarantined-files.txt  2013-04-16 15:37

ComboFix2.txt  2013-04-16 14:32

.

Vor Suchlauf: 13 Verzeichnis(se), 27.251.503.104 Bytes frei

Nach Suchlauf: 15 Verzeichnis(se), 26.789.621.760 Bytes frei

.

- - End Of File - - 37E86C2AEB6697C9C1FEA929CC4C480A[/QUOTE]

--- --- ---

OTL

OTL Logfile:

Code:

OTL logfile created on: 16.04.2013 17:41:52 - Run 2

OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Michi\Desktop

64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation

Internet Explorer (Version = 9.0.8112.16421)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

7,90 Gb Total Physical Memory | 5,74 Gb Available Physical Memory | 72,66% Memory free

15,79 Gb Paging File | 13,44 Gb Available in Paging File | 85,07% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)

Drive C: | 97,56 Gb Total Space | 25,06 Gb Free Space | 25,68% Space Free | Partition Type: NTFS

Drive D: | 976,56 Gb Total Space | 725,37 Gb Free Space | 74,28% Space Free | Partition Type: NTFS

Drive E: | 788,80 Gb Total Space | 720,63 Gb Free Space | 91,36% Space Free | Partition Type: NTFS

Drive G: | 465,76 Gb Total Space | 59,99 Gb Free Space | 12,88% Space Free | Partition Type: NTFS

Drive H: | 3,73 Gb Total Space | 0,19 Gb Free Space | 5,11% Space Free | Partition Type: FAT32

 

Computer Name: MICHI-PC | User Name: Michi | Logged in as Administrator.

Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

 
 ========== Processes (SafeList) ==========

 

PRC - [2013.04.14 11:00:00 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe

PRC - [2013.04.12 23:41:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe

PRC - [2013.04.12 08:20:01 | 000,920,472 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe

PRC - [2013.04.08 22:33:42 | 001,917,464 | ---- | M] (Aeria Games & Entertainment) -- C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe

PRC - [2013.03.29 21:53:56 | 001,631,144 | ---- | M] (Valve Corporation) -- D:\Steam\Steam.exe

PRC - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe

PRC - [2013.03.26 09:34:37 | 003,497,552 | ---- | M] (Electronic Arts) -- E:\Origin\Origin.exe

PRC - [2013.03.14 17:31:23 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe

PRC - [2013.01.26 08:08:50 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe

PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe

PRC - [2013.01.04 22:56:08 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe

PRC - [2012.12.15 17:33:43 | 026,596,344 | ---- | M] (ICQ) -- C:\Users\Michi\AppData\Roaming\ICQM\icq.exe

PRC - [2012.12.15 16:59:22 | 005,019,360 | ---- | M] (FNet Co., Ltd.) -- C:\Program Files (x86)\XFastUSB\XFastUsb.exe

PRC - [2012.12.12 14:57:10 | 000,152,544 | ---- | M] (Apple Inc.) -- E:\iTunesHelper.exe

PRC - [2012.06.20 18:13:12 | 000,074,752 | ---- | M] (Nullsoft, Inc.) -- E:\Winamp\winampa.exe

PRC - [2012.05.30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe

PRC - [2012.05.30 15:00:00 | 000,284,480 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe

PRC - [2012.02.28 18:13:56 | 000,363,800 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe

PRC - [2012.02.28 18:13:54 | 000,277,784 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe

PRC - [2012.02.26 21:01:56 | 000,291,608 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe

PRC - [2012.02.21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe

PRC - [2012.02.21 13:29:28 | 000,128,280 | ---- | M] () -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe

PRC - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () -- C:\Windows\SysWOW64\ASGT.exe

PRC - [2011.05.19 12:10:22 | 000,909,824 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe

PRC - [2010.11.21 05:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe

PRC - [2009.02.27 06:03:15 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

PRC - [2009.01.30 13:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

 

 
 ========== Modules (No Company Name) ==========

 

MOD - [2013.04.12 08:20:01 | 003,133,336 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll

MOD - [2013.03.29 21:53:56 | 001,114,024 | ---- | M] () -- D:\Steam\bin\chromehtml.dll

MOD - [2013.03.27 02:16:40 | 020,341,672 | ---- | M] () -- D:\Steam\bin\libcef.dll

MOD - [2013.03.26 09:35:23 | 000,062,976 | ---- | M] () -- E:\Origin\tufao.dll

MOD - [2013.03.26 00:23:34 | 000,651,776 | ---- | M] () -- D:\Steam\SDL2.dll

MOD - [2013.03.14 17:31:23 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll

MOD - [2013.02.14 18:14:45 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\5ecf01964c70e453d71e5d7653912ff9\System.Web.ni.dll

MOD - [2013.02.14 18:14:39 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll

MOD - [2013.02.14 00:39:11 | 013,199,360 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\39f4c7717661667c68f9af8c4f6402b9\System.Windows.Forms.ni.dll

MOD - [2013.01.10 19:06:27 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\ac9e3eca6c148504588e7c6d09fe83e3\System.Management.ni.dll

MOD - [2013.01.10 19:05:41 | 000,787,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.ni.dll

MOD - [2013.01.10 19:05:41 | 000,236,032 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\1d254fbc811d0de6c54a9d9c428c4497\System.EnterpriseServices.Wrapper.dll

MOD - [2013.01.10 19:05:40 | 000,649,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Transactions\dcb0e7d56ffca14d7c483103235b11ad\System.Transactions.ni.dll

MOD - [2013.01.10 19:05:39 | 002,647,040 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Seri#\910fe53ec2122cf3a2ad11c2b2f5cbfd\System.Runtime.Serialization.ni.dll

MOD - [2013.01.10 19:05:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\866894ebe5258bf9f45d6b063229e990\System.Xaml.ni.dll

MOD - [2013.01.10 19:04:20 | 000,489,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\c484ce0997e68573a00dc6cddf16e2ac\IAStorUtil.ni.dll

MOD - [2013.01.10 19:04:20 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\a9f8b35698a9a28f22861f7b814b79bc\IAStorCommon.ni.dll

MOD - [2013.01.09 23:52:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll

MOD - [2013.01.09 23:51:43 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll

MOD - [2013.01.09 23:51:35 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll

MOD - [2013.01.09 23:51:33 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll

MOD - [2013.01.09 23:51:30 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll

MOD - [2013.01.09 23:51:29 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll

MOD - [2013.01.09 23:51:24 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll

MOD - [2013.01.09 18:22:03 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\14f511c47523f19ca591eb207e9e2084\PresentationFramework.ni.dll

MOD - [2013.01.09 18:21:55 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\e10fd15441d278c04a03302880a3e231\PresentationCore.ni.dll

MOD - [2013.01.09 18:21:55 | 006,815,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\9071f089ab65d518d1bd7e8fa857a95f\System.Data.ni.dll

MOD - [2013.01.09 18:21:52 | 007,069,696 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\27dcf04ed7a3506045597c02a5a1fc31\System.Core.ni.dll

MOD - [2013.01.09 18:21:52 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\dfeff31ab1e7cd3480c8942290c92f5d\PresentationFramework.Aero.ni.dll

MOD - [2013.01.09 18:21:50 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\43cd41484df96d15df949eb17dd88152\System.Xml.ni.dll

MOD - [2013.01.09 18:21:50 | 003,858,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\7a9ff5ce3a909d075179a2ac70d8f388\WindowsBase.ni.dll

MOD - [2013.01.09 18:21:49 | 001,667,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b573c6a62bb88df0ee2af59b6a8ca910\System.Drawing.ni.dll

MOD - [2013.01.09 18:21:48 | 009,094,656 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\15872842e3e63ddf0f720f406706198e\System.ni.dll

MOD - [2013.01.09 18:21:48 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\5de5d8c1c02e33789e3cf7e3f54c0ec9\System.Configuration.ni.dll

MOD - [2013.01.09 18:21:45 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3f95a6d480ed1ebe45cf27b770ba94ed\mscorlib.ni.dll

MOD - [2013.01.04 22:56:08 | 003,093,624 | ---- | M] () -- C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe

MOD - [2012.12.15 17:33:44 | 000,851,456 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll

MOD - [2012.12.12 07:32:26 | 005,025,792 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll

MOD - [2012.12.11 19:51:10 | 001,100,800 | ---- | M] () -- D:\Steam\bin\avcodec-53.dll

MOD - [2012.12.11 19:51:10 | 000,192,000 | ---- | M] () -- D:\Steam\bin\avformat-53.dll

MOD - [2012.12.11 19:51:10 | 000,124,416 | ---- | M] () -- D:\Steam\bin\avutil-51.dll

MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

MOD - [2012.10.05 12:53:24 | 003,198,976 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll

MOD - [2012.10.05 12:53:24 | 000,630,784 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll

MOD - [2012.08.31 12:59:19 | 004,550,656 | ---- | M] () -- C:\Windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll

MOD - [2012.08.17 21:40:16 | 000,068,024 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\QtWebKit\qmlwebkitplugin4.dll

MOD - [2012.08.17 21:38:56 | 000,479,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\dblite.dll

MOD - [2012.05.15 12:48:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll

MOD - [2012.03.12 12:14:06 | 000,376,608 | ---- | M] () -- C:\Programme\Lucidlogix Technologies\VIRTU MVP\x86\lucidoglu.dll

MOD - [2012.03.12 12:14:04 | 000,561,440 | ---- | M] () -- C:\Programme\Lucidlogix Technologies\VIRTU MVP\x86\LoaderExtension.dll

MOD - [2012.02.11 01:31:42 | 001,253,376 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll

MOD - [2012.02.11 01:31:41 | 005,283,840 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll

MOD - [2012.02.11 01:31:40 | 004,218,880 | ---- | M] () -- C:\Windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll

MOD - [2011.05.04 17:32:20 | 000,094,208 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\de-DE\THXAudNB.resources.dll

MOD - [2011.04.12 09:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll

MOD - [2010.11.21 05:24:32 | 000,425,984 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll

MOD - [2010.11.21 05:24:23 | 000,610,304 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll

MOD - [2010.11.21 05:23:48 | 002,048,000 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll

MOD - [2010.11.21 05:23:48 | 000,303,104 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll

MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll

MOD - [2009.06.10 23:22:40 | 000,010,752 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll

MOD - [2009.02.27 06:03:15 | 000,552,960 | ---- | M] () -- C:\Windows\Samsung\PanelMgr\SSMMgr.exe

MOD - [2009.01.30 13:41:45 | 000,503,808 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\Scan2Pc.exe

MOD - [2008.06.26 04:46:07 | 001,384,520 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\SSOle.dll

MOD - [2008.06.26 04:45:14 | 000,367,104 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\NetModule.dll

MOD - [2008.06.26 04:45:06 | 000,155,648 | ---- | M] () -- C:\Windows\twain_32\Samsung\CLX3170\IMFilter.dll

 

 
 ========== Services (SafeList) ==========

 

SRV - [2013.04.14 11:00:00 | 000,356,376 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe -- (AVP)

SRV - [2013.04.12 08:20:01 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)

SRV - [2013.03.29 21:53:56 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)

SRV - [2013.03.14 17:31:23 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)

SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)

SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)

SRV - [2012.12.03 17:47:14 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)

SRV - [2012.05.30 15:00:02 | 000,013,632 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)

SRV - [2012.05.24 09:16:54 | 000,276,288 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)

SRV - [2012.02.28 18:13:56 | 000,363,800 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)

SRV - [2012.02.28 18:13:54 | 000,277,784 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)

SRV - [2012.02.21 13:29:38 | 000,161,560 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe -- (jhi_service)

SRV - [2012.02.21 13:29:28 | 000,128,280 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe -- (Intel(R)

SRV - [2012.02.09 17:26:48 | 000,133,632 | ---- | M] () [Auto | Running] -- C:\Programme\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe -- (ISCTAgent)

SRV - [2012.02.02 23:29:52 | 000,628,448 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\iCLS Client\HeciServer.exe -- (Intel(R)

SRV - [2012.01.17 12:24:10 | 000,055,296 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\ASGT.exe -- (ASGT)

SRV - [2011.10.19 17:19:30 | 000,395,136 | R--- | M] (cFos Software GmbH) [Auto | Running] -- C:\Programme\ASRock\XFast LAN\spd.exe -- (cFosSpeedS)

SRV - [2010.10.12 19:59:12 | 000,206,072 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe -- (GamesAppService)

SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)

SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV:64bit: - [2013.04.16 17:38:55 | 000,034,752 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys -- (WPRO_41_2001)

DRV:64bit: - [2013.04.14 11:01:43 | 000,613,720 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)

DRV:64bit: - [2013.04.14 11:01:43 | 000,054,104 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kltdi.sys -- (kltdi)

DRV:64bit: - [2013.01.31 21:42:36 | 000,032,320 | ---- | M] (FNet Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FNETTBOH_305.SYS -- (FNETTBOH_305)

DRV:64bit: - [2012.12.15 16:59:22 | 000,015,936 | ---- | M] (FNet Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\FNETURPX.SYS -- (FNETURPX)

DRV:64bit: - [2012.10.25 12:42:02 | 000,029,528 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)

DRV:64bit: - [2012.10.25 12:42:02 | 000,029,016 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klkbdflt.sys -- (klkbdflt)

DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)

DRV:64bit: - [2012.08.13 16:49:40 | 000,178,008 | ---- | M] (Kaspersky Lab) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kneps.sys -- (kneps)

DRV:64bit: - [2012.08.02 15:09:34 | 000,028,504 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)

DRV:64bit: - [2012.07.03 17:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)

DRV:64bit: - [2012.06.19 17:28:12 | 000,458,584 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (kl1)

DRV:64bit: - [2012.05.30 14:42:10 | 000,569,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)

DRV:64bit: - [2012.05.21 06:04:18 | 014,759,520 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)

DRV:64bit: - [2012.03.12 12:15:42 | 000,066,336 | ---- | M] (Lucidlogix Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VirtuWDDM.sys -- (VirtuWDDM)

DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)

DRV:64bit: - [2012.02.26 21:01:00 | 000,788,760 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)

DRV:64bit: - [2012.02.26 21:01:00 | 000,356,120 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)

DRV:64bit: - [2012.02.26 21:01:00 | 000,016,152 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)

DRV:64bit: - [2012.02.09 17:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ISCTD64.sys -- (ISCT)

DRV:64bit: - [2012.02.09 17:24:16 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\imsevent.sys -- (imsevent)

DRV:64bit: - [2012.02.09 17:24:14 | 000,025,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ikbevent.sys -- (ikbevent)

DRV:64bit: - [2012.01.13 13:52:38 | 000,031,016 | ---- | M] (ASRock Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AsrRamDisk.sys -- (AsrRamDisk)

DRV:64bit: - [2011.12.05 22:23:08 | 000,331,264 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)

DRV:64bit: - [2011.11.10 02:04:14 | 000,060,184 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)

DRV:64bit: - [2011.08.23 15:57:24 | 000,565,352 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)

DRV:64bit: - [2011.07.04 16:19:34 | 001,632,128 | ---- | M] (cFos Software GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\cfosspeed6.sys -- (cFosSpeed)

DRV:64bit: - [2011.05.10 17:28:48 | 000,017,192 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AsrAppCharger.sys -- (AsrAppCharger)

DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)

DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)

DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)

DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)

DRV:64bit: - [2009.11.18 01:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt)

DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)

DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)

DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)

DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)

DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)

DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)

DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)

DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)

DRV:64bit: - [2007.10.22 08:58:43 | 000,011,576 | R--- | M] (Samsung Electronics) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\SSPORT.SYS -- (SSPORT)

DRV:64bit: - [2007.10.22 08:55:45 | 000,054,072 | R--- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\DgivEcp.sys -- (DgiVecp)

DRV - [2013.03.26 15:33:45 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- D:\Scarlet Blade\ScarletBlade\avital\scarlb64.sys -- (slb)

DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 

IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm

IE - HKLM\..\SearchScopes,DefaultScope = 

IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC

 

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank

IE - HKCU\..\SearchScopes,DefaultScope = 

IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

 
 ========== FireFox ==========

 

FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.8

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1

FF - prefs.js..network.proxy.type: 0

FF - user.js - File not found

 

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: E:\VLC\npvlc.dll (VideoLAN)

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: E:\Mozilla Plugins\npitunes.dll ()

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.59: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)

FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()

FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\url_advisor@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\url_advisor@kaspersky.com [2013.04.14 11:01:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtual_keyboard@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\virtual_keyboard@kaspersky.com [2013.04.14 11:01:45 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\content_blocker@kaspersky.com: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\FFExt\content_blocker@kaspersky.com [2013.04.14 11:01:44 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:20:01 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:20:00 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.12 08:20:01 | 000,000,000 | ---D | M]

FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 08:20:00 | 000,000,000 | ---D | M]

 

[2012.12.15 17:05:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions

[2013.04.12 20:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\406zyrw7.default\extensions

[2013.04.05 12:36:12 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\406zyrw7.default\extensions\ich@maltegoetz.de

[2013.04.12 08:20:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions

[2013.04.12 08:20:01 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll

[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll

[2012.11.29 11:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml

[2012.11.29 11:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml

[2012.11.29 11:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml

[2012.11.29 11:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml

[2012.11.29 11:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml

[2012.11.29 11:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

 

O1 HOSTS File: ([2013.04.16 17:35:27 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts

O1 - Hosts: 127.0.0.1       localhost

O2:64bit: - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2:64bit: - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O2 - BHO: (Content Blocker Plugin) - {5564CC73-EFA7-4CBF-918A-5CF7FBBFFF4F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\ContentBlocker\ie_content_blocker_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (Virtual Keyboard Plugin) - {73455575-E40C-433C-9784-C78DC7761455} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O2 - BHO: (URL Advisor Plugin) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)

O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

O4:64bit: - HKLM..\Run: [THXCfg64] C:\Windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.)

O4:64bit: - HKLM..\Run: [VIRTU MVP] C:\Program Files\Lucidlogix Technologies\VIRTU MVP\MVPControlPanel.Exe ()

O4:64bit: - HKLM..\Run: [XFast LAN] C:\Programme\ASRock\XFast LAN\cfosspeed.exe (cFos Software GmbH)

O4 - HKLM..\Run: [3170 Scan2PC] C:\Windows\Twain_32\Samsung\CLX3170\Scan2pc.exe ()

O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)

O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)

O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\avp.exe (Kaspersky Lab ZAO)

O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation)

O4 - HKLM..\Run: [iTunesHelper] E:\iTunesHelper.exe (Apple Inc.)

O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\SSMMgr.exe ()

O4 - HKLM..\Run: [THX TruStudio NB Settings] C:\Program Files (x86)\Creative\THX TruStudio\THXNBSet\THXAudNB.exe (Creative Technology Ltd)

O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.)

O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation)

O4 - HKLM..\Run: [WinampAgent] E:\Winamp\winampa.exe (Nullsoft, Inc.)

O4 - HKLM..\Run: [XFastUSB] C:\Program Files (x86)\XFastUSB\XFastUsb.exe (FNet Co., Ltd.)

O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Michi\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)

O4 - HKCU..\Run: [EADM] E:\Origin\Origin.exe (Electronic Arts)

O4 - HKCU..\Run: [icq] C:\Users\Michi\AppData\Roaming\ICQM\icq.exe (ICQ)

O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()

O4 - HKCU..\Run: [Steam] D:\Steam\steam.exe (Valve Corporation)

O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0

O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8:64bit: - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()

O8:64bit: - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()

O8:64bit: - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()

O8:64bit: - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()

O8:64bit: - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()

O8:64bit: - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()

O8:64bit: - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()

O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found

O8 - Extra context menu item: SmarThru4 Als HTML speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Auswahl erfassen - C:\Program Files (x86)\SmarThru 4\WebCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Capture Selection - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll2.htm ()

O8 - Extra context menu item: SmarThru4 Markierten Text speichern - C:\Program Files (x86)\SmarThru 4\WebCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Save as HTML - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll1.htm ()

O8 - Extra context menu item: SmarThru4 Save Selected Text - C:\Program Files (x86)\SmarThru 4\x64\WebCapture.dll.htm ()

O8 - Extra context menu item: SmarThru4 Web Capture - C:\Program Files (x86)\SmarThru 4\WebCapture.dll ()

O9:64bit: - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9:64bit: - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\x64\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Virtuelle Tastatur - {0C4CC089-D306-440D-9772-464E226F6539} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\VirtualKeyboard\ie_virtual_keyboard_plugin.dll (Kaspersky Lab ZAO)

O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)

O9 - Extra Button: Links untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Anti-Virus 2013\IEExt\UrlAdvisor\klwtbbho.dll (Kaspersky Lab ZAO)

O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)

O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{981E5BBA-EBAF-44DF-8189-3E5A52BD054C}: DhcpNameServer = 192.168.178.1

O18:64bit: - Protocol\Handler\ms-help - No CLSID value found

O18:64bit: - Protocol\Handler\skype4com - No CLSID value found

O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)

O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\appinit_dll.dll) - C:\Windows\SysNative\appinit_dll.dll (Lucidlogix Inc.)

O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (c:\Windows\SysWOW64\appinit_dll.dll) - c:\Windows\SysWOW64\appinit_dll.dll (Lucidlogix Inc.)

O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)

O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)

O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)

O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)

O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2013.04.12 22:34:56 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *)

O35:64bit: - HKLM\..comfile [open] -- "%1" %*

O35:64bit: - HKLM\..exefile [open] -- "%1" %*

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*

O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*

O37 - HKLM\...com [@ = ComFile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)

O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013.04.16 17:35:29 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN

[2013.04.16 17:34:18 | 000,000,000 | ---D | C] -- C:\Windows\temp

[2013.04.16 17:26:55 | 005,054,270 | R--- | C] (Swearware) -- C:\Users\Michi\Desktop\ComboFix.exe

[2013.04.16 16:26:50 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe

[2013.04.16 16:26:50 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe

[2013.04.16 16:26:49 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe

[2013.04.16 16:26:43 | 000,000,000 | ---D | C] -- C:\Qoobox

[2013.04.16 16:26:36 | 000,000,000 | ---D | C] -- C:\Windows\erdnt

[2013.04.16 16:18:02 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT

[2013.04.16 16:17:52 | 000,000,000 | ---D | C] -- C:\JRT

[2013.04.16 16:16:46 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Michi\Desktop\JRT.exe

[2013.04.16 05:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames

[2013.04.16 05:20:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games

[2013.04.14 10:58:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Kaspersky Anti-Virus 2013

[2013.04.14 10:58:30 | 000,064,856 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\klfphc.dll

[2013.04.14 10:58:15 | 000,000,000 | ---D | C] -- C:\Windows\ELAMBKUP

[2013.04.14 10:58:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab

[2013.04.14 10:58:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Kaspersky Lab

[2013.04.14 10:58:10 | 000,613,720 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2013.04.14 10:58:10 | 000,089,432 | ---- | C] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klflt.sys

[2013.04.13 10:18:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype

[2013.04.13 00:06:39 | 000,000,000 | ---D | C] -- C:\Windows\Minidump

[2013.04.12 23:41:58 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe

[2013.04.12 18:37:15 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\My Cheat Tables

[2013.04.12 18:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cheat Engine 6.2

[2013.04.12 08:20:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox

[2013.04.05 22:36:55 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\uTorrent

[2013.04.03 00:24:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox.bak

[2013.03.30 14:55:58 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\WinZip

[2013.03.30 14:55:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinZip

[2013.03.30 14:55:33 | 000,000,000 | ---D | C] -- C:\ProgramData\WinZip

[2013.03.28 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Michi\Documents\Bioshock

[2013.03.28 16:41:57 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Bioshock

[2013.03.26 15:56:48 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam

[2013.03.26 14:08:01 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Aeria Games

[2013.03.26 14:07:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games

[2013.03.26 14:07:22 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames

[2013.03.26 14:04:45 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Aeria Games & Entertainment

[2013.03.26 13:39:12 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Akamai

[2013.03.26 13:39:10 | 000,000,000 | ---D | C] -- C:\AeriaGames

[2013.03.24 21:20:54 | 000,000,000 | ---D | C] -- C:\ProgramData\EA Core

[2013.03.24 21:17:23 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Origin

[2013.03.24 21:17:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Electronic Arts

[2013.03.24 21:17:22 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Origin

[2013.03.24 21:16:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin

[2013.03.24 20:46:25 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Electronic Arts

[2013.03.24 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin

[2013.03.24 20:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts

[2013.03.24 18:57:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\EA Games

[2013.03.22 17:15:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft

[2013.03.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\DVDVideoSoft

[2013.03.22 17:15:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013.04.16 17:41:06 | 000,165,376 | ---- | M] () -- C:\Users\Michi\Desktop\SystemLook_x64.exe

[2013.04.16 17:39:05 | 000,000,828 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job

[2013.04.16 17:38:55 | 000,034,752 | ---- | M] () -- C:\Windows\SysNative\drivers\WPRO_41_2001.sys

[2013.04.16 17:38:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat

[2013.04.16 17:38:43 | 2064,912,383 | -HS- | M] () -- C:\hiberfil.sys

[2013.04.16 17:38:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013.04.16 17:38:24 | 000,021,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013.04.16 17:35:27 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts

[2013.04.16 17:31:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job

[2013.04.16 17:27:13 | 005,054,270 | R--- | M] (Swearware) -- C:\Users\Michi\Desktop\ComboFix.exe

[2013.04.16 16:47:05 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI

[2013.04.16 16:47:05 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat

[2013.04.16 16:47:05 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat

[2013.04.16 16:47:05 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat

[2013.04.16 16:47:05 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat

[2013.04.16 16:16:52 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Michi\Desktop\JRT.exe

[2013.04.16 16:12:46 | 000,613,083 | ---- | M] () -- C:\Users\Michi\Desktop\adwcleaner.exe

[2013.04.15 19:59:00 | 000,000,830 | ---- | M] () -- C:\Windows\tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job

[2013.04.14 11:01:43 | 000,613,720 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\klif.sys

[2013.04.14 11:01:43 | 000,054,104 | ---- | M] (Kaspersky Lab) -- C:\Windows\SysNative\drivers\kltdi.sys

[2013.04.12 23:54:24 | 000,000,000 | ---- | M] () -- C:\Users\Michi\defogger_reenable

[2013.04.12 23:44:09 | 000,000,162 | ---- | M] () -- C:\Windows\Reimage.ini

[2013.04.12 23:42:26 | 000,377,856 | ---- | M] () -- C:\Users\Michi\Desktop\gmer_2.1.19163.exe

[2013.04.12 23:41:58 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Michi\Desktop\OTL.exe

[2013.04.12 23:41:27 | 000,050,477 | ---- | M] () -- C:\Users\Michi\Desktop\Defogger.exe

[2013.04.12 22:34:56 | 000,000,000 | ---- | M] () -- C:\autoexec.bat

[2013.04.11 16:19:37 | 000,298,240 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT

[2013.04.05 22:37:16 | 000,000,813 | ---- | M] () -- C:\Users\Michi\Desktop\µTorrent.lnk

[2013.03.22 16:07:38 | 000,010,763 | ---- | M] () -- C:\Users\Michi\AppData\Roaming\SmarThruOptions.xml

[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013.04.16 17:41:05 | 000,165,376 | ---- | C] () -- C:\Users\Michi\Desktop\SystemLook_x64.exe

[2013.04.16 16:26:50 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe

[2013.04.16 16:26:50 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe

[2013.04.16 16:26:50 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe

[2013.04.16 16:26:50 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe

[2013.04.16 16:26:50 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe

[2013.04.16 16:12:41 | 000,613,083 | ---- | C] () -- C:\Users\Michi\Desktop\adwcleaner.exe

[2013.04.12 23:54:24 | 000,000,000 | ---- | C] () -- C:\Users\Michi\defogger_reenable

[2013.04.12 23:42:48 | 000,000,162 | ---- | C] () -- C:\Windows\Reimage.ini

[2013.04.12 23:42:26 | 000,377,856 | ---- | C] () -- C:\Users\Michi\Desktop\gmer_2.1.19163.exe

[2013.04.12 23:41:26 | 000,050,477 | ---- | C] () -- C:\Users\Michi\Desktop\Defogger.exe

[2013.04.12 22:34:56 | 000,000,000 | ---- | C] () -- C:\autoexec.bat

[2013.04.05 22:37:16 | 000,000,813 | ---- | C] () -- C:\Users\Michi\Desktop\µTorrent.lnk

[2012.12.16 00:44:04 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe

[2012.12.16 00:43:59 | 000,010,763 | ---- | C] () -- C:\Users\Michi\AppData\Roaming\SmarThruOptions.xml

[2012.12.16 00:43:49 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\SvcMan.exe

[2012.12.16 00:43:45 | 000,172,032 | ---- | C] () -- C:\Windows\SysWow64\SecSNMP.dll

[2012.12.16 00:43:41 | 000,000,136 | ---- | C] () -- C:\Windows\Readiris.ini

[2012.12.16 00:43:39 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\irisco32.dll

[2012.12.16 00:42:33 | 000,110,592 | R--- | C] () -- C:\Windows\Wiainst.exe

[2012.12.15 17:02:34 | 000,001,424 | ---- | C] () -- C:\Windows\THXCfg_SP_APOIM.ini

[2012.12.15 17:02:34 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_HP_APOIM.ini

[2012.12.15 17:02:34 | 000,001,323 | ---- | C] () -- C:\Windows\THXCfg_APOIM.ini

[2012.12.15 17:02:31 | 000,190,464 | ---- | C] () -- C:\Windows\SysWow64\APOMngr.DLL

[2012.12.15 17:02:31 | 000,073,728 | ---- | C] () -- C:\Windows\SysWow64\CmdRtr.DLL

[2012.12.15 16:59:29 | 000,000,003 | ---- | C] () -- C:\Users\Michi\AppData\Local\user_data.ini

[2012.12.15 16:48:54 | 000,058,880 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll

[2012.12.15 16:48:53 | 013,026,816 | ---- | C] () -- C:\Windows\SysWow64\ig7icd32.dll

[2012.12.15 16:48:53 | 000,755,572 | ---- | C] () -- C:\Windows\SysWow64\igkrng700.bin

[2012.12.15 16:48:53 | 000,559,972 | ---- | C] () -- C:\Windows\SysWow64\igfcg700m.bin

[2012.02.02 23:08:26 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll

[2012.01.17 12:24:10 | 000,055,296 | ---- | C] () -- C:\Windows\SysWow64\ASGT.exe

 
 ========== ZeroAccess Check ==========

 

[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

 

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

 

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Apartment

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]

"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Free

 

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64

"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)

"ThreadingModel" = Both

 

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

 
 ========== LOP Check ==========

 

[2013.01.07 00:33:55 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\7road

[2013.03.26 14:04:45 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Aeria Games & Entertainment

[2013.03.17 12:12:49 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Awesomium

[2013.04.06 12:45:33 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Bioshock

[2012.12.23 02:21:09 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Day 1 Studios

[2013.03.22 17:15:27 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DVDVideoSoft

[2013.01.14 20:12:48 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\fltk.org

[2012.12.18 00:26:01 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICQ-Profile

[2012.12.15 17:33:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\ICQM

[2012.12.15 17:50:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\IrfanView

[2013.01.05 00:01:42 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\LolClient

[2012.12.21 03:07:04 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Natural Selection 2

[2013.03.25 08:16:40 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Origin

[2012.12.16 00:44:01 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\SmarThru4

[2013.02.10 18:59:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TS3Client

[2013.04.16 16:11:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\uTorrent

[2013.02.07 10:21:02 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\WildTangent

[2012.12.20 10:50:44 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\XMedia Recode

 
 ========== Purity Check ==========

 

 
 

< End of report >

--- --- ---

SystemLook

Zitat:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:47 on 16/04/2013 by Michi
Administrator - Elevation successful

========== folderfind ==========

Searching for "*babylon*"
No folders found.

Searching for "*opencandy*"
No folders found.

Searching for "*DataMngr*"
No folders found.

========== regfind ==========

Searching for "babylon"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}]
"DllName"="BabylonToolbar.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

Searching for "opencandy"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunAsStandardUserF2CFF456307749868B037947A5A0AB07]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OpenCandyHelperRunOnce98D4FCAE35714EE9BF35A1008585A784]

Searching for "DataMngr"
No data found.

-= EOF =-