Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Advertisment [Solved]

Started by aloabi123 , Dec 26 2013 11:03 AM

  • This topic is locked This topic is locked

#1
aloabi123
Posted 26 December 2013 - 11:03 AM

aloabi123

    Member

  • Member
  • PipPip
  • 10 posts
Hello,

I'm a friend of Machiavelli and he said he like to take control over the topic. So please let him the topic.

Problems:

When I browse there are pop ups with advertisment. Pleease help me !!!!!

OTL logfile created on: 26.12.2013 17:28:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,97 Gb Total Physical Memory | 13,44 Gb Available Physical Memory | 84,15% Memory free
31,93 Gb Paging File | 29,22 Gb Available in Paging File | 91,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 32,64 Gb Free Space | 27,40% Space Free | Partition Type: NTFS
Drive D: | 886,45 Gb Total Space | 886,34 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
Drive E: | 976,56 Gb Total Space | 678,18 Gb Free Space | 69,45% Space Free | Partition Type: NTFS

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.12.26 17:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
PRC - [2013.12.20 18:37:44 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
PRC - [2013.12.11 20:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- E:\x86\Steam\Steam.exe
PRC - [2013.12.11 20:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.11.26 19:00:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2013.11.22 22:46:48 | 003,551,576 | ---- | M] (Electronic Arts) -- E:\x86\Origin\Origin.exe
PRC - [2013.11.14 18:32:24 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2013.11.14 12:56:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.11.14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.11.11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.09.15 14:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013.09.14 03:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013.09.14 03:27:52 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\APSDaemon.exe
PRC - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.08.26 11:10:16 | 001,970,296 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.08.22 08:15:18 | 000,695,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.08.21 03:09:46 | 001,444,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2013.08.21 02:42:15 | 001,947,768 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2013.08.21 02:20:22 | 000,635,000 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2013.03.22 03:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2011.05.12 15:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Programme\ASUS Xonar D2 Audio\Customapp\AsusAudioCenter.exe
PRC - [2008.07.11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013.12.20 18:37:44 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
MOD - [2013.12.11 20:40:38 | 001,135,016 | ---- | M] () -- E:\x86\Steam\bin\chromehtml.dll
MOD - [2013.11.22 22:46:49 | 000,064,000 | ---- | M] () -- E:\x86\Origin\tufao.dll
MOD - [2013.11.06 22:48:12 | 020,625,832 | ---- | M] () -- E:\x86\Steam\bin\libcef.dll
MOD - [2013.11.06 22:48:10 | 000,691,200 | ---- | M] () -- E:\x86\Steam\SDL2.dll
MOD - [2013.09.14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013.09.14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013.09.13 18:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.09.13 18:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.06.15 00:49:12 | 001,100,800 | ---- | M] () -- E:\x86\Steam\bin\avcodec-53.dll
MOD - [2013.06.15 00:49:12 | 000,192,000 | ---- | M] () -- E:\x86\Steam\bin\avformat-53.dll
MOD - [2013.06.15 00:49:12 | 000,124,416 | ---- | M] () -- E:\x86\Steam\bin\avutil-51.dll
MOD - [2011.04.19 13:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\ASUS Xonar D2 Audio\Customapp\VmixP8.dll
MOD - [2008.07.11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013.12.20 18:37:43 | 000,125,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DlProtectSvc.exe -- (DlProtectSvc)
SRV:64bit: - [2013.12.20 18:37:43 | 000,118,784 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\hgcpl64.exe -- (netbtuhc)
SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.13 14:30:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.12.11 20:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.11.26 19:00:58 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2013.11.14 12:57:03 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013.11.14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.11.11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.10.17 10:44:18 | 002,942,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2013.10.15 02:58:58 | 002,562,208 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.08.26 11:10:16 | 001,970,296 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.08.22 08:15:18 | 000,695,416 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.08.21 02:42:15 | 001,947,768 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2013.08.21 02:20:22 | 000,635,000 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2013.02.25 14:00:02 | 000,257,512 | ---- | M] (G Data Software) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2013.02.25 04:06:17 | 001,711,568 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.12.20 19:20:37 | 000,106,272 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.11.14 12:57:13 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.11.14 12:57:05 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.10.25 13:44:40 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2013.10.25 13:44:40 | 000,079,704 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gddcd64.sys -- (gddcd)
DRV:64bit: - [2013.10.25 13:44:40 | 000,059,736 | ---- | M] (G Data Software AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gddcv64.sys -- (gddcv)
DRV:64bit: - [2013.10.25 13:44:39 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.10.08 18:54:21 | 000,063,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.10.08 18:54:16 | 000,065,368 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.10.08 18:54:15 | 000,130,392 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.10.08 18:54:15 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.07.25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 14:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011.02.24 09:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 09:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.11 16:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2007.05.11 16:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.11 16:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.giga.de/software/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://de.search.yah...8140&type=horus
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: E:\x86\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: chrome://newtab
CHR - Extension: ResultsAlpha = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaokmnpaoippoclepikifeegeknpopea\1.0.0_0\
CHR - Extension: iCloud-Lesezeichen = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
CHR - Extension: Amazon-Icon = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_1\
CHR - Extension: Google Wallet = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe ()
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [EADM] E:\x86\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] E:\x86\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = E:\x86\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94C52C8-B033-4F01-AF2B-EB33A5FEABE1}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A5A06F-A3C5-4DB6-A47F-92494F74409E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe) - c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.26 17:28:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2013.12.26 17:25:52 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.12.26 17:22:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.12.26 17:22:21 | 001,034,531 | ---- | C] (Thisisu) -- E:\Desktop\JRT_6.0.8 (1).exe
[2013.12.26 17:19:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.26 16:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.12.21 13:23:21 | 000,000,000 | ---D | C] -- E:\Desktop\The Voice of Germany
[2013.12.21 13:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.12.21 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2013.12.21 13:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.12.21 13:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.12.20 19:20:37 | 000,106,272 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.12.20 19:20:37 | 000,019,016 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.12.20 19:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.12.20 19:09:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Logitech
[2013.12.20 19:09:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2013.12.20 19:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.12.20 19:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.12.20 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Logitech
[2013.12.20 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Logishrd
[2013.12.20 18:38:44 | 000,000,000 | ---D | C] -- E:\Dokumente\Aqua Real 2 Demo
[2013.12.20 18:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiFish Aqua Real 2
[2013.12.20 18:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Formosoft
[2013.12.20 18:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultsAlpha
[2013.12.18 15:30:49 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013.12.18 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\NVIDIA
[2013.12.18 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.12.18 15:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.12.18 15:13:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.12.14 22:51:12 | 000,000,000 | ---D | C] -- E:\Desktop\Neuer Ordner
[2013.12.07 19:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.12.07 19:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.12.07 19:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.12.07 19:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Temp110e50772d0b46f4e2fd0a8fb0f4899f
[2013.12.07 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Downloads
[2013.12.07 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\ChromeExtensions
[2013.12.07 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Tempb54b3beace1a57cc1a4cc0c1f6c36383
[2013.11.26 19:01:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Battlefield 4

========== Files - Modified Within 30 Days ==========

[2013.12.26 17:31:20 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.26 17:31:20 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.26 17:31:20 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.26 17:31:20 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.26 17:31:20 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.26 17:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.26 17:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\OTL.exe
[2013.12.26 17:25:30 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.12.26 17:25:28 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.26 17:25:27 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.12.26 17:25:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.26 17:25:20 | 4269,117,438 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.26 17:24:56 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.26 17:24:56 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.26 17:22:17 | 001,034,531 | ---- | M] (Thisisu) -- E:\Desktop\JRT_6.0.8 (1).exe
[2013.12.26 17:19:29 | 001,233,962 | ---- | M] () -- E:\Desktop\adwcleaner_3.016.exe
[2013.12.26 16:52:32 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.12.26 16:49:21 | 000,000,500 | ---- | M] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.12.26 16:43:06 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.26 14:47:24 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.12.25 14:09:18 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.12.21 13:13:15 | 000,001,536 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.12.21 09:12:33 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.20 19:20:37 | 000,106,272 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.12.20 19:20:37 | 000,019,016 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.12.20 18:37:44 | 000,012,800 | ---- | M] () -- C:\ProgramData\dlprotect.exe
[2013.12.20 18:37:43 | 000,125,440 | ---- | M] () -- C:\Windows\SysNative\DlProtectSvc.exe
[2013.12.20 18:37:43 | 000,118,784 | ---- | M] () -- C:\Windows\SysNative\hgcpl64.exe
[2013.12.19 20:46:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.12.15 18:30:27 | 000,729,687 | ---- | M] () -- E:\Dokumente\301EAC2F-9019-45A4-9BA4-C24E95AE954Ee.jpg
[2013.12.15 14:47:15 | 002,272,450 | ---- | M] () -- E:\Dokumente\A7FA9977-04F0-40BF-A71D-2143666F9929.jpg
[2013.12.14 13:02:55 | 000,415,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.05 18:38:09 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.12.03 17:40:16 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.12.03 17:40:16 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.26 19:00:58 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== Files Created - No Company Name ==========

[2013.12.26 17:19:31 | 001,233,962 | ---- | C] () -- E:\Desktop\adwcleaner_3.016.exe
[2013.12.26 16:49:21 | 000,000,500 | ---- | C] () -- C:\Users\Public\Desktop\Fraps.lnk
[2013.12.21 13:13:15 | 000,001,536 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.12.20 18:38:17 | 001,028,096 | ---- | C] () -- C:\Windows\AquaReal2.scr
[2013.12.20 18:37:44 | 000,012,800 | ---- | C] () -- C:\ProgramData\dlprotect.exe
[2013.12.20 18:37:43 | 000,125,440 | ---- | C] () -- C:\Windows\SysNative\DlProtectSvc.exe
[2013.12.20 18:37:43 | 000,118,784 | ---- | C] () -- C:\Windows\SysNative\hgcpl64.exe
[2013.12.19 20:46:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.12.18 15:15:11 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.18 15:14:34 | 000,357,152 | ---- | C] () -- C:\Windows\SysNative\NvIFROpenGL.dll
[2013.12.18 15:14:34 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2013.12.15 15:01:53 | 000,729,687 | ---- | C] () -- E:\Dokumente\301EAC2F-9019-45A4-9BA4-C24E95AE954Ee.jpg
[2013.12.15 14:44:53 | 002,272,450 | ---- | C] () -- E:\Dokumente\A7FA9977-04F0-40BF-A71D-2143666F9929.jpg
[2013.12.03 17:40:16 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.12.03 17:40:16 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.23 17:05:11 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.11.13 15:47:37 | 000,001,431 | ---- | C] () -- C:\Users\Christian\AppData\Local\recently-used.xbel
[2013.10.14 15:23:11 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.10.14 15:23:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2013.10.09 11:00:29 | 000,214,392 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.10.09 11:00:28 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.10.08 18:24:25 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013.10.08 18:24:25 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013.10.08 18:24:25 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013.10.08 18:24:24 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013.10.08 18:24:15 | 000,000,905 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013.10.08 18:24:12 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013.10.08 18:24:11 | 000,000,592 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2013.10.08 17:20:17 | 000,040,725 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013.10.08 17:18:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.10.08 17:18:39 | 000,027,871 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.10.22 20:53:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\2K Sports
[2013.10.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ASUS
[2013.12.21 13:47:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2013.10.08 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\G Data
[2013.12.20 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2013.10.08 19:59:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
[2013.10.22 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2013.11.13 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Zoner

========== Purity Check ==========



< End of report >


OTL Extras logfile created on: 26.12.2013 17:28:52 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,97 Gb Total Physical Memory | 13,44 Gb Available Physical Memory | 84,15% Memory free
31,93 Gb Paging File | 29,22 Gb Available in Paging File | 91,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 32,64 Gb Free Space | 27,40% Space Free | Partition Type: NTFS
Drive D: | 886,45 Gb Total Space | 886,34 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
Drive E: | 976,56 Gb Total Space | 678,18 Gb Free Space | 69,45% Space Free | Partition Type: NTFS

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Value error.

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{879ED02B-8D5B-45A3-BF6B-8083D9C1C8BA}" = lport=48000 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |
"{8EA17948-1C91-46E6-B08B-31603F8C0EE3}" = lport=47987 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{A118FFB1-E6F1-4193-B3C2-384C7692FA33}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{BEE9AB95-BEDC-453B-AA30-3E2DA6DC5090}" = lport=5353 | protocol=17 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamsvc.exe |
"{C7116D20-57A8-41B3-9A16-93135D5F13A4}" = lport=47991 | protocol=6 | dir=in | app=c:\program files\nvidia corporation\nvstreamsrv\nvstreamer.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01B7C576-AB68-4A70-8A15-BE25528D989B}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{022FDCB3-4D84-4E9A-B087-79F8492F87A6}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{06DC05FA-65BE-4BD5-9D35-7C38E7316EBA}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\nba2k14\nba2k14.exe |
"{06FE0ED2-01E6-46CF-BC44-0FD705D10D92}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\crysis 3\bin32\crysis3.exe |
"{07E1E3B2-323E-44FC-87FF-14934BDE95A5}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\need for speed undercover\support\ea help\electronic_arts_technical_support.htm |
"{09563F19-961B-4C23-81C6-690850A26FB8}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{0DA131C8-B486-4E68-A60C-FF07432C93EF}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{0E6A7EC8-3796-4CED-AB2C-92D9AF1CD1C7}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{15427A2F-31B0-40DA-BD9C-34ADC20A0D6E}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\crysis 3\bin32\crysis3.exe |
"{19955D27-9A41-409D-935A-06B33DA56C85}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{1A219B56-DE09-4DFD-883D-84C496FF1B8C}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{1C996313-8736-4A7A-8E9E-2D707E5EFB15}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{1E092852-1122-4507-882F-A135FB548329}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{211F82DD-D79B-477F-91AB-8D475C20D063}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{22EA6ECF-BABF-42F4-BA4B-86B1512F42F3}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe |
"{254FB4D3-457B-420B-9DB3-0836D99CA85A}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\battlefield 4 beta\bf4.exe |
"{26068CDA-1A47-41F1-9FEB-6C3BEBDFCC0D}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{261B2EF2-1BF3-4BF9-8266-59DB0725291F}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{286B1D5E-8AC2-49A7-9C61-B37B584AD25D}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\fifa 14\game\fifa14.exe |
"{2884BD44-E7E0-4CC1-AEB8-6A616EFF47FD}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{29369D01-F8F6-4E20-B2CC-FC05E3EAC718}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\transformers war for cybertron\binaries\twfc.exe |
"{2961E139-0630-4F5E-ADA4-B99EA1A9AE8F}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{2BE8AF75-D102-4560-94BF-24C08680C258}" = dir=in | app=e:\x86\assassin's creed iv black flag\ac4bfmp.exe |
"{2C7B2D8C-0490-4619-B75E-00131871EADB}" = protocol=6 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{2CD00C16-F2E6-4E3B-972B-19ACC792C3F2}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{36B191C9-1ABD-466A-9574-BA54534432B3}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{3864801A-373D-4B87-A810-0A90E5A40F7A}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{3ACE786C-9B31-402E-A4E1-7DDFD28FBDD5}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{3B939650-4C7D-4E06-83B9-5EAAB59C85DE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3BEF3BB4-5D13-4EF9-989A-D2861A07CB36}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{3EE7B177-59DE-477A-A4D0-F9806CAD5825}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{3FFB371E-C980-4A8B-B76C-E7CF327B0BB6}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty world at war\codwawmp.exe |
"{4276064A-FD88-4836-8C39-3856C42E86C2}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty black ops ii\t6sp.exe |
"{451BC7AE-A05B-4452-955A-22FE3B32F7A1}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{45BD2DEA-4437-4EDC-9E4D-1D96F1E8C79B}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{48D6D460-DEF9-438C-B4E0-18A8568EB9D5}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\need for speed undercover\nfs.exe |
"{4CF9E85C-0B62-4B86-92D0-1F686199320E}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |
"{5529F830-19B0-40FE-B7BB-D1E73C071B9D}" = protocol=17 | dir=in | app=c:\program files (x86)\battlelog web plugins\sonar\0.70.4\sonarhost.exe |
"{56C65353-1A9C-4B04-9A9C-F9D9AF212A9F}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{5A4A3FA4-5421-4C67-9568-A945F65D5B56}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{5CB2C221-4A64-4664-AD0A-B870F65B0A3F}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty black ops ii\t6zm.exe |
"{5D05954E-B3D5-43BE-B70F-1A72758AE38B}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{5EAEADA0-669F-4D5C-8D41-08604CA85252}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{6742C904-4A95-40B2-83B6-77301DC24E0D}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4_x86.exe |
"{69315BDE-4CB9-47EB-94EE-B154D2406175}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{69F6B950-C3D4-4C5E-A3AF-8C493A0B55E6}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{6D8001B1-7582-4C08-842B-48B01A901AAA}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{6E394B7F-1A6F-4296-A2AF-E48B05AACB9A}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{70620056-ECC6-4D6A-B083-F6E14AE20ABC}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe |
"{808C8C08-B833-4773-848D-A4A4A34F6B7B}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{87D6EE81-E500-4B1D-ABB7-2DE8D5D8A246}" = protocol=17 | dir=in | app=e:\x86\steam\steam.exe |
"{88A191F4-FBA1-418D-BD81-BB528D4972FC}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\fifa manager 13\manager13.exe |
"{9181CD48-85DA-4EC1-A61D-6C4EF9A25D48}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\grand theft auto vice city\gta-vc.exe |
"{9196F8E3-49F0-412E-A10A-772D4BF0B1CA}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\need for speed undercover\nfs.exe |
"{9209BA73-8713-46EF-BB92-A0C4089F8A2E}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{921FBC69-9FF2-43D6-B533-2A5BA7B0B9F9}" = protocol=17 | dir=in | app=e:\x86\stronghold2.exe |
"{922D65A3-C050-4931-B86A-0E3A55460974}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\grand theft auto iv\gtaiv\launchgtaiv.exe |
"{95AB9B74-F00A-4E72-B92D-882F90AE61E3}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\battlefield 4 beta\bf4.exe |
"{99D4038A-A91F-4A35-9136-B131CF64C6CC}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\transformers war for cybertron\binaries\twfc.exe |
"{9A56BBF8-6062-4B2C-952F-08050B0E6B2D}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{9D1F37DD-60BD-4928-8CFD-32C755E78EA2}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\need for speed undercover\support\ea help\electronic_arts_technical_support.htm |
"{A085B9E4-A803-44F2-BCA9-3E1CC61E17CC}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{A37B612F-7229-43C7-817C-EC8825198E2B}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{A62C2764-A5ED-425E-BEBC-B038FF5C0DFD}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{A97696C9-3D46-4700-9A49-383C945A8980}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{AC6330E4-1929-47E9-8F02-E2BCCEF1F560}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{AD600411-9A9F-46E0-8178-22DDDD7218FB}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{B0DA4D2C-F83C-4C41-8867-8C35CB924A15}" = protocol=6 | dir=in | app=e:\x86\stronghold2.exe |
"{B1FAF56B-79B9-4DEC-862D-206F6FE212B8}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\battlefield 4\bf4.exe |
"{B345B7C0-2071-451C-9F86-48DB93139A21}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\fifa 13\game\fifa13.exe |
"{B614E234-4397-4C08-B24A-09A497830DAB}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{B8C619CE-6FA5-485C-BBB3-A14E58768AB3}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe |
"{BB413ACB-D53A-4B03-8D52-CF640109B083}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty black ops ii\t6mp.exe |
"{BC45DB50-054C-4037-8AF5-BE637EB18A2D}" = protocol=17 | dir=in | app=e:\program files (x86)\origin games\battlefield 3\bf3.exe |
"{C46BE3E8-96D8-4B7B-9218-8B09B026F8BD}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\mafia ii\pc\mafia2.exe |
"{C984A130-6F17-4F06-88C1-F74FD3521535}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty world at war\codwaw.exe |
"{CCF71D94-C44D-402A-B3B7-E0B641494586}" = dir=in | app=e:\x86\assassin's creed iv black flag\ac4bfsp.exe |
"{CEA3B7D7-1C49-42BD-902F-3F1CC439486B}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe |
"{D4DFED89-8468-48D9-9E80-F9C1520932E7}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{D61E8382-D72F-48B2-849F-8E98F261153B}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\nba2k14\nba2k14.exe |
"{D76266A2-61C7-454C-8878-9B8ABC66137E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{D824496D-26E7-454A-B5A5-7C5424DD0FF0}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{D866CD88-79ED-49EF-96FC-506FDDC369E0}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\fifa 12\game\fifa.exe |
"{DC7EBE5F-F6BB-4762-A29A-F5B0DDB9DC93}" = protocol=6 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{E64D2065-1F02-4CFD-ABD3-F63497C1D1B9}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{EAE830E9-7E62-4256-A126-7531B938F171}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{EBC2B188-7928-41B0-95A3-88690E43AC1E}" = protocol=6 | dir=in | app=e:\x86\steam\steam.exe |
"{EFF4593D-7C8C-4506-93CE-43B6E6CDE275}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\call of duty modern warfare 2\iw4sp.exe |
"{F1268855-F455-4373-B49A-97933D4C5803}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{F68B56B0-1570-46F2-97B8-BBE014C10BF1}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\dota 2 beta\dota.exe |
"{F76237E1-CFAA-4A71-A6F6-5DB14A8602B0}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\need for speed™ most wanted\nfs13.exe |
"{FDAE9EB5-C956-4503-8897-8E31DD08A8BB}" = protocol=6 | dir=in | app=e:\program files (x86)\origin games\fifa 14\game\fifa14.exe |
"{FE0AA5E7-4112-480A-AC1A-C1A0CFF4BF5F}" = protocol=17 | dir=in | app=e:\x86\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{230D1595-57DA-4933-8C4E-375797EBB7E1}" = Bluetooth Win7 Suite (64)
"{2EDC2FA3-1F34-34E5-9085-588C9EFD1CC6}" = Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.60610
"{2EF5D87E-B7BD-458F-8428-E4D0B8B4E65C}" = Apple Mobile Device Support
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{764384C5-BCA9-307C-9AAC-FD443662686A}" = Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.60610
"{7DEBE4EB-6B40-3766-BB35-5CBBC385DA37}" = Microsoft .NET Framework 4.5.1
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5.1 (Deutsch)
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.7.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 331.82
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.13.0725
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.LEDVisualizer" = NVIDIA LED Visualizer 1.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamC" = GeForce Experience NvStream Client Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_GFExperience.NvStreamSrv" = SHIELD Streaming
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.26.4
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_ShadowPlay" = NVIDIA ShadowPlay 9.3.21
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_VirtualAudio.Driver" = NVIDIA Virtual Audio 1.2.9
"{C513739C-5F16-37B5-9ACF-99925FF1C1F3}" = Microsoft .NET Framework 4.5.1 (DEU)
"{D601CEAD-2E4F-4BBB-85CC-C29A4CE6A3C0}" = iTunes
"{EAFB2AD8-D92B-464C-8D97-B9CB94703C4A}" = iCloud
"C-Media Oxygen HD Audio Driver" = ASUS Xonar D2 Audio Driver
"GIMP-2_is1" = GIMP 2.8.8
"Logitech Gaming Software" = Logitech Gaming Software 8.51
"ResultsAlpha" = ResultsAlpha
"Speccy" = Speccy
"WinRAR archiver" = WinRAR 5.00 (64-bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{16D2C649-CBA8-44EE-B730-12584667D487}" = Stronghold 2 Deluxe
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{29AE3F9F-7158-4ca7-B1ED-28A73ECDB215}_is1" = Samsung SSD Magician
"{4198AE83-A3C6-4C41-85C8-EC63E990696E}" = Crysis®3
"{436B5959-7423-4876-AE5A-EDD2496D5724}" = Pro Evolution Soccer 2014
"{46F044A5-CE8B-4196-984E-5BD6525E361D}" = Apple Application Support
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.11
"{63DEADD1-C032-4F1F-AF76-26B166D6AC30}" = G Data TotalProtection 2014
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel® Management Engine Components
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7B5AA67E-FEA0-40BB-BAB5-CA56645A589C}" = NVIDIA PhysX
"{80AF0300-866F-400F-A350-D53E3C3E34E0}" = FUSSBALL MANAGER 13
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_PROHYBRIDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_PROHYBRIDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROHYBRIDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROHYBRIDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_PROHYBRIDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_PROHYBRIDR_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_PROHYBRIDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{91120000-0031-0000-0000-0000000FF1CE}" = Microsoft Office Professional Hybrid 2007
"{91120000-0031-0000-0000-0000000FF1CE}_PROHYBRIDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FA94731-1F9D-4BC2-B773-6947CA208B70}" = Aqua Real 2
"{a1909659-0a08-4554-8af1-2175904903a1}" = Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610
"{A29E18C2-7AB1-4b6b-848C-5D5E2C85F0C0}" = FIFA 13
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AA7A2800-1E75-4240-855B-03AFF8E5171E}" = FIFA 14
"{ABADE36E-EC37-413B-8179-B432AD3FACE7}" = Battlefield 4™
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.05) - Deutsch
"{B67BAFBA-4C9F-48FA-9496-933E3B255044}" = QuickTime
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{CFAB3721-549D-4827-A4E8-7F90192114AB}" = Battlefield 4™ Beta
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{EA8ADAA9-6671-4839-A51E-0C6792B78F3E}" = FIFA 12
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{FB0127F3-985B-44CE-AE29-378CAF60B361}" = Need for Speed™ Most Wanted
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Battlelog Web Plugins" = Battlelog Web Plugins
"Cheat Engine 6.3_is1" = Cheat Engine 6.3
"Downloader" = Downloader
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps
"Free YouTube Download_is1" = Free YouTube Download version 3.2.18.1128
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.12.17.1127
"Google Chrome" = Google Chrome
"MagniDriver" = marvell 91xx driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"OpenAL" = OpenAL
"Origin" = Origin
"PROHYBRIDR" = 2007 Microsoft Office system
"PunkBusterSvc" = PunkBuster Services
"Steam App 10090" = Call of Duty: World at War
"Steam App 10180" = Call of Duty: Modern Warfare 2
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 12110" = Grand Theft Auto: Vice City
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12210" = Grand Theft Auto IV
"Steam App 17430" = Need for Speed: Undercover
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 255480" = NBA 2K14
"Steam App 42650" = Transformers: War for Cybertron
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 50130" = Mafia II
"Steam App 570" = Dota 2
"Uplay" = Uplay
"Uplay Install 273" = Assassin's Creed IV Black Flag
"Windows Utils" = Windows Utils

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{132401a7-2006-4342-b43c-ccf5f02c2b01}" = Download Protect

< End of report >
  • 0

Advertisements

#2
Machiavelli
Posted 26 December 2013 - 12:53 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Welcome to GeeksToGo, Christian

My name is Machiavelli and I'll try to fix your PC problems. If you are in SafeMode then print my instructions! Removing Malware on a computer can be very complicated. Malware (malicious software) is able to hide and so I may not be able to find it so easily. In order to remove Malware from you Computer, you need to follow my instructions carefully. Don't be worried if you don't know what to do, just ask me! Please stay in contact with me until the problem is fixed.

Posted Image

Posted Image

!NOTE! Please respect my volunteered time and stay with me until I declare your computer clean. If you are going to be delayed for a while, please let me know.

I am currently in training and my posts will need to be reviewed by an expert, so expect a slight delay between posts. :)

 

I'll come with an further answer later.
  • 0

#3
Machiavelli
Posted 27 December 2013 - 06:12 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Punkbuster Advice

We don't recommend using Punkbuster while we are fixing your PC. I see you have some gaming tools installed like Punkbuster - Punkbuster uses techniques which are like Spyware/Malware! A Fact is that it takes control about your PC and they meet the definition of Malware! I know, I'm myself a gamer, that you need Punkbuster for cool games like Battlefield 4 etc. but while we are fixing your PC it would be clever to disable Punkbuster. So please follow the following steps below:

  • Download the Removal Tool for Punkbuster from here
  • Right-click on pbsvc.exe and select Run as Administrator (if you use Win Vista / Win 7 / Win 8).
  • Make sure that Uninstall/Remove PunkBuster Service is selected.
  • Click on Next >> Yes >> Finish.
  • Reboot(restart) your machine if not prompted to do so.

When we are finished you can install it again if you like of course.

Uninstall Software

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Download Protect
  • Once you have done this, reboot your computer

OTL Fix

  • Right click on the OTL icon on your Desktop and select Run as Administrator
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Commands
[CreateRestorePoint]

:OTL
SRV:64bit: - [2013.12.20 18:37:43 | 000,125,440 | ---- | M] () [Auto | Running] -- C:\Windows\SysNative\DlProtectSvc.exe -- (DlProtectSvc)
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://de.search.yah...8140&type=horus
O4 - HKLM..\Run: [Download Protect] C:\ProgramData\dlprotect.exe ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
[2013.12.21 13:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.12.21 13:13:00 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\DVDVideoSoft
[2013.12.21 13:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.12.21 13:13:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.12.07 19:10:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Temp110e50772d0b46f4e2fd0a8fb0f4899f
[2013.12.07 19:10:07 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Tempb54b3beace1a57cc1a4cc0c1f6c36383

:Commands
[EMPTYTEMP]
  • Click the Run Fix button.
  • After your computer has rebooted, post the Fixlog into your next reply.

AdwCleaner

Please download AdwCleaner (by Xplode) from the link below and save it to your Desktop:

Download Mirror #1


  • Right-click on AdwCleaner.exe and select Run as administrator.
  • Click Scan and let the scan run.
  • When it finishes, click Clean, following the on screen prompts
  • After your computer reboots, a log will open. Please Copy (Ctrl+C) and Paste (Ctrl+V) this into your next post.

Note: The log can also be found in here: C:\AdwCleaner\

JRT Run

Posted Image Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.

OTL

  • Right click on the OTL icon on your Desktop and select Run as Administrator
  • Click Quick Scan to start the OTL scan.
  • When OTL finishes scanning, a log, OTL.txt will open.
  • Copy (Ctrl+C) and Paste (Ctrl+V) the contents of this log into your next post please.

Question

How is your PC running? Any problems?
  • 0

#4
aloabi123
Posted 27 December 2013 - 06:47 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

Here is that, what OTL has oppened after the Reboot.




Files\Folders moved on Reboot...
C:\Users\Christian\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
  • 0

#5
aloabi123
Posted 27 December 2013 - 06:53 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the text, which was opened after the Reboot from AdwCleaner.





# AdwCleaner v3.016 - Bericht erstellt am 27/12/2013 um 13:50:07
# Aktualisiert 23/12/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzername : Christian - CHRISTIAN-PC
# Gestartet von : E:\Downloads\adwcleaner_3.016 (1).exe
# Option : Löschen

***** [ Dienste ] *****


***** [ Dateien / Ordner ] *****


***** [ Verknüpfungen ] *****


***** [ Registrierungsdatenbank ] *****


***** [ Browser ] *****

-\\ Internet Explorer v11.0.9600.16428


-\\ Google Chrome v31.0.1650.63

[ Datei : C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\preferences ]


*************************

AdwCleaner[R0].txt - [2251 octets] - [26/12/2013 17:19:36]
AdwCleaner[R1].txt - [927 octets] - [27/12/2013 13:49:12]
AdwCleaner[S0].txt - [2166 octets] - [26/12/2013 17:20:13]
AdwCleaner[S1].txt - [849 octets] - [27/12/2013 13:50:07]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [908 octets] ##########
  • 0

#6
aloabi123
Posted 27 December 2013 - 07:01 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the text from Junkware Removal tool.



~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.0.8 (11.05.2013:1)
OS: Windows 7 Home Premium x64
Ran by Christian on 27.12.2013 at 13:57:48,93
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.12.2013 at 13:59:39,20
Computer was rebooted
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
  • 0

#7
aloabi123
Posted 27 December 2013 - 07:07 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the Last one. (The quick scan from OTL)





OTL logfile created on: 27.12.2013 14:01:56 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = E:\Desktop\Neuer Ordner (2)
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

15,97 Gb Total Physical Memory | 13,21 Gb Available Physical Memory | 82,72% Memory free
31,93 Gb Paging File | 28,78 Gb Available in Paging File | 90,11% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 119,14 Gb Total Space | 38,66 Gb Free Space | 32,45% Space Free | Partition Type: NTFS
Drive D: | 886,45 Gb Total Space | 886,34 Gb Free Space | 99,99% Space Free | Partition Type: NTFS
Drive E: | 976,56 Gb Total Space | 678,05 Gb Free Space | 69,43% Space Free | Partition Type: NTFS

Computer Name: CHRISTIAN-PC | User Name: Christian | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2013.12.26 17:28:19 | 000,602,112 | ---- | M] (OldTimer Tools) -- E:\Desktop\Neuer Ordner (2)\OTL.exe
PRC - [2013.12.11 20:40:36 | 001,823,656 | ---- | M] (Valve Corporation) -- E:\x86\Steam\Steam.exe
PRC - [2013.12.11 20:40:36 | 000,569,768 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2013.12.04 03:48:06 | 000,863,184 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.11.22 22:46:48 | 003,551,576 | ---- | M] (Electronic Arts) -- E:\x86\Origin\Origin.exe
PRC - [2013.11.14 18:32:24 | 000,664,344 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech Gaming Software\Applets\LCDMedia.exe
PRC - [2013.11.14 12:56:57 | 001,028,384 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe
PRC - [2013.11.14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2013.11.11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2013.09.15 14:34:06 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2013.09.14 03:38:54 | 000,059,720 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.08.26 11:10:16 | 001,970,296 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2013.08.22 08:15:18 | 000,695,416 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2013.08.21 03:09:46 | 001,444,472 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe
PRC - [2013.08.21 02:42:15 | 001,947,768 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe
PRC - [2013.08.21 02:20:22 | 000,635,000 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe
PRC - [2013.03.22 03:55:34 | 001,854,928 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe
PRC - [2011.05.12 15:50:03 | 001,990,656 | ---- | M] (CMedia) -- C:\Programme\ASUS Xonar D2 Audio\Customapp\AsusAudioCenter.exe
PRC - [2008.07.11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Modules (No Company Name) ==========

MOD - [2013.12.11 20:40:38 | 001,135,016 | ---- | M] () -- E:\x86\Steam\bin\chromehtml.dll
MOD - [2013.12.04 03:48:04 | 000,399,312 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ppGoogleNaClPluginChrome.dll
MOD - [2013.12.04 03:48:03 | 013,586,896 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\PepperFlash\pepflashplayer.dll
MOD - [2013.12.04 03:48:02 | 004,055,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\pdf.dll
MOD - [2013.12.04 03:47:11 | 000,702,416 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libglesv2.dll
MOD - [2013.12.04 03:47:11 | 000,099,792 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\libegl.dll
MOD - [2013.12.04 03:47:08 | 001,619,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\31.0.1650.63\ffmpegsumo.dll
MOD - [2013.11.22 22:46:49 | 000,064,000 | ---- | M] () -- E:\x86\Origin\tufao.dll
MOD - [2013.11.06 22:48:12 | 020,625,832 | ---- | M] () -- E:\x86\Steam\bin\libcef.dll
MOD - [2013.11.06 22:48:10 | 000,691,200 | ---- | M] () -- E:\x86\Steam\SDL2.dll
MOD - [2013.09.14 01:51:02 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\zlib1.dll
MOD - [2013.09.14 01:50:36 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Internet Services\libxml2.dll
MOD - [2013.09.13 18:51:44 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2013.09.13 18:51:20 | 001,242,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2013.06.15 00:49:12 | 001,100,800 | ---- | M] () -- E:\x86\Steam\bin\avcodec-53.dll
MOD - [2013.06.15 00:49:12 | 000,192,000 | ---- | M] () -- E:\x86\Steam\bin\avformat-53.dll
MOD - [2013.06.15 00:49:12 | 000,124,416 | ---- | M] () -- E:\x86\Steam\bin\avutil-51.dll
MOD - [2011.04.19 13:56:58 | 000,143,360 | ---- | M] () -- C:\Programme\ASUS Xonar D2 Audio\Customapp\VmixP8.dll
MOD - [2008.07.11 14:04:22 | 000,200,704 | ---- | M] () -- C:\Windows\SysWOW64\HsMgr.exe


========== Services (SafeList) ==========

SRV:64bit: - [2013.11.26 10:18:09 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2013.12.13 14:30:19 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.12.11 20:40:36 | 000,569,768 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.11.14 12:57:03 | 015,125,280 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe -- (NvStreamSvc)
SRV - [2013.11.14 12:56:48 | 001,914,656 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.11.11 08:59:20 | 000,414,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.10.17 10:44:18 | 002,942,808 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2013.10.15 02:58:58 | 002,562,208 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKWCtlx64.exe -- (AVKWCtl)
SRV - [2013.09.11 21:21:54 | 000,105,144 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2013.09.05 15:04:00 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.09.05 09:34:30 | 000,171,680 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013.08.26 11:10:16 | 001,970,296 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2013.08.22 08:15:18 | 000,695,416 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2013.08.21 02:42:15 | 001,947,768 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVKBackup\AVKBackupService.exe -- (GDBackupSvc)
SRV - [2013.08.21 02:20:22 | 000,635,000 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\TotalProtection\AVK\AVKService.exe -- (AVKService)
SRV - [2013.02.25 14:00:02 | 000,257,512 | ---- | M] (G Data Software) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\TSNxG\TSNxGService.exe -- (TSNxGService)
SRV - [2013.02.25 04:06:17 | 001,711,568 | ---- | M] (G Data Software AG) [On_Demand | Stopped] -- C:\Program Files (x86)\G Data\TotalProtection\AVKTuner\AVKTunerService.exe -- (GDTunerSvc)
SRV - [2010.10.27 15:18:52 | 000,052,896 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2013.12.20 19:20:37 | 000,106,272 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2013.11.14 12:57:13 | 000,039,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvvad64v.sys -- (nvvad_WaveExtensible)
DRV:64bit: - [2013.11.14 12:57:05 | 000,196,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2013.10.25 13:44:40 | 000,098,760 | ---- | M] (G Data Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TS4nt.sys -- (TS4NT)
DRV:64bit: - [2013.10.25 13:44:40 | 000,079,704 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\gddcd64.sys -- (gddcd)
DRV:64bit: - [2013.10.25 13:44:40 | 000,059,736 | ---- | M] (G Data Software AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\gddcv64.sys -- (gddcv)
DRV:64bit: - [2013.10.25 13:44:39 | 000,064,856 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.10.08 18:54:21 | 000,063,320 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.10.08 18:54:16 | 000,065,368 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.10.08 18:54:15 | 000,130,392 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.10.08 18:54:15 | 000,060,248 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2013.07.25 15:53:46 | 000,023,040 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.12.13 13:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.06.10 05:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 14:44:16 | 002,725,376 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmudaxp.sys -- (cmudaxp)
DRV:64bit: - [2011.02.24 09:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 09:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010.11.22 08:09:06 | 000,303,408 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mv91xx.sys -- (mv91xx)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.10.27 14:50:28 | 000,301,680 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,279,152 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2010.10.27 14:50:28 | 000,203,624 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,156,520 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2010.10.27 14:50:28 | 000,058,992 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2010.10.27 14:50:28 | 000,055,336 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU)
DRV:64bit: - [2010.10.27 14:50:28 | 000,038,248 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2010.10.27 14:50:28 | 000,031,080 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2010.10.19 15:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.13 21:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.05.11 16:31:02 | 003,612,704 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64)
DRV:64bit: - [2007.05.11 16:30:50 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.11 16:29:08 | 001,361,952 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lvpopf64.sys -- (lvpopf64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://www.giga.de/software/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local


========== FireFox ==========

FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.1: C:\Program Files (x86)\Battlelog Web Plugins\2.3.1\npbattlelog.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/npbattlelog,version=2.3.2: C:\Program Files (x86)\Battlelog Web Plugins\2.3.2\npbattlelog.dll (EA Digital Illusions CE AB)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: E:\x86\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)



========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:bookmarkBarPinned}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}{google:omniboxStartMarginParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client={google:suggestClient}&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}{google:pageClassification}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: chrome://newtab
CHR - Extension: ResultsAlpha = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaokmnpaoippoclepikifeegeknpopea\1.0.0_0\
CHR - Extension: iCloud-Lesezeichen = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkepacicchenbjecpbpbclokcabebhah\1.2.12_0\
CHR - Extension: Amazon-Icon = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkcedibhemacmilmkpndpkoidlnmgngg\1.0_1\
CHR - Extension: Google Wallet = C:\Users\Christian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.0_0\

O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [Cmaudio8788] C:\Windows\Syswow64\cmicnfgp.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Cmaudio8788GX] C:\Windows\syswow64\HsMgr.exe ()
O4:64bit: - HKLM..\Run: [Cmaudio8788GX64] C:\Windows\system\HsMgr64.exe ()
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Nvtmru] C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [ShadowPlay] C:\Windows\SysNative\nvspcap64.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [G Data AntiVirus Tray] C:\Program Files (x86)\G Data\TotalProtection\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\TotalProtection\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKCU..\Run: [EADM] E:\x86\Origin\Origin.exe (Electronic Arts)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKCU..\Run: [Steam] E:\x86\Steam\Steam.exe (Valve Corporation)
O4 - Startup: C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Samsung SSD Magician.lnk = E:\x86\Samsung SSD Magician\Samsung SSD Magician.exe (Samsung Electronics.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: DisallowRun = 1
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B94C52C8-B033-4F01-AF2B-EB33A5FEABE1}: DhcpNameServer = 172.20.10.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E8A5A06F-A3C5-4DB6-A47F-92494F74409E}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe) - c:\program files (x86)\g data\totalprotection\avkkid\avkcks.exe ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2013.12.27 13:57:53 | 000,000,000 | R--D | C] -- C:\Users\Christian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2013.12.27 13:42:14 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\%LOCALAPPDATA%
[2013.12.26 17:44:32 | 000,000,000 | ---D | C] -- E:\Desktop\Neuer Ordner (2)
[2013.12.26 17:22:45 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.12.26 17:19:34 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2013.12.26 16:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fraps
[2013.12.21 13:23:21 | 000,000,000 | ---D | C] -- E:\Desktop\The Voice of Germany
[2013.12.20 19:20:37 | 000,106,272 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.12.20 19:20:37 | 000,019,016 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.12.20 19:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\LogiShrd
[2013.12.20 19:09:10 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\Logitech
[2013.12.20 19:09:09 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2013.12.20 19:08:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.12.20 19:08:20 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech Gaming Software
[2013.12.20 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Logitech
[2013.12.20 19:07:56 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Roaming\Logishrd
[2013.12.20 18:38:44 | 000,000,000 | ---D | C] -- E:\Dokumente\Aqua Real 2 Demo
[2013.12.20 18:38:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DigiFish Aqua Real 2
[2013.12.20 18:38:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Formosoft
[2013.12.20 18:37:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ResultsAlpha
[2013.12.18 15:30:49 | 000,000,000 | ---D | C] -- C:\Windows\Migration
[2013.12.18 15:18:48 | 000,000,000 | ---D | C] -- C:\Users\Christian\AppData\Local\NVIDIA
[2013.12.18 15:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2013.12.18 15:17:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2013.12.18 15:13:36 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.12.07 19:19:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.12.07 19:19:49 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.12.07 19:19:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.12.07 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\Downloads
[2013.12.07 19:10:08 | 000,000,000 | ---D | C] -- C:\Users\Christian\ChromeExtensions

========== Files - Modified Within 30 Days ==========

[2013.12.27 14:03:35 | 001,620,612 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.12.27 14:03:35 | 000,699,416 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.12.27 14:03:35 | 000,654,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.12.27 14:03:35 | 000,149,556 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.12.27 14:03:35 | 000,122,126 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.12.27 13:57:45 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.12.27 13:57:45 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs
[2013.12.27 13:57:42 | 000,000,035 | ---- | M] () -- C:\Users\Public\Documents\AtherosServiceConfig.ini
[2013.12.27 13:57:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.12.27 13:57:35 | 4269,117,438 | -HS- | M] () -- C:\hiberfil.sys
[2013.12.27 13:57:09 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.12.27 13:57:09 | 000,022,512 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.12.27 13:43:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.12.27 13:30:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.12.26 18:52:29 | 000,214,392 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.12.25 14:09:18 | 000,290,184 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.12.21 13:13:15 | 000,001,536 | ---- | M] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.12.21 09:12:33 | 001,593,956 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.20 19:20:37 | 000,106,272 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GRD.sys
[2013.12.20 19:20:37 | 000,019,016 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.12.20 18:37:43 | 000,118,784 | ---- | M] () -- C:\Windows\SysNative\hgcpl64.exe
[2013.12.19 20:46:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.12.15 18:30:27 | 000,729,687 | ---- | M] () -- E:\Dokumente\301EAC2F-9019-45A4-9BA4-C24E95AE954Ee.jpg
[2013.12.15 14:47:15 | 002,272,450 | ---- | M] () -- E:\Dokumente\A7FA9977-04F0-40BF-A71D-2143666F9929.jpg
[2013.12.14 13:02:55 | 000,415,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.12.05 18:38:09 | 000,002,175 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.12.03 17:40:16 | 000,016,284 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.12.03 17:40:16 | 000,016,284 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf

========== Files Created - No Company Name ==========

[2013.12.21 13:13:15 | 000,001,536 | ---- | C] () -- C:\Users\Public\Desktop\Free YouTube to MP3 Converter.lnk
[2013.12.20 18:38:17 | 001,028,096 | ---- | C] () -- C:\Windows\AquaReal2.scr
[2013.12.20 18:37:43 | 000,118,784 | ---- | C] () -- C:\Windows\SysNative\hgcpl64.exe
[2013.12.19 20:46:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.12.18 15:15:11 | 001,593,956 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.12.18 15:14:34 | 000,357,152 | ---- | C] () -- C:\Windows\SysNative\NvIFROpenGL.dll
[2013.12.18 15:14:34 | 000,314,656 | ---- | C] () -- C:\Windows\SysWow64\NvIFROpenGL.dll
[2013.12.15 15:01:53 | 000,729,687 | ---- | C] () -- E:\Dokumente\301EAC2F-9019-45A4-9BA4-C24E95AE954Ee.jpg
[2013.12.15 14:44:53 | 002,272,450 | ---- | C] () -- E:\Dokumente\A7FA9977-04F0-40BF-A71D-2143666F9929.jpg
[2013.12.03 17:40:16 | 000,016,284 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.12.03 17:40:16 | 000,016,284 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.11.23 17:05:11 | 003,123,272 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2013.11.13 15:47:37 | 000,001,431 | ---- | C] () -- C:\Users\Christian\AppData\Local\recently-used.xbel
[2013.10.14 15:23:11 | 000,000,416 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2013.10.14 15:23:11 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2013.10.08 18:24:25 | 000,200,704 | ---- | C] () -- C:\Windows\SysWow64\HsMgr.exe
[2013.10.08 18:24:25 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\VmixP8.dll
[2013.10.08 18:24:25 | 000,000,048 | ---- | C] () -- C:\Windows\SysWow64\cmasiop.ini
[2013.10.08 18:24:24 | 000,042,457 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfl
[2013.10.08 18:24:15 | 000,000,905 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.imi
[2013.10.08 18:24:12 | 000,004,967 | ---- | C] () -- C:\Windows\Cmicnfgp.ini.cfg
[2013.10.08 18:24:11 | 000,000,592 | ---- | C] () -- C:\Windows\cmudaxp.ini
[2013.10.08 17:20:17 | 000,040,725 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2013.10.08 17:18:47 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2013.10.08 17:18:39 | 000,027,871 | ---- | C] () -- C:\Windows\Ascd_tmp.ini

========== ZeroAccess Check ==========

[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.07.26 03:24:57 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.07.26 02:55:59 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2013.10.22 20:53:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\2K Sports
[2013.10.08 18:24:40 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\ASUS
[2013.10.08 20:32:05 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\G Data
[2013.12.20 19:09:09 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Leadertech
[2013.10.08 19:59:20 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Origin
[2013.10.22 16:48:19 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\TuneUp Software
[2013.11.13 15:01:11 | 000,000,000 | ---D | M] -- C:\Users\Christian\AppData\Roaming\Zoner

========== Purity Check ==========



< End of report >
  • 0

#8
Machiavelli
Posted 27 December 2013 - 08:13 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Question

How is your PC running? Any problems?
  • 0

#9
aloabi123
Posted 27 December 2013 - 03:49 PM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

problem is solved. THANK YOU :)
  • 0

#10
Machiavelli
Posted 28 December 2013 - 09:05 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
CKScanner

Download CKScanner from here

Important : Save it to your desktop.
  • Right click on CKScanner.exe and select Run as Administrator - then click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File.
  • A message box will verify that the file is saved.
  • Double-click the CKFiles.txt icon on your desktop and copy/paste the contents in your next reply.

  • 0

Advertisements

#11
aloabi123
Posted 28 December 2013 - 09:19 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Hello,

Here is the text.




CKScanner 2.4 - Additional Security Risks - These are not necessarily bad
c:\program files\gimp 2\share\gimp\2.0\patterns\cracked.pat
scanner sequence 3.NA.11.XBLBV0
----- EOF -----
  • 0

#12
Machiavelli
Posted 28 December 2013 - 09:36 AM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Malwarebytes' Anti-Malware

Please download Malwarebytes' Anti-Malware

Right click on the Malwarebytes setup (mbam-setup.exe) and select Run as Administrator
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish, so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately.


ESET Online Scanner

Please disable your AntiVirus before doing these steps!

  • If you have Win Vista / Win 7 / Win 8 please start IE as Administrator!
  • This will only work for Internet Explorer or FireFox
  • Please download ESET Online Scanner from here

How to do this?

  • Visit this website here
  • You will see a screen like this:


    Posted Image

    • Click Run ESET Online Scanner

      Posted Image
    • A Window will open (see above) - please click on the link
    • A window will pop up - please download the file to your Desktop
    • When the download has finished please run the program (for Win Vista/ Win7 / Win 8 User please run it as Administrator)

      Posted Image
    • Tick the box next to YES, I accept the Terms of Use then click on: Start
    • You may see a panel towards the top of the screen telling you the website wants to install an addon... click and allow it to install. If your firewall asks whether you want to allow installation, say yes.

      Posted Image
    • Make sure that the option Remove found threats is NOT checked.
    • Make sure that the option Scan archives is checked.
    • Now click on Advanced Settings and select the following:
      • Scan for potentially unwanted applications
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth Technology
    • Then click on Start
    • virus signature database will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
    • When completed the Online Scan will begin automatically. The scan may take several hours.
    • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.

      Posted Image
    • After the scan is finished please click on Finish
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.
  • I want you to uninstall following programs (XP: Start > Control Panel > Add/Remove Programs | Vista / Win7 / Win8: Start > Control Panel > uninstall a program):
    • ESET Online Scanner

SecurityCheck

Download Security Check from here or here.
  • Save it to your Desktop.
  • Right click on SecurityCheck.exe and select Run as Administrator - follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

  • 0

#13
aloabi123
Posted 28 December 2013 - 10:02 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The Text from Malewareboard:



Malwarebytes Anti-Malware (Test) 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.12.28.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 11.0.9600.16476
Christian :: CHRISTIAN-PC [Administrator]

Schutz: Aktiviert

28.12.2013 16:56:33
mbam-log-2013-12-28 (16-56-33).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 234005
Laufzeit: 2 Minute(n), 48 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 4
HKCR\TypeLib\{39FD4EA6-C524-482A-B130-B356BFD5DB87} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
HKCR\Interface\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8} (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
HKCU\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
HKLM\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Program Files (x86)\ResultsAlpha (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\plugins (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.

Infizierte Dateien: 13
C:\Program Files (x86)\ResultsAlpha\ResultsAlpha.ico (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\aaokmnpaoippoclepikifeegeknpopea.crx (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\ResultsAlphaBHO.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\ResultsAlphaUninstall.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\sqlite3.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\updateResultsAlpha.InstallState (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\sqlite3.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.exe (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\utilResultsAlpha.InstallState (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.FFUpdate.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.GCUpdate.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.
C:\Program Files (x86)\ResultsAlpha\bin\plugins\ResultsAlpha.IEUpdate.dll (PUP.Optional.ResultsAlpha.A) -> Keine Aktion durchgeführt.

(Ende)
  • 0

#14
aloabi123
Posted 28 December 2013 - 10:23 AM

aloabi123

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ESET has found nothing.


Text from Security check:


Results of screen317's Security Check version 0.99.77
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
G Data TotalProtection 2014
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
Adobe Reader XI
Google Chrome 31.0.1650.57
Google Chrome 31.0.1650.63
````````Process Check: objlist.exe by Laurent````````
Malwarebytes Anti-Malware mbamservice.exe
Malwarebytes Anti-Malware mbamgui.exe
Malwarebytes' Anti-Malware mbamscheduler.exe
G Data TotalProtection Firewall GDFwSvcx64.exe
G Data TotalProtection Firewall GDFirewallTray.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
  • 0

#15
Machiavelli
Posted 28 December 2013 - 02:18 PM

Machiavelli

    GeekU Moderator

  • GeekU Moderator
  • 4,722 posts
Your computer looks good to me. We are done so far - so well done! :thumbsup: You were fast at responding and so we could solve your problem very quickly.

 

I. Removal of Tools and other things



 

  • Step 1: OTL Fix | Delete old restore points and create a new one

  • Right click on OTL.exe and select Run as Administrator
  • Copy (Ctrl+C) and Paste (Ctrl+V) all of the following text into the Custom Scans/Fixes box:


    :Reg
[-HKEY_CLASSES_ROOT\TypeLib\{39FD4EA6-C524-482A-B130-B356BFD5DB87}]
[-HKEY_CLASSES_ROOT\Interface\{B01A1DA4-813F-44BD-B544-77E5DA7EB5A8}] 
[-HKEY_CURRENT_USER\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A)] 
[-HKEY_LOCAL_MACHINE\Software\ResultsAlpha (PUP.Optional.ResultsAlpha.A)] 

:Files
C:\Program Files (x86)\ResultsAlpha
%systemroot%\sysnative\vssadmin delete shadows /for=c: /all /quiet /c

:Commands
[EMPTYTEMP]
[CreateRestorePoint]
  • Click the Run Fix button.
  • Your computer will reboot.

  • Step 2: OTL CleanUp

Right click on OTL and select Run as Administrator and hit the cleanup button. It will remove all the programs we have used plus itself.

Posted Image

  • Step 3: Uninstalling ESET

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • ESET
  • Once you have done this, reboot your computer

  • Step 4: Malwarebytes

Malwarebytes is a very good free scanner! It isn't an one demand scanner so it won't have any problems with your AntiVirus! It would be good if you scan your PC after Malware every 1-2 months (of course with Malwarebytes).
But if you like to uninstall it, then make that:

  • Click on the Start Posted Image button and select Control Panel
  • Click on Programs then click on Uninstall a program
  • You will now see a list of your installed software, double click on the following one by one to uninstall them:

    • Malwarebytes
  • Once you have done this, reboot your computer

  • Step 5: Uninstalling Adwarecleaner

  • Right click on the Adwarecleaner Icon and select Run as Administrator
  • Please click Uninstall - this will delete the tool from the computer

  • Step 6: Removing other tools

You can remove JRT.exe manually.

 

II. Prevention and Future Guidelines



 

  • Step 1: FileHippo's UpdateChecker

Download File-Hippo Updatechecker from here and install it. Please run it monthly - it will scan your Updatestatus. For example a program is out dated the UpdateChecker will give you a link where you can download the newest version of the respective program.

How to update programs with FileHippo Updatechecker?

  • Start FileHippo Updatechecker
  • You get redirected to a Website
  • You probably see a list of updates (if not then there are probably all programs up to date)
  • Click on the first item of the list, download the Update , after that reboot the Computer and take the next item of the list!

  • Step 2: Future Tips

Exercise common sense

Having security programs installed is very helpful to you, but none of them have the gift of human thought. The best way to make sure you don't get infected is to look before you leap. Be careful of what websites you visit - if a site looks suspicious, trust your instincts and get out of there. Be careful of what attachments you open in emails and files you download from websites - check them over carefully and look at the file extensions to make sure that you know what you're getting. Using peer-to-peer file sharing programs or downloading cracks and keygens is something else to avoid - the files you will be downloading are infected in the vast majority of cases, and the benefits simply aren't worth the risk to your computer.

Keep up on Windows updates

Along with keeping all of the security programs that you choose to use updated, it is also important to keep up on system updates from Microsoft, as these patch critical security vulnerabilities and help to keep you safe. Typically the windows update icon will appear in your taskbar when new updates are available, whenever you see it you should open the menu up and install the updates that are available. Although it may be an annoyance, that little bit of extra time it takes to stay updated is very well worth it instead of getting infected from an exploit and having to clean your PC again.

Slow computer?

If your computer begins to slow down again in the future for no particular reason, your first step should not be to come back to the malware forum. As your computer ages and is used, its parts wear, files and programs accumulate, and its performance speed can decrease. To restore your computer's performance to its best possible level, follow the steps in this guide written by tech expert Artellos.

Keep Safe! :thumbsup:
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP