do-search Hijack nach Flashaktualisierung

30.11.2013, 10:30

Geronimo73

Member

Beiträge: 18

#1 Guten Morgen!

Seit gestern der Flash-Player aktualisiert wurde starten alle Browser auf einer do-search-Seite und das lässt sich nicht dauerhaft ändern.

Zitat

OTL logfile created on: 30.11.2013 09:44:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guido\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,84 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 41,10% Memory free
7,68 Gb Paging File | 5,37 Gb Available in Paging File | 69,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,49 Gb Total Space | 80,70 Gb Free Space | 28,57% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION-LR1 | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Processes (SafeList) ==========[/color]

PRC - File not found
PRC - C:\Users\Guido\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
PRC - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
PRC - C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
PRC - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
PRC - C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
PRC - C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer Bio Protection\CompPtcVUI.exe (Egis Technology Inc.)
PRC - C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)

[color=#E56717]========== Modules (No Company Name) ==========[/color]

MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\d8f4106eee38420ac5eda7d630dc53fc\System.ServiceProcess.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\ea3406b1357f932b76236c4ea85b0747\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\c8648331484537c338fe2b606a9db8b7\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\e9147e4c70d4e387dc4aea59ce0a219a\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\99bbd3424207d205e9e680fa712dba04\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\b1ff5e4a64c0bb0a9b039aaefcde5ea7\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\b7285e9f3d19a05d5cc2c049e451685d\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\85a501f8b0cb271f1bfab6532523ac3c\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\55c245966c0b23a47587c18681457e48\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\08c630893416f3379c9455870908ad6c\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\a01e07e47ecdd94ae099e8c4bf650516\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\sqlite3.dll ()
MOD - C:\Users\Guido\AppData\Roaming\Dropbox\bin\libcef.dll ()
MOD - C:\Users\Guido\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll ()
MOD - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\wincfi39.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll ()
MOD - C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ()

[color=#E56717]========== Services (SafeList) ==========[/color]

SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (O2FLASH) -- C:\Windows\SysNative\drivers\o2flash.exe (O2Micro International)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ccSvcHst.exe (Symantec Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Sony PC Companion) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe (Avanquest Software)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (Netzmanager Service) -- C:\Programme\Netzmanager\NMInfraIS2\Netzmanager_Service.exe (Deutsche Telekom AG)
SRV - (HPSLPSVC) -- C:\Users\Guido\AppData\Local\Temp\7zS10F0\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer PowerSmart Manager\ePowerSvc.exe (Acer Incorporated)
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\\MWLService.exe ()
SRV - (IGBASVC) -- C:\Program Files (x86)\Acer Bio Protection\BASVC.exe (Egis Technology Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (RS_Service) -- C:\Program Files (x86)\Acer\Acer VCM\RS_Service.exe (Acer Incorporated)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (IAANTMON) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation)
SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation)

[color=#E56717]========== Driver Services (SafeList) ==========[/color]

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation)
DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr))
DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symefa64.sys (Symantec Corporation)
DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symds64.sys (Symantec Corporation)
DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtsp64.sys (Symantec Corporation)
DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\symnets.sys (Symantec Corporation)
DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ccsetx64.sys (Symantec Corporation)
DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\ironx64.sys (Symantec Corporation)
DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\N360x64\1404000.028\srtspx64.sys (Symantec Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ggsemc) -- C:\Windows\SysNative\drivers\ggsemc.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (ggflt) -- C:\Windows\SysNative\drivers\ggflt.sys (Sony Ericsson Mobile Communications)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (AVEO) -- C:\Windows\SysNative\drivers\AVEOdcnt.sys (AVEO Corp)
DRV:64bit: - (FPSensor) -- C:\Windows\SysNative\drivers\FPSensor.sys (Egistec)
DRV:64bit: - (NETw5s64) -- C:\Windows\SysNative\drivers\NETw5s64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (intelkmd) -- C:\Windows\SysNative\drivers\igdpmd64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (nuvotoncir) -- C:\Windows\SysNative\drivers\nuvotoncir.sys (Nuvoton Technology Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\NETw5v64.sys (Intel Corporation)
DRV:64bit: - (O2MDGRDR) -- C:\Windows\SysNative\drivers\o2mdgx64.sys (O2Micro )
DRV:64bit: - (O2SDGRDR) -- C:\Windows\SysNative\drivers\o2sdgx64.sys (O2Micro )
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NewTech Infosystems Corporation)
DRV:64bit: - (KMWDFILTER) -- C:\Windows\SysNative\drivers\KMWDFILTER.sys (Windows (R) Codename Longhorn DDK provider)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (int15.sys) -- C:\Windows\SysNative\OEM\factory\int15.sys (Acer, Inc.)
DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131129.009\ex64.sys (Symantec Corporation)
DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20131129.009\eng64.sys (Symantec Corporation)
DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20131128.001\IDSviA64.sys (Symantec Corporation)
DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20131114.001\BHDrvx64.sys (Symantec Corporation)
DRV - (TelekomNM6) -- C:\Programme\Netzmanager\NMInfraIS2\Driver\TelekomNM6.sys (Deutsche Telekom AG AG, Marmiko IT-Solutions GmbH)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)

[color=#E56717]========== Standard Registry (SafeList) ==========[/color]

[color=#E56717]========== Internet Explorer ==========[/color]

IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX&q={searchTerms}
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://do-search.com/web/?type=ds&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://do-search.com/web/?type=ds&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://do-search.com/?type=hp&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://do-search.com/?type=hp&ts=1385714217&from=tugs&uid=HitachiXHTS545032B9A300_090813PB5306Q6C97ETGX
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.bild.de/
IE - HKCU\..\URLSearchHook: - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {76E1A5B3-9B92-4AC1-A451-24247647A44B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{76E1A5B3-9B92-4AC1-A451-24247647A44B}: "URL" = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

[color=#E56717]========== FireFox ==========[/color]

FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.165\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\sony.com/MediaGoDetector: C:\Program Files (x86)\Sony\Media Go\npMediaGoDetector.dll (Sony Network Entertainment International LLC)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.11.30 00:05:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFF [2013.11.12 22:33:16 | 000,000,000 | ---D | M]

[color=#E56717]========== Chrome ==========[/color]

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{googleageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: http://www.bild.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.57\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Media Go Detector (Enabled) = C:\Program Files (x86)\Sony\Media Go\npmediago.dll
CHR - plugin: PlayStation(R)Network Downloader Check Plug-in (Enabled) = C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Google-Suche = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Norton Identity Protection = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2013.4.3.4_0\
CHR - Extension: Google Wallet = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.5.0_0\
CHR - Extension: Google Mail = C:\Users\Guido\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.4.0.40\coieplg.dll (Symantec Corporation)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer PowerSmart Manager\ePowerTrayLauncher.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.EXE (Dritek System Inc.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [VitaKeyPdtWzd] C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe (Egis Technology Inc.)
O4 - HKCU..\Run: [] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe (Samsung)
O4 - HKCU..\Run: [HP Officejet 4620 series (NET)] C:\Program Files\HP\HP Officejet 4620 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKCU..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found
O4 - HKCU..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung)
O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Netzmanager.lnk = File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra 'Tools' menuitem : Quick-Launch Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe (Egis Technology Inc.)
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Vertrauenswürdige Sites)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{51EF0B10-CE11-4280-9B84-5DD0B890E95F}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52E0EB6C-5F87-437A-937B-29D25CEBBB06}: NameServer = 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Acer\Acer VCM\Skype4COM.dll (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\SysWOW64\Userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.11.29 23:13:31 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3658cc52-6365-11df-92f4-001e658da574}\Shell - "" = AutoRun
O33 - MountPoints2\{3658cc52-6365-11df-92f4-001e658da574}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{80e4a65a-44f6-11e2-839d-ae9918363638}\Shell - "" = AutoRun
O33 - MountPoints2\{80e4a65a-44f6-11e2-839d-ae9918363638}\Shell\AutoRun\command - "" = D:\Startme.exe
O33 - MountPoints2\{b35f7b61-630d-11df-be93-001e658da574}\Shell - "" = AutoRun
O33 - MountPoints2\{b35f7b61-630d-11df-be93-001e658da574}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{b35f7b74-630d-11df-be93-001e658da574}\Shell - "" = AutoRun
O33 - MountPoints2\{b35f7b74-630d-11df-be93-001e658da574}\Shell\AutoRun\command - "" = D:\AutoRun.exe
O33 - MountPoints2\{f3e5ffa5-add7-11e1-8e9c-00269e120366}\Shell - "" = AutoRun
O33 - MountPoints2\{f3e5ffa5-add7-11e1-8e9c-00269e120366}\Shell\AutoRun\command - "" = D:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

[color=#E56717]========== Files/Folders - Created Within 30 Days ==========[/color]

[2013.11.30 09:40:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2013.11.29 23:47:15 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.11.29 23:15:19 | 000,000,000 | ---D | C] -- C:\N360_BACKUP
[2013.11.29 23:12:25 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.11.29 23:11:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.11.29 13:07:49 | 000,204,568 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudmdm.sys
[2013.11.29 13:07:49 | 000,103,576 | ---- | C] (DEVGURU Co., LTD.(www.devguru.co.kr)) -- C:\Windows\SysNative\drivers\ssudbus.sys
[2013.11.22 17:44:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\CrashDump
[2013.11.22 17:44:16 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\NativeFus_Log
[2013.11.22 17:43:55 | 000,000,000 | ---D | C] -- C:\Users\Guido\Documents\samsung
[2013.11.22 17:29:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
[2013.11.22 17:28:49 | 000,821,824 | ---- | C] (Devguru Co., Ltd.) -- C:\Windows\SysWow64\dgderapi.dll
[2013.11.15 12:38:30 | 000,000,000 | ---D | C] -- C:\Program Files\Recuva
[2013.11.14 07:34:46 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\tiptoi® Manager
[2013.11.14 07:34:46 | 000,000,000 | ---D | C] -- C:\ProgramData\RavensburgerTipToi
[2013.11.14 07:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ravensburger tiptoi
[2013.11.14 03:04:45 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.11.14 03:04:45 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.11.14 03:04:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.11.14 03:04:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.11.14 03:04:44 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.11.14 03:04:44 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.11.14 03:04:44 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.11.14 03:04:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.11.14 03:04:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.11.14 03:04:44 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.11.14 03:04:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.11.14 03:04:42 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.11.14 03:04:42 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.11.14 03:04:42 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.11.14 03:04:41 | 003,959,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.11.14 01:08:03 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.11.14 01:08:02 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.11.14 01:08:02 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\credui.dll
[2013.11.14 01:08:02 | 000,190,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SmartcardCredentialProvider.dll
[2013.11.14 01:08:02 | 000,152,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013.11.14 01:07:56 | 001,474,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2013.11.14 01:07:49 | 001,447,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\lsasrv.dll
[2013.11.14 01:07:49 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.11.14 01:07:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspicli.dll
[2013.11.14 01:07:49 | 000,028,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sspisrv.dll
[2013.11.14 01:07:49 | 000,028,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\secur32.dll
[2013.11.14 01:07:46 | 000,830,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\nshwfp.dll
[2013.11.14 01:07:46 | 000,656,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nshwfp.dll
[2013.11.14 01:07:46 | 000,404,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gdi32.dll
[2013.11.14 01:07:46 | 000,324,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\FWPUCLNT.DLL
[2013.11.14 01:07:46 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\FWPUCLNT.DLL
[2013.11.12 22:57:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared
[2013.11.12 22:27:37 | 000,177,312 | ---- | C] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.11.12 22:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2013.11.12 22:27:37 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec
[2013.11.12 22:26:28 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
[2013.11.12 22:26:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Norton 360
[2013.11.12 22:26:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\NortonInstaller
[2013.11.02 22:33:56 | 000,000,000 | ---D | C] -- C:\Users\Guido\Documents\My Games
[2013.11.02 15:36:37 | 000,000,000 | ---D | C] -- C:\Users\Guido\AppData\Local\SCE
[2013.11.02 15:35:38 | 000,527,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_7.dll
[2013.11.02 15:35:38 | 000,518,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_7.dll
[2013.11.02 15:35:38 | 000,077,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_5.dll
[2013.11.02 15:35:38 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_5.dll
[2013.11.02 15:35:37 | 000,239,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_7.dll
[2013.11.02 15:35:37 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_7.dll
[2013.11.02 15:35:36 | 002,526,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_43.dll
[2013.11.02 15:35:36 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_43.dll
[2013.11.02 15:35:36 | 001,907,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_43.dll
[2013.11.02 15:35:36 | 001,868,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_43.dll
[2013.11.02 15:35:35 | 002,401,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_43.dll
[2013.11.02 15:35:35 | 000,511,328 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_43.dll
[2013.11.02 15:35:35 | 000,470,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_43.dll
[2013.11.02 15:35:35 | 000,276,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_43.dll
[2013.11.02 15:35:35 | 000,248,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_43.dll
[2013.11.02 15:35:34 | 000,530,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_6.dll
[2013.11.02 15:35:34 | 000,528,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_6.dll
[2013.11.02 15:35:34 | 000,078,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_4.dll
[2013.11.02 15:35:34 | 000,074,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_4.dll
[2013.11.02 15:35:33 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_6.dll
[2013.11.02 15:35:33 | 000,176,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_6.dll
[2013.11.02 15:35:32 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_7.dll
[2013.11.02 15:35:32 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_7.dll
[2013.11.02 15:35:31 | 000,517,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_5.dll
[2013.11.02 15:35:31 | 000,515,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_5.dll
[2013.11.02 15:35:30 | 000,238,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_5.dll
[2013.11.02 15:35:30 | 000,176,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_5.dll
[2013.11.02 15:35:29 | 002,582,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_42.dll
[2013.11.02 15:35:29 | 001,974,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_42.dll
[2013.11.02 15:35:28 | 005,554,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dcsx_42.dll
[2013.11.02 15:35:28 | 005,501,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dcsx_42.dll
[2013.11.02 15:35:28 | 000,285,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx11_42.dll
[2013.11.02 15:35:28 | 000,235,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx11_42.dll
[2013.11.02 15:35:27 | 002,475,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_42.dll
[2013.11.02 15:35:27 | 002,430,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_41.dll
[2013.11.02 15:35:27 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013.11.02 15:35:27 | 001,846,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_41.dll
[2013.11.02 15:35:27 | 000,523,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_42.dll
[2013.11.02 15:35:27 | 000,520,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_41.dll
[2013.11.02 15:35:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_42.dll
[2013.11.02 15:35:27 | 000,453,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_41.dll
[2013.11.02 15:35:26 | 005,425,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_41.dll
[2013.11.02 15:35:26 | 004,178,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_41.dll
[2013.11.02 15:35:25 | 002,605,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_40.dll
[2013.11.02 15:35:25 | 002,036,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_40.dll
[2013.11.02 15:35:25 | 000,521,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_4.dll
[2013.11.02 15:35:25 | 000,519,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_40.dll
[2013.11.02 15:35:25 | 000,517,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_4.dll
[2013.11.02 15:35:25 | 000,452,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_40.dll
[2013.11.02 15:35:25 | 000,235,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_4.dll
[2013.11.02 15:35:25 | 000,174,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_4.dll
[2013.11.02 15:35:25 | 000,073,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_3.dll
[2013.11.02 15:35:25 | 000,069,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_3.dll
[2013.11.02 15:35:25 | 000,024,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_6.dll
[2013.11.02 15:35:25 | 000,022,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_6.dll
[2013.11.02 15:35:24 | 005,631,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_40.dll
[2013.11.02 15:35:24 | 004,379,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_40.dll
[2013.11.02 15:35:23 | 000,518,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_3.dll
[2013.11.02 15:35:23 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_3.dll
[2013.11.02 15:35:23 | 000,074,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_2.dll
[2013.11.02 15:35:23 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_2.dll
[2013.11.02 15:35:22 | 000,235,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_3.dll
[2013.11.02 15:35:22 | 000,175,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_3.dll
[2013.11.02 15:35:22 | 000,025,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_5.dll
[2013.11.02 15:35:22 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_5.dll
[2013.11.02 15:35:21 | 000,513,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_2.dll
[2013.11.02 15:35:21 | 000,509,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_2.dll
[2013.11.02 15:35:21 | 000,072,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_1.dll
[2013.11.02 15:35:21 | 000,068,616 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_1.dll
[2013.11.02 15:35:20 | 001,942,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_39.dll
[2013.11.02 15:35:20 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2013.11.02 15:35:20 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_39.dll
[2013.11.02 15:35:20 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2013.11.02 15:35:20 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_2.dll
[2013.11.02 15:35:20 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_2.dll
[2013.11.02 15:35:18 | 004,992,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_39.dll
[2013.11.02 15:35:18 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2013.11.02 15:35:18 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll
[2013.11.02 15:35:18 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll
[2013.11.02 15:35:18 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll
[2013.11.02 15:35:18 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll
[2013.11.02 15:35:17 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll
[2013.11.02 15:35:17 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll
[2013.11.02 15:35:17 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll
[2013.11.02 15:35:17 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll
[2013.11.02 15:35:17 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll
[2013.11.02 15:35:17 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll
[2013.11.02 15:35:17 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll
[2013.11.02 15:35:17 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll
[2013.11.02 15:35:16 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll
[2013.11.02 15:35:16 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll
[2013.11.02 15:35:16 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll
[2013.11.02 15:35:16 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll
[2013.11.02 15:35:15 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll
[2013.11.02 15:35:15 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll
[2013.11.02 15:35:15 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll
[2013.11.02 15:35:15 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll
[2013.11.02 15:35:15 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll
[2013.11.02 15:35:15 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll
[2013.11.02 15:35:15 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll
[2013.11.02 15:35:15 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll
[2013.11.02 15:35:14 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll
[2013.11.02 15:35:14 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll
[2013.11.02 15:35:14 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll
[2013.11.02 15:35:14 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll
[2013.11.02 15:35:13 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll
[2013.11.02 15:35:13 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll
[2013.11.02 15:35:13 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll
[2013.11.02 15:35:13 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll
[2013.11.02 15:35:12 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll
[2013.11.02 15:35:12 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll
[2013.11.02 15:35:10 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll
[2013.11.02 15:35:10 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll
[2013.11.02 15:35:10 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll
[2013.11.02 15:35:10 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll
[2013.11.02 15:35:10 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll
[2013.11.02 15:35:10 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll
[2013.11.02 15:35:09 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll
[2013.11.02 15:35:09 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll
[2013.11.02 15:35:08 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll
[2013.11.02 15:35:08 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll
[2013.11.02 15:35:08 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll
[2013.11.02 15:35:08 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll
[2013.11.02 15:35:08 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll
[2013.11.02 15:35:08 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll
[2013.11.02 15:35:08 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll
[2013.11.02 15:35:08 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll
[2013.11.02 15:35:07 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll
[2013.11.02 15:35:07 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll
[2013.11.02 15:35:07 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll
[2013.11.02 15:35:07 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll
[2013.11.02 15:35:04 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll
[2013.11.02 15:35:04 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll
[2013.11.02 15:35:04 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll
[2013.11.02 15:35:04 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll
[2013.11.02 15:35:04 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll
[2013.11.02 15:35:04 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll
[2013.11.02 15:35:03 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll
[2013.11.02 15:35:03 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll
[2013.11.02 15:35:01 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll
[2013.11.02 15:35:01 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll
[2013.11.02 15:35:00 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll
[2013.11.02 15:35:00 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll
[2013.11.02 15:35:00 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll
[2013.11.02 15:35:00 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll
[2013.11.02 15:34:58 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll
[2013.11.02 15:34:58 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll
[2013.11.02 15:34:58 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll
[2013.11.02 15:34:58 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll
[2013.11.02 15:34:58 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll
[2013.11.02 15:34:58 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll
[2013.11.02 15:34:57 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll
[2013.11.02 15:34:57 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll
[2013.11.02 15:34:56 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll
[2013.11.02 15:34:56 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll
[2013.11.02 15:34:55 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll
[2013.11.02 15:34:55 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll
[2013.11.02 15:34:54 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll
[2013.11.02 15:34:54 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll
[2013.11.02 15:34:52 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll
[2013.11.02 15:34:52 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll
[2013.11.02 15:34:48 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll
[2013.11.02 15:34:48 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll
[2013.11.02 15:34:46 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll
[2013.11.02 15:34:46 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll
[2013.11.02 15:34:46 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll
[2013.11.02 15:34:46 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll
[2013.11.02 15:34:45 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll
[2013.11.02 15:34:45 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll
[2013.11.02 15:34:44 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll
[2013.11.02 15:34:44 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll
[2013.11.02 15:34:42 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll
[2013.11.02 15:34:42 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll
[2013.11.02 15:34:41 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll
[2013.11.02 15:34:41 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll
[2013.11.02 15:34:40 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll
[2013.11.02 15:34:40 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll
[2013.11.02 15:34:39 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll
[2013.11.02 15:34:39 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll
[2013.11.02 13:37:25 | 000,000,000 | ---D | C] -- C:\Users\Guido\Documents\20 Wolfgang Hohlbein - Die Chronik der Unsterblichen 015 - Nekropole
[2009.08.22 16:49:40 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files - Modified Within 30 Days ==========[/color]

[2013.11.30 09:40:10 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Guido\Desktop\OTL.exe
[2013.11.30 09:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.11.30 09:06:22 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.11.30 09:06:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.11.30 00:11:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.11.30 00:11:32 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.11.30 00:01:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.11.30 00:01:21 | 3092,926,464 | -HS- | M] () -- C:\hiberfil.sys
[2013.11.29 23:13:31 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.11.29 17:03:07 | 001,612,802 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.11.29 17:03:07 | 000,704,552 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.11.29 17:03:07 | 000,659,134 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.11.29 17:03:07 | 000,152,112 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.11.29 17:03:07 | 000,124,466 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.11.29 17:02:59 | 001,612,802 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.11.29 15:59:48 | 002,696,815 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\Cat.DB
[2013.11.29 12:19:09 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.11.29 12:19:09 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.11.26 00:31:37 | 000,020,410 | ---- | M] () -- C:\Windows\SysNative\drivers\N360x64\1404000.028\VT20131125.019
[2013.11.22 17:43:45 | 000,001,970 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.11.22 17:43:45 | 000,001,960 | ---- | M] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.11.19 06:50:57 | 000,011,104 | ---- | M] () -- C:\Users\Guido\Desktop\Entschuldigung.odt
[2013.11.15 12:38:32 | 000,001,662 | ---- | M] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.11.14 07:34:51 | 000,001,040 | ---- | M] () -- C:\Users\Guido\Desktop\tiptoi.lnk
[2013.11.13 16:29:18 | 000,367,344 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.11.13 01:20:54 | 000,177,312 | ---- | M] (Symantec Corporation) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS
[2013.11.13 01:20:54 | 000,007,631 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.11.13 01:20:54 | 000,000,854 | ---- | M] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.11.05 20:05:35 | 000,001,990 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk
[2013.11.02 15:30:28 | 000,002,590 | ---- | M] () -- C:\Users\Guido\Desktop\DC Universe Online PSG.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\*.tmp files -> C:\Windows\SysNative\*.tmp -> ]

[color=#E56717]========== Files Created - No Company Name ==========[/color]

[2013.11.29 23:13:31 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.11.22 17:43:45 | 000,001,970 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies (Lite).lnk
[2013.11.22 17:43:45 | 000,001,960 | ---- | C] () -- C:\Users\Public\Desktop\Samsung Kies.lnk
[2013.11.15 12:38:32 | 000,001,662 | ---- | C] () -- C:\Users\Public\Desktop\Recuva.lnk
[2013.11.14 07:34:51 | 000,001,040 | ---- | C] () -- C:\Users\Guido\Desktop\tiptoi.lnk
[2013.11.12 22:27:37 | 000,007,631 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.CAT
[2013.11.12 22:27:37 | 000,000,854 | ---- | C] () -- C:\Windows\SysNative\drivers\SYMEVENT64x86.INF
[2013.11.02 15:30:28 | 000,002,620 | ---- | C] () -- C:\Users\Guido\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DC Universe Online PSG.lnk
[2013.11.02 15:30:28 | 000,002,590 | ---- | C] () -- C:\Users\Guido\Desktop\DC Universe Online PSG.lnk
[2013.10.30 12:07:00 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2013.06.14 20:15:51 | 000,019,639 | ---- | C] () -- C:\Windows\prodsett_copy.ini
[2013.03.12 22:05:00 | 000,000,259 | ---- | C] () -- C:\Windows\IfoEdit.INI
[2012.12.25 11:14:56 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.07.09 13:17:35 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.05.31 11:47:12 | 000,002,093 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat
[2012.05.31 11:07:35 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.05.25 22:03:17 | 001,612,802 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.05.23 17:49:32 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.05.23 17:49:32 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.05.23 17:49:32 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.05.23 17:49:32 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.04.06 02:29:34 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.04.06 02:29:34 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.06.04 10:55:17 | 000,003,584 | ---- | C] () -- C:\Users\Guido\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.04.19 18:50:21 | 000,001,940 | ---- | C] () -- C:\Users\Guido\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[color=#E56717]========== ZeroAccess Check ==========[/color]

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

[color=#E56717]========== LOP Check ==========[/color]

[2010.05.17 18:14:18 | 000,000,000 | -HSD | M] -- C:\Users\Guido\AppData\Roaming\.#
[2011.05.14 09:07:28 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Acreon
[2011.01.21 20:07:01 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Artogon
[2010.01.02 13:12:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Azureus
[2012.11.20 22:12:32 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\convert
[2013.11.30 00:04:58 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Dropbox
[2009.12.14 06:49:46 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\GameConsole
[2012.08.25 16:16:34 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Mobipocket
[2009.12.19 10:41:00 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\MobMapUpdater
[2013.09.15 19:20:53 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Nokia
[2010.12.30 00:46:40 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Nokia Ovi Suite
[2009.12.20 18:06:28 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\OpenOffice.org
[2011.01.24 22:31:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\PC Suite
[2009.12.14 17:33:22 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\PowerCinema
[2013.07.12 21:19:02 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\RavensburgerTipToi
[2013.03.12 20:46:14 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\RipIt4Me
[2012.06.04 08:48:43 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Samsung
[2010.03.19 21:15:44 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\SoftDMA
[2013.04.28 15:06:55 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Sony
[2012.06.01 07:53:10 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Temp
[2010.06.06 22:32:58 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\TS3Client
[2012.08.17 10:35:09 | 000,000,000 | ---D | M] -- C:\Users\Guido\AppData\Roaming\Waterfox Limited

[color=#E56717]========== Purity Check ==========[/color]

[color=#E56717]========== Files - Unicode (All) ==========[/color]
[2013.09.27 12:00:38 | 098,201,609 | ---- | M] ()(C:\Windows\SysWow64\???£) -- C:\Windows\SysWow64\┽便ང£
[2013.09.26 18:00:42 | 098,201,609 | ---- | C] ()(C:\Windows\SysWow64\???£) -- C:\Windows\SysWow64\┽便ང£
[2013.09.25 09:04:13 | 097,673,008 | ---- | M] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\풀힩ང
[2013.09.25 09:04:13 | 097,673,008 | ---- | C] ()(C:\Windows\SysWow64\???) -- C:\Windows\SysWow64\풀힩ང
[2013.09.24 23:07:12 | 097,613,522 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\Сང•
[2013.09.24 23:07:12 | 097,613,522 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\Сང•
[2013.09.24 17:07:25 | 097,531,747 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뙮ངœ
[2013.09.24 17:07:25 | 097,531,747 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\뙮ངœ
[2013.09.23 18:22:32 | 098,685,961 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\掻鬚ང–
[2013.09.23 06:21:58 | 098,685,961 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\掻鬚ང–
[2013.09.22 18:21:55 | 098,597,466 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\떎즗ང›
[2013.09.22 12:21:57 | 098,597,466 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\떎즗ང›
[2013.09.21 17:27:22 | 098,547,399 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\螷뙪ང•
[2013.09.19 23:27:10 | 098,547,399 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\螷뙪ང•
[2013.09.19 17:27:12 | 098,378,485 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㩫Ꮰང™
[2013.09.18 17:34:23 | 098,378,485 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\㩫Ꮰང™
[2013.09.18 11:34:24 | 098,123,923 | ---- | M] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\嵖⿥ང9
[2013.09.17 23:34:21 | 098,123,923 | ---- | C] ()(C:\Windows\SysWow64\???9) -- C:\Windows\SysWow64\嵖⿥ང9
[2013.09.17 17:34:30 | 097,949,955 | ---- | M] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\予�ངG
[2013.09.16 23:34:23 | 097,949,955 | ---- | C] ()(C:\Windows\SysWow64\???G) -- C:\Windows\SysWow64\予�ངG
[2013.09.16 17:34:21 | 097,787,879 | ---- | M] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꝩ䤁ངŽ
[2013.09.16 11:34:21 | 097,787,879 | ---- | C] ()(C:\Windows\SysWow64\????) -- C:\Windows\SysWow64\ꝩ䤁ངŽ

[color=#E56717]========== Alternate Data Streams ==========[/color]

@Alternate Data Stream - 598 bytes -> C:\Users\Guido\Documents\Klasse R5a.eml:OECustomProperty
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:1D32EC29
@Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:4CF61E54
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:ABE89FFE

< End of report >

Zitat

OTL Extras logfile created on: 30.11.2013 09:44:29 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Guido\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,84 Gb Total Physical Memory | 1,58 Gb Available Physical Memory | 41,10% Memory free
7,68 Gb Paging File | 5,37 Gb Available in Paging File | 69,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 282,49 Gb Total Space | 80,70 Gb Free Space | 28,57% Space Free | Partition Type: NTFS

Computer Name: WORKSTATION-LR1 | User Name: Guido | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

[color=#E56717]========== Extra Registry (SafeList) ==========[/color]

[color=#E56717]========== File Associations ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

[color=#E56717]========== Shell Spawning ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htafile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "%systemroot%\system32\rundll32.exe" "%systemroot%\system32\mshtml.dll",PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

[color=#E56717]========== Security Center Settings ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

[color=#E56717]========== Firewall Settings ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultInboundAction" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultInboundAction" = 1

[color=#E56717]========== Authorized Applications List ==========[/color]

[color=#E56717]========== Vista Active Open Ports Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03875797-C70E-4610-A941-5E0AA14032CE}" = lport=2869 | protocol=6 | dir=in | app=system |
"{062DC014-7ED9-4986-92E8-3D8FAC132D19}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0D837CA8-03DC-4399-B553-EDF8A96748DE}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{10E13F7E-24C7-4F9C-BD84-174CE999D9DC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{13BFA259-4EF7-4EAD-89AF-FB66A3968371}" = rport=445 | protocol=6 | dir=out | app=system |
"{189F0EF7-14D0-4CF7-A4AA-F3A41952BC4E}" = lport=137 | protocol=17 | dir=in | app=system |
"{358E4A8C-E0F5-426F-A617-771B172E7523}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{35D35350-219E-4BEF-9C63-1DD7505ECB56}" = rport=139 | protocol=6 | dir=out | app=system |
"{36B8AF8C-83C2-49AE-BDA4-87C1FF86F1C9}" = lport=139 | protocol=6 | dir=in | app=system |
"{3C6E0FAA-7DB6-4CCC-AF1E-6BAF3CF49913}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{482C8B64-73D7-446D-B16A-9E0713F32F09}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{548A75A3-B16A-4A05-B0E1-374B8C4D5926}" = rport=138 | protocol=17 | dir=out | app=system |
"{56018A75-F6C4-4C59-AE1A-4633A504EBAC}" = lport=10243 | protocol=6 | dir=in | app=system |
"{5BB2C03B-2941-4DA2-AA40-00B5639EEB0A}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6D60B3BD-CF8C-4910-B574-F1B329EDB18F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{82E7781D-1077-4FD1-B3C0-F77E25683BD5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{87A4BA42-E82C-4DEF-A831-6D5FCC4E5E28}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8CF12165-AF48-4E6B-9405-85B2489BB7FB}" = lport=445 | protocol=6 | dir=in | app=system |
"{92D38B76-9004-4BB9-BD5B-C32EF8286114}" = rport=10243 | protocol=6 | dir=out | app=system |
"{A0DF3104-01F9-4576-9E3A-6AE532E417CB}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{A5B9656C-226B-426F-80ED-3AD340E0397B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{B7E75CEC-9687-42A5-B776-D66418EE27D7}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C16CFAE1-A3FE-4322-995B-8077552860AA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{D9A35EFE-5937-4430-8670-2DBD68D61C7D}" = lport=138 | protocol=17 | dir=in | app=system |
"{EFD5E3C6-5839-4C7D-8636-CA2FA648CBF4}" = rport=137 | protocol=17 | dir=out | app=system |

[color=#E56717]========== Vista Active Application Exception List ==========[/color]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{085C4211-C043-42F4-99C1-ED67827FE4EB}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{0B77E58E-A9B7-400C-829B-C461839DD4BC}" = protocol=6 | dir=in | app=c:\users\guido\appdata\local\temp\7zs60d4.tmp\symnrt.exe |
"{0F464AB4-37F7-4D93-81B6-E7928EAC57C4}" = protocol=6 | dir=in | app=c:\users\guido\appdata\local\temp\7zs10f0\hppiw.exe |
"{14F118FE-7EB8-4108-A40B-C13EA91F968F}" = protocol=6 | dir=in | app=c:\users\guido\appdata\local\temp\7zs60f4.tmp\symnrt.exe |
"{18CC0C05-35AB-4882-96E0-118B81D1DF1A}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{1D019C7E-B992-4D36-AD11-55C56E043D80}" = protocol=17 | dir=in | app=c:\users\guido\appdata\local\temp\7zsc14c.tmp\symnrt.exe |
"{1FCA28DA-0837-4C79-AE02-6227CA64DFB0}" = protocol=6 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{20D02690-60C6-43AB-BFD7-00228C6635F1}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe |
"{2157013D-EB72-480A-A648-F225A16C02C8}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{23AB17EF-82D3-407F-9854-E793DD46EF87}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{23C05647-5035-4E93-828E-876C50CB1540}" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"{2A60880E-53F3-430E-926E-4C1F80036139}" = dir=in | app=c:\program files (x86)\acer\acer vcm\vc.exe |
"{2B67DCBC-DE0D-40C7-A53D-4243FA13629D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{2CB662C2-E5C8-464F-B7B3-EA7D54DD0C15}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{2D3533EA-CD87-4ED5-8DC7-C774DDCC778D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{31CC14DB-D9C9-4344-B064-5F51C50D1E19}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{36E18177-B027-4937-B427-EF85E38613D1}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{373C2CE9-12F3-4408-8C9A-1489C7A48E9E}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe |
"{37FD7504-1B91-4505-A965-050519B1D238}" = protocol=6 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{3A9D466E-D14D-4E1D-869D-699033D97FA3}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\faxapplications.exe |
"{3D5145BA-D73A-4A79-A698-EB1F5FCF28C2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{3F612454-C7DF-426D-AD1B-D45656D19F52}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{48C8817C-DAA1-4394-A065-C26C429914E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5075517F-0FAC-45E8-ADC5-A519EC316B71}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{5D726F68-E282-4E00-89EB-D13A29CCF0DA}" = protocol=17 | dir=in | app=c:\users\guido\appdata\local\temp\7zsf9.tmp\symnrt.exe |
"{5F38D134-67DC-4395-A675-18CE370B815F}" = protocol=6 | dir=out | app=system |
"{6388D36F-6F41-4F66-A00F-738FCD792C0B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{65917E48-5CB3-4F18-BD63-12CB82F73A44}" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"{65CB4C18-F93A-4869-BDAC-12EEFE7814BF}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6825E267-ECCD-4096-93B1-C3D5DB407592}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
"{692CC6F6-24A2-43A7-93B9-219E61D17AE3}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{6B97BB46-6D9C-4923-9B30-4D928CDE8252}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{764E4B00-CEC8-4D02-9B6E-A251DDB1FE41}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{7A738F8B-2F41-4D48-91D8-0E3AE931226D}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{7C061237-A7F7-480C-A499-307B72A43ABE}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7C2AAA80-E98C-4E7C-BD23-C3D06ACFAADF}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\digitalwizards.exe |
"{80E435E5-432D-45E5-8088-267E86BD6234}" = protocol=17 | dir=in | app=c:\users\guido\appdata\local\temp\7zs60f4.tmp\symnrt.exe |
"{848C893D-4370-4A06-83A6-917EAAEEE546}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\sendafax.exe |
"{89541A4D-B793-4ECB-83B5-0C960C1E10A1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8AB0395C-D71D-4F85-995B-DAA478A207FA}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{8D63EBFB-4EE6-42AC-AF08-8A4A867D53DD}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{8E88837A-3F5D-4B2E-BC68-51AB83EDB632}" = protocol=6 | dir=in | app=c:\users\guido\appdata\local\temp\7zsc14c.tmp\symnrt.exe |
"{96D4AF6A-895D-4E1C-8A02-9E0ABA577908}" = protocol=17 | dir=in | app=c:\users\public\games\world of warcraft\wow-3.2.0-dede-downloader.exe |
"{976165BE-9ABD-431B-B1D8-923FE1C79774}" = protocol=17 | dir=in | app=c:\users\guido\appdata\local\temp\7zs60d4.tmp\symnrt.exe |
"{9BC69F0A-3D4B-4264-AF95-C065A7934C7A}" = protocol=17 | dir=in | app=c:\users\guido\appdata\local\temp\7zs5292.tmp\symnrt.exe |
"{A884855B-D30B-4BBE-BD26-947F72346001}" = protocol=17 | dir=in | app=c:\users\guido\appdata\local\temp\7zs10f0\hppiw.exe |
"{AC5C3B6A-7A60-48C4-ACF8-734D1BAC9161}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\devicesetup.exe |
"{ACDA3D7F-C984-4C93-9216-EFE164C9620F}" = protocol=6 | dir=in | app=c:\users\guido\appdata\local\temp\7zs5292.tmp\symnrt.exe |
"{AF66F294-7DBB-4CB3-957D-B9691B9DC8B3}" = protocol=6 | dir=in | app=c:\programdata\esafe\egdpsvc.exe |
"{B1546D30-2F12-42BB-B57B-66861EDA4D01}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{B1B6450C-A342-4A06-8F3E-0E1DBC87F281}" = protocol=6 | dir=in | app=c:\users\guido\appdata\local\temp\7zsf9.tmp\symnrt.exe |
"{B86AF29A-F1E6-493E-910D-9D5ECC34B19C}" = protocol=17 | dir=in | app=c:\program files (x86)\newtech infosystems\nti backup now 5\backupsvc.exe |
"{BE049B54-7B09-4538-BAC7-7E520B54769B}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe |
"{CB99432D-3904-49B4-B131-B4573D0DB5C3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{CECBB8EF-3EE0-4B5F-B748-666C6CB928FF}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{CED19366-2E36-419E-AC44-8A78F6227395}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{D337D698-779A-4C39-9959-BE754D622692}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe |
"{D4D5169C-B28C-4701-AF05-F3FDB66F635C}" = dir=in | app=c:\program files\hp\hp officejet 4620 series\bin\hpnetworkcommunicator.exe |
"{D4FC8B49-7ECB-4223-A3E9-5EB51B1D33B7}" = dir=in | app=c:\program files (x86)\acer\acer vcm\rs_service.exe |
"{D8196DE3-7136-45C8-9A8A-A3C61504F281}" = protocol=58 | dir=in | app=system |
"{DA729ACD-E8AB-4C53-9C04-3D7C0CEC4B57}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EE084415-A724-4707-96DC-11709ECADDFC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EF6C9F3E-B4B1-4649-9F1F-FF8498F2C230}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F051E7E7-34AB-4DCD-9CFE-8D8E12E402F7}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{F06D93EE-F6A6-44E2-B5D0-51940BCACA67}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{F0D83336-A104-41D3-B66E-1709ED12D0EE}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F58B930D-0C3C-429E-945B-BDE4CB5CF43A}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{F6E5D06B-EB5C-4AF9-99EE-3956C933EB30}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{F7EB9FD3-B7C3-45CA-B6F6-4D802FAFA2BE}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe |
"{FC218B6A-68C7-410F-BBAA-5576C666B244}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{A51D5DAD-CAC6-478D-802F-5844A47C5E02}C:\users\public\sony online entertainment\installed games\dc universe online psg\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online psg\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{E7D9D388-4C76-462D-B6E2-77C03E363840}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{6EFB5D18-B1A3-4C7E-990E-4E41C34909D5}C:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\guido\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{F18F3FF5-2A78-49AD-8807-198B83523D75}C:\users\public\sony online entertainment\installed games\dc universe online psg\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online psg\unreal3\binaries\win32\dcgame.exe |

[color=#E56717]========== HKEY_LOCAL_MACHINE Uninstall List ==========[/color]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{26A24AE4-039D-4CA4-87B4-2F86417010FF}" = Java 7 Update 10 (64-bit)
"{2F72F540-1F60-4266-9506-952B21D6640D}" = Apple Mobile Device Support
"{43B74FAB-FB58-447D-8D3A-5F638AF36FD1}" = Netzmanager
"{443A416C-BD21-9746-78C4-8139DFAA18B7}" = AMD Media Foundation Decoders
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{517AA17F-407C-4D2D-8A0C-56F1F989F870}" = O2Micro Flash Memory Card Windows Driver
"{5779202F-2247-CB80-27E4-F7F13806283A}" = AMD AVIVO64 Codecs
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{704C0303-D20C-45AF-BD2B-556EAF31BE09}" = iCloud
"{7E9984FD-DF5D-D0D9-E552-7872964F00CC}" = ccc-utility64
"{7FCDABCC-1A1E-4D61-909D-BA9495172774}" = iTunes
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{96F70DF8-160F-4F9C-9B9E-2A9B439B4EB9}" = Broadcom Gigabit NetLink Controller
"{981D96C5-41F7-43DB-90AA-F781BBD302B9}" = HP Officejet 4620 series - Grundlegende Software für das Gerät
"{9E9D49A4-1DF4-4138-B7DB-5D87A893088E}" = WIDCOMM Bluetooth Software
"{A9C6CA47-D937-D61D-4BD3-7CFAB7A5BA56}" = ATI Problem Report Wizard
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{AFC44A23-E6A8-4625-B6B1-23D438525D59}" = O2Micro 1394 OHCI Compliant Host Controller Driver
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{FAF03106-1653-15E1-3C0C-E7AE4FAE6EBF}" = AMD Catalyst Install Manager
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Recuva" = Recuva
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0186F98B-19A2-4791-8ECA-BD7870FD0C65}_is1" = DVD Rebuilder
"{021B87E2-8DBA-4CFD-8762-9D9F5AE65CF7}" = CCC Help Turkish
"{047F790A-7A2A-4B6A-AD02-38092BA63DAC}" = Acer VCM
"{04E24CF0-7DC9-4398-4BAF-E12CCA48A1D2}" = CCC Help Thai
"{077BE218-2ABA-364C-14FE-96DD8CB7289A}" = CCC Help Italian
"{07FE063B-89F4-2397-006E-FB9F12E19894}" = CCC Help Greek
"{0B7C79A5-5CB2-4ABD-A9C1-92A6213CE8DD}_is1" = MSI Kombustor 2.5.0
"{0E33EC53-22CE-426C-A88B-2AAC231BAC85}" = Catalyst Control Center - Branding
"{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1EBDD301-BEDE-78A5-D2A7-51DA367B70A8}" = CCC Help German
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{27996809-446F-7261-6C69-6B654C656F6E}" =
"{2D3858B1-226A-420D-9C9D-B51864E85429}" = Nuvoton CIR Device Driver
"{2EA45803-BEB7-46C4-9ADC-46A5F9E7BB77}" = GEAR driver installer for x86 and x64
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{35FE995E-5A31-D005-0303-8D9FBBD4B67B}" = Catalyst Control Center Graphics Previews Common
"{3DB0448D-AD82-4923-B305-D001E521A964}" = Acer PowerSmart Manager
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5C7025FD-6BD0-4E48-8948-696E26AF6F15}" = Media Go
"{5D09C772-ECB3-442B-9CC6-B4341C78FDC2}" = Apple Application Support
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{68301905-2DEA-41CE-A4D4-E8B443B099BA}" = MyWinLocker
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7235252A-39A3-4889-AF58-18B82040310E}" = AVEO USB2.0 PC Camera
"{72EDA2AC-2908-4BB3-97E5-4F9DDEBF9731}" = HP Officejet 4620 series Hilfe
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{7760D94E-B1B5-40A0-9AA0-ABF942108755}" = Acer Crystal Eye Webcam
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{806139DE-75ED-B576-51AB-697B45EDEF24}" = CCC Help Hungarian
"{8227BCD8-AA43-B935-7134-2732A298364A}" = Media Go Video Playback Engine 1.120.109.05010
"{846B5DED-DC8C-4E1A-B5B4-9F5B39A0CACE}" = HPDiagnosticAlert
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{8600BBA8-00CA-6F8E-DAD7-656DA7E8CC29}" = Catalyst Control Center InstallProxy
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8C02917D-EEB1-31B8-C955-DEA61D698D18}" = CCC Help Dutch
"{8CFD25B4-490E-F871-0AF0-45F720E9AB89}" = CCC Help Russian
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8ed9688e-4f79-4308-91ca-f1c37ca142b4}_is1" = Acer GameZone Console
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{911B75B5-136D-4EC1-96A2-DEE6A5A1FA60}" = CCC Help Swedish
"{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German)
"{97486FBE-A3FC-4783-8D55-EA37E9D171CC}" = HP Update
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAB17558-7189-1415-2370-D689FDD44B33}" = PX Profile Update
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B231624B-699F-6459-F9A4-4A31CB40E35C}" = CCC Help Czech
"{B538BBC3-68C9-98F6-487F-D7592879213E}" = CCC Help Danish
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B73F4ACE-A7F2-8FC6-D0DA-2E4E42E1DDE2}" = CCC Help Spanish
"{B7C2FEB0-8236-CABE-8CB1-C1A689CF8117}" = CCC Help Polish
"{B7F4467D-DCA0-0DC0-873F-50AA58865E74}" = CCC Help Portuguese
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{BFE49A01-A5FC-64EF-FB43-B1A79E612625}" = CCC Help Chinese Traditional
"{C025595B-A217-7317-65D8-CE7D304FCD30}" = Catalyst Pro Control Center
"{C496ED25-F3EC-0CBC-37DB-B31C6E6592C9}" = Application Profiles
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C5EB9B5A-2964-D5A3-869A-520448200FC3}" = PowerXpressHybrid
"{C962D875-A53E-835A-7DD8-229FCB96D115}" = CCC Help Korean
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{CAB40E7C-F6A1-4C14-AFA9-29096B18A5CC}" = Acer Arcade Instant On
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CC73D0BA-6DD3-771D-3757-8DBF83A009C1}" = HydraVision
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D5AFB7E8-D81F-F57F-4D43-EC95E49425FE}" = Catalyst Control Center Localization All
"{D6E74CE8-23BF-F60F-60E2-11D92654C35C}" = CCC Help Japanese
"{DA703982C580418795BF4001AA9D7061}" = DivX Plus Media Foundation Components
"{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Fingerprint Solution
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA2D24B9-F8F9-B430-60AA-2931165390E4}" = CCC Help French
"{ED54F892-C128-7AF9-5428-A57B014B0314}" = CCC Help Norwegian
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.181
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F14F6129-0E6C-1224-2CDF-C869C8F261A7}" = CCC Help Chinese Standard
"{F76C09F9-C367-6FB9-4965-A26211D094FC}" = CCC Help English
"{FAB9CB0B-9A7C-1960-F4AB-DF4AE61CAE01}" = CCC Help Finnish
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"AviSynth" = AviSynth 2.5
"Diablo III" = Diablo III
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DVD Shrink_is1" = DVD Shrink 3.2
"DVD2DVD-R_is1" = DVD2DVD-R 1.8.1
"Frag doch mal Demoversion" = Frag doch mal die Maus! Demoversion
"Google Chrome" = Google Chrome
"GridVista" = Acer GridVista
"HP Photo Creations" = HP Photo Creations
"Identity Card" = Identity Card
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{517AA17F-407C-4D2D-8A0C-56F1F989F870}" = O2Micro Flash Memory Card Windows Driver
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{AFC44A23-E6A8-4625-B6B1-23D438525D59}" = O2Micro 1394 OHCI Compliant Host Controller Driver
"InstallShield_{E09664BB-BB08-45FA-87D1-33EAB0E017F5}" = Acer Bio Protection
"LManager" = Launch Manager
"MobMap_is1" = MobMap 3.55
"N360" = Norton 360
"Netzmanager" = Netzmanager
"Ravensburger tiptoi" = Ravensburger tiptoi
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft

[color=#E56717]========== HKEY_CURRENT_USER Uninstall List ==========[/color]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"SOE-DC Universe Online Live PSG" = DC Universe Online Live
"soe-DC Universe Online PSG" = DC Universe Online PSG

[color=#E56717]========== Last 20 Event Log Errors ==========[/color]

[ Application Events ]
Error - 26.11.2013 19:08:05 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7578731

Error - 26.11.2013 19:34:03 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 27.11.2013 01:46:33 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 1482

Error - 27.11.2013 01:46:33 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 1482

Error - 28.11.2013 05:00:41 | Computer Name = Workstation-LR1 | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: IEXPLORE.EXE, Version: 10.0.9200.16736,
Zeitstempel: 0x5258c4cc Name des fehlerhaften Moduls: MSVCR80.dll, Version: 8.0.50727.6195,
Zeitstempel: 0x4dcddbf3 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00017401 ID des fehlerhaften
Prozesses: 0x2abc Startzeit der fehlerhaften Anwendung: 0x01ceec08842072d1 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE Pfad
des fehlerhaften Moduls: C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll
Berichtskennung:
8e37313a-580b-11e3-b898-9156bf7f5d42

Error - 29.11.2013 04:37:51 | Computer Name = Workstation-LR1 | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 29.11.2013 04:38:57 | Computer Name = Workstation-LR1 | Source = Windows Installer 3.1 | ID = 921877
Description =

Error - 29.11.2013 07:11:51 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 29.11.2013 07:11:51 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 7493618

Error - 29.11.2013 07:11:51 | Computer Name = Workstation-LR1 | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 7493618

[ System Events ]
Error - 31.10.2013 15:01:32 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Google Update-Dienst (gupdate) erreicht.

Error - 31.10.2013 15:01:32 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Google Update-Dienst (gupdate)" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1053

Error - 31.10.2013 15:01:32 | Computer Name = Workstation-LR1 | Source = DCOM | ID = 10005
Description =

Error - 31.10.2013 15:03:30 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Microsoft .NET Framework NGEN v4.0.30319_X86 erreicht.

Error - 01.11.2013 01:53:57 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.

Error - 11.11.2013 04:22:11 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.

Error - 13.11.2013 15:33:40 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 25.11.2013 13:46:27 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

Error - 29.11.2013 08:05:27 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7000
Description = Der Dienst "dgderdrv" wurde aufgrund folgenden Fehlers nicht gestartet:
%%2

Error - 29.11.2013 11:04:44 | Computer Name = Workstation-LR1 | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst ShellHWDetection erreicht.

< End of report >

Zitat

GMER 2.1.19163 - http://www.gmer.net
Rootkit scan 2013-11-30 10:18:27
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.PB3O 298,09GB
Running: ykp60wsi.exe; Driver: C:\Users\Guido\AppData\Local\Temp\fwnorpog.sys

---- Kernel code sections - GMER 2.1 ----

INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 528 fffff800037ac000 63 bytes [0D, 00, 00, 00, 00, 00, 00, ...]
INITKDBG C:\Windows\system32\ntoskrnl.exe!ExDeleteNPagedLookasideList + 594 fffff800037ac042 4 bytes [00, 00, 00, 00]

---- User code sections - GMER 2.1 ----

.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!GetMenu + 412 00000000757451dd 3 bytes JMP 0000000110053ac0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!GetMenu + 416 00000000757451e1 3 bytes {CALL 0xfffffffff9eb9a95}
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!PeekMessageA + 407 000000007574610b 3 bytes JMP 0000000110053c10
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!PeekMessageA + 411 000000007574610f 3 bytes [9A, EB, F9]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 131 000000007574c6c1 3 bytes JMP 0000000110053bf0
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!CreateDialogIndirectParamW + 135 000000007574c6c5 3 bytes [9A, EB, F9]
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectA + 199 000000007578fc98 7 bytes JMP 0000000110053c60
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!MessageBoxIndirectW + 52 000000007578fcd1 7 bytes JMP 0000000110053d30
.text C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe[2952] C:\Windows\syswow64\USER32.dll!MessageBoxExA + 31 000000007578fcf5 7 bytes JMP 0000000110053ce0
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3004] C:\Windows\SysWOW64\ntdll.dll!DbgBreakPoint 000000007791000c 1 byte [C3]
.text C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe[3004] C:\Windows\SysWOW64\ntdll.dll!DbgUiRemoteBreakin 000000007799f8ea 5 bytes JMP 000000017794d5c1
.text C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe[2520] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 69 0000000076c11465 2 bytes [C1, 76]
.text C:\Users\Guido\AppData\Roaming\Dropbox\bin\Dropbox.exe[2520] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 155 0000000076c114bb 2 bytes [C1, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe[3460] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076c11465 2 bytes [C1, 76]
.text C:\Program Files (x86)\Acer Bio Protection\PdtWzd.exe[3460] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076c114bb 2 bytes [C1, 76]
.text ... * 2
.text C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe[3816] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 69 0000000076c11465 2 bytes [C1, 76]
.text C:\Program Files (x86)\Acer Bio Protection\PwdBank.exe[3816] C:\Windows\syswow64\PSAPI.dll!GetModuleInformation + 155 0000000076c114bb 2 bytes [C1, 76]
.text ... * 2
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateProcess 000000007791fcb0 5 bytes JMP 00000001003b091c
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtWriteVirtualMemory 000000007791fe14 5 bytes JMP 00000001003b0048
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtOpenEvent 000000007791fea8 5 bytes JMP 00000001003b02ee
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThread 0000000077920004 5 bytes JMP 00000001003b04b2
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtProtectVirtualMemory 0000000077920038 5 bytes JMP 00000001003b09fe
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtResumeThread 0000000077920068 5 bytes JMP 00000001003b0ae0
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtTerminateThread 0000000077920084 5 bytes JMP 0000000100020050
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateMutant 000000007792079c 5 bytes JMP 00000001003b012a
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateSymbolicLinkObject 000000007792088c 5 bytes JMP 00000001003b0758
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtCreateThreadEx 00000000779208a4 5 bytes JMP 00000001003b0676
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtLoadDriver 0000000077920df4 5 bytes JMP 00000001003b03d0
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSetContextThread 0000000077921920 5 bytes JMP 00000001003b0594
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSetSystemInformation 0000000077921be4 5 bytes JMP 00000001003b083a
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\ntdll.dll!NtSuspendThread 0000000077921d70 5 bytes JMP 00000001003b020c
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!SetServiceObjectSecurity + 206 0000000076ca524f 7 bytes JMP 00000001003b0f52
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfigA + 380 0000000076ca53d0 7 bytes JMP 00000001003c0210
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 149 0000000076ca5677 1 byte JMP 00000001003c0048
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!ChangeServiceConfig2W + 151 0000000076ca5679 5 bytes {JMP 0xffffffff8971a9d1}
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!CreateServiceA + 542 0000000076ca589a 7 bytes JMP 00000001003b0ca6
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!CreateServiceW + 382 0000000076ca5a1d 7 bytes JMP 00000001003c03d8
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!QueryServiceConfigW + 370 0000000076ca5c9b 7 bytes JMP 00000001003c012c
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!ControlServiceExA + 231 0000000076ca5d87 7 bytes JMP 00000001003c02f4
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\SysWOW64\sechost.dll!I_ScBroadcastServiceControlMessage + 123 0000000076ca7240 7 bytes JMP 00000001003b0e6e
.text C:\Users\Guido\Desktop\ykp60wsi.exe[2276] C:\Windows\syswow64\USER32.dll!RecordShutdownReason + 882 0000000075781492 7 bytes JMP 00000001003c04bc

---- Disk sectors - GMER 2.1 ----

Disk \Device\Harddisk0\DR0 unknown MBR code

---- EOF - GMER 2.1 ----

04.12.2013, 09:42

malko

Member

Beiträge: 29

#2 Scheint Zeitintensiv zu sein das Ding zu entfernen. Soll aber nach dieser Anleitung loszuwerden sein.

Um auf dieses Thema zu ANTWORTEN
bitte erst » hier kostenlos registrieren!!

Folgende Themen könnten Dich auch interessieren:

» HiJack This Scan nach Spybotwarnung
»
» Problem mit IE nach erfolgreicher Hijack-entfernung...
»
»

Seite(n): 1