| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.12.2011, 13:28
| #1 |
 |  Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! Hallo Leute, ich nutze Windows 7 64 Bit. Gestern meldete SpyBot oder/und Avira (bin da nicht mehr ganz sicher) beim surfen, dass etwas gefunden/verändert wurde, in dem Moment öffneten sich automatisch zahlreiche (mindestes 25) kleine Fenster mit Fehlermeldungen. Habe dann schnell neugestartet und folgendes war verändert: Alle Desktop Symbole bis auf "Benutzername", "Computer" und "Papierkorb" waren verschwunden, desweiteren die an die Taskleiste angehefteten Verknüpfungen für den "Internet Explorer", "Dateiordner" und "Windows Media Player". Im Windows Startmenü fehlten alle Einträge bis auf "Benutzername" und "Favoriten", unter "Alle Programm" waren ebenfalls alle Verknüpfungen verschwunden. Daraufhin wollte ich (zum ersten Mal, der PC ist eine Woche alt) eine Systemwiederherstellung durchführen, doch kurz nach dem Durchführen des Prozesses und Herunterfahren wird der Bildschrim blau, es erscheint die Meldung "STOP 0x0000003B" und der PC ohne Systemwiederherstellung neu gestartet. Der PC funktioniert soweit normal ... ich habe dann Spybot als Admin ausgeführt, gefunden wurden "Babylon Toolbar", "Toolbar.Facemood" und "E2Give", konnte alle entfernen, habe jedoch leider keinen Bericht hierüber abgespeichert  Avira habe ich kurz duchlaufen lassen und abgebrochen, als "TR/Gendal.4334125" gefunden wurde. Danach habe ich gesehen, dass genau zu dem Zeitpunkt als sich alle Fenster öffneten die Datei "TR/Crypt.XPACK.Gen" gefunden wurde. Diese habe ich nun aus der Quarantäne gelöscht. Des Weiteren habe ich nun wieder alle Einträge im Startmenü hergestellt (z.B. "Systemsteuerung", "Computer", "Videos" etc.) und die Verknüpfungen "Internet Explorer", "Dateiordner" und "Windows Media Player" an die Taskleiste geheftet. Könntet Ihr mal einen Blick auf meinen Computer werfen und gucken, ob dieser weiterhin infiziert/trojanisiert ist? Es läuft zwar alles, aber das muss ja nichts heißen. Meine Vermutung ist, dass "Crypt.XPACK.Gen" diese Desktop/Taskleisten-Löschungen vorgenommen hat, aber was meint ihr? Meine OTL Logfiles (OTL.txt wurde per Scan, Extras.txt per Quick Scan erstellt) habe ich angehängt. Ich sage schonmal vielen vielen Dank im Voraus, ich hoffe, hier kann mir jemand helfen  Nachtrag: Hier einmal beide OTL Logfiles in Textform: OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.12.2011 15:24:14 - Run 1 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,98 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 50,05% Memory free 7,96 Gb Paging File | 5,64 Gb Available in Paging File | 70,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1811,92 Gb Total Space | 1606,98 Gb Free Space | 88,69% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) PRC - C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe (Voyetra Turtle Beach, Inc.) PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited) PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll () MOD - C:\Program Files\rarext32.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll () MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc) DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (USBAU) -- C:\Windows\SysNative\drivers\CM10264.sys (C-Media Electronics Inc) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=89074cfa-2048-11e1-b15d-8c89a56bfac5 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.02 12:14:07 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M] [2011.12.02 12:14:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\***\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll () O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.) O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL) O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [Turtle Beach Audio Advantage Micro] C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe (Voyetra Turtle Beach, Inc.) O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation) O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm () O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm () O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm () O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm () O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.244.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\Shell - "" = AutoRun O33 - MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\Shell\AutoRun\command - "" = J:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2011.12.11 01:41:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2011.12.10 13:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch) [2011.12.09 20:25:59 | 000,000,000 | ---D | C] -- C:\Anna-Lenas Scheiss Fuckin Shit Ordner [2011.12.09 16:06:43 | 000,000,000 | ---D | C] -- C:\Another American Experience [2011.12.09 15:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications [2011.12.09 13:18:44 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\T-Online [2011.12.09 13:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online [2011.12.09 13:15:31 | 000,000,000 | ---D | C] -- C:\T-Online [2011.12.09 13:13:55 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\SoftGrid Client [2011.12.09 13:13:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client [2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2011.12.09 13:13:01 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\TP [2011.12.09 13:08:00 | 000,000,000 | ---D | C] -- C:\An American Experience [2011.12.09 08:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jackpot Capital [2011.12.08 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intertops Casino [2011.12.08 18:01:37 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Diagnostics [2011.12.08 15:25:43 | 000,000,000 | ---D | C] -- C:\projax [2011.12.08 14:41:14 | 000,000,000 | ---D | C] -- C:\itunes [2011.12.08 13:58:18 | 000,000,000 | ---D | C] -- C:\various [2011.12.08 13:33:55 | 000,000,000 | ---D | C] -- C:\unknowntitle [2011.12.08 13:32:05 | 000,000,000 | ---D | C] -- C:\uni [2011.12.08 11:57:00 | 000,000,000 | R--D | C] -- C:\Beatles [2011.12.08 01:18:59 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\vlc [2011.12.08 01:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN [2011.12.08 00:43:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Free Download Manager [2011.12.08 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager [2011.12.08 00:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG [2011.12.08 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager [2011.12.08 00:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2011.12.08 00:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader [2011.12.06 23:43:34 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\NVIDIA [2011.12.06 23:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys [2011.12.06 21:27:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\VshareComplete [2011.12.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VshareComplete [2011.12.06 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare.tv plugin [2011.12.06 16:27:29 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Meine Paletten [2011.12.06 16:27:27 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Corel [2011.12.06 16:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis [2011.12.06 16:27:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Corel [2011.12.05 19:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Wild Casino [2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\Microgaming [2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS [2011.12.04 22:07:47 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasinoClub [2011.12.04 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CasinoClub [2011.12.04 15:49:36 | 000,000,000 | ---D | C] -- C:\bay [2011.12.04 14:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WS_FTP [2011.12.04 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc Plus 2.5 [2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc [2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartripper [2011.12.04 14:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoto Plus 4 [2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrontPage Express [2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber [2011.12.04 14:56:12 | 000,000,000 | ---D | C] -- C:\maike [2011.12.04 14:56:01 | 000,000,000 | ---D | C] -- C:\len [2011.12.04 14:55:59 | 000,000,000 | ---D | C] -- C:\job [2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\files [2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\bentus [2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\alfotto [2011.12.04 14:53:14 | 000,000,000 | ---D | C] -- C:\tyschan [2011.12.04 14:53:08 | 000,000,000 | ---D | C] -- C:\trade [2011.12.04 14:53:06 | 000,000,000 | ---D | C] -- C:\snes [2011.12.04 14:52:57 | 000,000,000 | ---D | C] -- C:\shirt [2011.12.04 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNetBet Casino [2011.12.04 14:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe [2011.12.04 01:43:02 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Rockstar Games [2011.12.04 01:41:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Rockstar Games [2011.12.04 01:32:55 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive [2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE [2011.12.04 01:16:28 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.12.04 01:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2011.12.04 01:15:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.12.04 01:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2011.12.03 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lucky18 Casino [2011.12.02 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slotastic [2011.12.02 15:43:06 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\CyberLink [2011.12.02 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit [2011.12.02 15:41:44 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX [2011.12.02 15:41:44 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vb6stkit.dll [2011.12.02 15:41:44 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6KO.DLL [2011.12.02 15:41:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemdisp.tlb [2011.12.02 15:41:44 | 000,016,384 | ---- | C] (CST) -- C:\Windows\SysWow64\lgfwunis.exe [2011.12.02 15:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate [2011.12.02 15:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink [2011.12.02 15:38:57 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2011.12.02 15:36:26 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Cyberlink [2011.12.02 15:34:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling [2011.12.02 15:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe [2011.12.02 15:34:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2011.12.02 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite [2011.12.02 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files [2011.12.02 13:13:08 | 000,000,000 | ---D | C] -- C:\The Folder [2011.12.02 12:29:07 | 000,000,000 | ---D | C] -- C:\thunderbird [2011.12.02 12:14:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.12.02 12:14:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Thunderbird [2011.12.02 12:14:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Mozilla [2011.12.02 12:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2011.12.02 10:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0 [2011.12.02 10:17:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2011.12.02 10:17:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2011.12.02 10:17:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2011.12.02 10:17:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2011.12.02 10:17:32 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2011.12.02 10:17:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2011.12.02 10:17:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2011.12.02 10:17:31 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2011.12.02 10:17:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2011.12.02 07:35:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll [2011.12.02 07:35:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll [2011.12.02 07:35:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax [2011.12.02 07:35:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax [2011.12.02 07:35:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll [2011.12.02 07:35:39 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll [2011.12.01 21:35:42 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\GTA San Andreas User Files [2011.12.01 21:35:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2011.12.01 21:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games [2011.12.01 21:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games [2011.12.01 21:09:15 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\CyberLink [2011.12.01 20:38:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\WinRAR [2011.12.01 20:38:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.12.01 20:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR [2011.12.01 20:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Formats [2011.12.01 20:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam [2011.12.01 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve [2011.12.01 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve [2011.12.01 18:32:10 | 000,000,000 | ---D | C] -- C:\torrent [2011.12.01 18:25:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Azureus [2011.12.01 18:24:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus [2011.12.01 18:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus [2011.12.01 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Azureus [2011.12.01 16:59:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.12.01 16:59:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Windows Live Writer [2011.12.01 16:57:25 | 000,000,000 | ---D | C] -- C:\Casino [2011.12.01 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG [2011.12.01 16:45:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\HP [2011.12.01 16:45:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\HP [2011.12.01 16:08:18 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Yahoo! [2011.12.01 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo! [2011.12.01 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant [2011.12.01 16:06:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool [2011.12.01 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP [2011.12.01 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP [2011.12.01 16:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard [2011.12.01 16:04:54 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z [2011.12.01 16:04:03 | 000,902,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax9.dll [2011.12.01 16:04:03 | 000,742,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtscl5.dll [2011.12.01 16:04:03 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll [2011.12.01 16:04:03 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll [2011.12.01 16:03:55 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll [2011.12.01 16:03:49 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l092.dll [2011.12.01 16:03:33 | 000,000,000 | -H-D | C] -- C:\Config.Msi [2011.12.01 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP [2011.12.01 16:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP [2011.12.01 15:31:53 | 000,000,000 | ---D | C] -- C:\rou [2011.12.01 14:55:10 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa102.dll [2011.12.01 14:54:08 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll [2011.12.01 14:53:56 | 001,306,624 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10264.sys [2011.12.01 14:53:56 | 000,323,584 | ---- | C] (Voyetra Turtle Beach) -- C:\Windows\AAMicroUninstall.exe [2011.12.01 14:53:56 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\Fltr102.dll [2011.12.01 14:53:56 | 000,229,376 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\Windows\SysWow64\TBMicro.cpl [2011.12.01 14:53:56 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\C102Prop.dll [2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Beach [2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turtle Beach [2011.12.01 14:41:56 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Adobe [2011.12.01 14:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy [2011.12.01 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy [2011.12.01 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2011.12.01 10:21:04 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\photoOptimizeHistoryDataBase [2011.12.01 10:21:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Ashampoo Photo Optimizer Medion [2011.12.01 10:20:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Avira [2011.12.01 10:19:52 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\watchmi [2011.12.01 10:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2011.12.01 10:15:34 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.01 10:15:34 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2011.12.01 10:15:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2011.12.01 09:41:26 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Adobe [2011.12.01 08:39:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation [2011.12.01 08:39:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Medion Reminder [2011.12.01 08:39:11 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Power2Go [2011.12.01 08:38:50 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2011.12.01 08:38:50 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\Searches [2011.12.01 08:38:43 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Identities [2011.12.01 08:38:41 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts [2011.12.01 08:38:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2011.12.01 08:38:40 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\VirtualStore [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten [2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten [2011.12.01 08:38:33 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft [2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\Videos [2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\Pictures [2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\Music [2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games [2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Links [2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites [2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads [2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Documents [2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop [2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft [2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Macromedia [2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover [2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData [2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp [2011.12.01 08:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek [2011.12.01 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel [2011.12.01 08:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady [2011.12.01 08:34:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel [2011.12.01 08:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis [2011.12.01 08:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel [2011.12.01 08:33:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5 [2011.12.01 08:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel [2011.12.01 08:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2011.12.01 08:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal [2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Recovery [2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2011.12.01 08:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2011.12.11 10:57:50 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 10:57:50 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2011.12.11 10:54:46 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2011.12.11 10:54:46 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2011.12.11 10:54:46 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2011.12.11 10:54:46 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2011.12.11 10:54:46 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2011.12.11 10:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2011.12.11 10:50:27 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys [2011.12.11 02:38:04 | 000,001,574 | ---- | M] () -- C:\Users\***\Desktop\eMail.lnk [2011.12.11 02:37:26 | 000,000,271 | ---- | M] () -- C:\Windows\lgfwup.ini [2011.12.11 02:36:39 | 589,455,643 | ---- | M] () -- C:\Windows\MEMORY.DMP [2011.12.11 01:23:23 | 000,453,632 | ---- | M] () -- C:\ProgramData\pGONmFwqUnrH.exe [2011.12.10 06:35:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.10 03:01:02 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.09 12:46:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2011.12.09 10:58:00 | 000,391,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2011.12.08 15:12:27 | 000,000,600 | ---- | M] () -- C:\Users\***\PUTTY.RND [2011.12.08 02:14:17 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111208_021415.reg [2011.12.08 02:14:05 | 000,001,378 | -H-- | M] () -- C:\Users\***\Documents\cc_20111208_021403.reg [2011.12.08 00:24:06 | 000,001,161 | ---- | M] () -- C:\prefs.js [2011.12.06 21:43:52 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111206_214350.reg [2011.12.06 12:28:52 | 000,001,186 | -H-- | M] () -- C:\Users\***\Documents\cc_20111206_122849.reg [2011.12.04 22:07:47 | 000,000,750 | -H-- | M] () -- C:\Users\***\Desktop\CasinoClub.lnk [2011.12.04 01:55:47 | 000,000,740 | -H-- | M] () -- C:\Users\***\Documents\cc_20111204_015545.reg [2011.12.04 01:32:55 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2011.12.04 01:16:28 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2011.12.02 16:38:24 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_163822.reg [2011.12.02 16:38:10 | 000,029,470 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_163807.reg [2011.12.02 15:38:55 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2011.12.02 12:04:11 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120408.reg [2011.12.02 12:04:00 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120357.reg [2011.12.02 12:03:49 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120347.reg [2011.12.02 12:03:38 | 000,001,060 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120335.reg [2011.12.02 12:03:20 | 000,038,304 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120311.reg [2011.12.01 21:51:08 | 000,001,221 | -H-- | M] () -- C:\Users\***\Desktop\GTA San Andreas.lnk [2011.12.01 20:38:29 | 000,000,022 | ---- | M] () -- C:\Program Files\zipnew.dat [2011.12.01 20:38:29 | 000,000,020 | ---- | M] () -- C:\Program Files\rarnew.dat [2011.12.01 16:45:25 | 000,241,431 | ---- | M] () -- C:\Windows\hpwins28.dat [2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2011.12.01 14:55:10 | 000,000,135 | ---- | M] () -- C:\Windows\Cm102.ini.imi [2011.12.01 14:55:10 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx [2011.12.01 14:55:10 | 000,000,107 | ---- | M] () -- C:\Windows\Cm102.ini.cfl [2011.12.01 14:54:25 | 000,000,084 | ---- | M] () -- C:\Windows\System\Cm102.ini [2011.12.01 14:37:02 | 000,001,262 | -H-- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2011.12.01 14:10:03 | 000,093,158 | -H-- | M] () -- C:\Users\***\Documents\cc_20111201_140954.reg ========== Files Created - No Company Name ========== [2011.12.11 02:38:04 | 000,001,574 | ---- | C] () -- C:\Users\***\Desktop\eMail.lnk [2011.12.11 01:41:39 | 589,455,643 | ---- | C] () -- C:\Windows\MEMORY.DMP [2011.12.11 01:26:47 | 000,453,632 | ---- | C] () -- C:\ProgramData\pGONmFwqUnrH.exe [2011.12.10 06:35:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf [2011.12.09 13:13:19 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.08 15:12:27 | 000,000,600 | ---- | C] () -- C:\Users\***\PUTTY.RND [2011.12.08 02:14:16 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111208_021415.reg [2011.12.08 02:14:04 | 000,001,378 | -H-- | C] () -- C:\Users\***\Documents\cc_20111208_021403.reg [2011.12.08 00:24:06 | 000,001,161 | ---- | C] () -- C:\prefs.js [2011.12.06 21:43:51 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111206_214350.reg [2011.12.06 12:28:51 | 000,001,186 | -H-- | C] () -- C:\Users\***\Documents\cc_20111206_122849.reg [2011.12.04 22:07:47 | 000,000,750 | -H-- | C] () -- C:\Users\***\Desktop\CasinoClub.lnk [2011.12.04 01:55:46 | 000,000,740 | -H-- | C] () -- C:\Users\***\Documents\cc_20111204_015545.reg [2011.12.02 16:38:23 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_163822.reg [2011.12.02 16:38:09 | 000,029,470 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_163807.reg [2011.12.02 15:41:46 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini [2011.12.02 12:04:09 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120408.reg [2011.12.02 12:03:59 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120357.reg [2011.12.02 12:03:48 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120347.reg [2011.12.02 12:03:36 | 000,001,060 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120335.reg [2011.12.02 12:03:16 | 000,038,304 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120311.reg [2011.12.01 21:51:08 | 000,001,221 | -H-- | C] () -- C:\Users\***\Desktop\GTA San Andreas.lnk [2011.12.01 20:38:29 | 000,000,022 | ---- | C] () -- C:\Program Files\zipnew.dat [2011.12.01 20:38:29 | 000,000,020 | ---- | C] () -- C:\Program Files\rarnew.dat [2011.12.01 20:38:22 | 001,163,264 | ---- | C] () -- C:\Program Files\WinRAR.exe [2011.12.01 20:38:22 | 000,417,792 | ---- | C] () -- C:\Program Files\Rar.exe [2011.12.01 20:38:22 | 000,312,149 | ---- | C] () -- C:\Program Files\WinRAR.chm [2011.12.01 20:38:22 | 000,276,992 | ---- | C] () -- C:\Program Files\UnRAR.exe [2011.12.01 20:38:22 | 000,164,864 | ---- | C] () -- C:\Program Files\RarExt.dll [2011.12.01 20:38:22 | 000,140,288 | ---- | C] () -- C:\Program Files\RarExt32.dll [2011.12.01 20:38:22 | 000,135,814 | ---- | C] () -- C:\Program Files\Default64.SFX [2011.12.01 20:38:22 | 000,132,608 | ---- | C] () -- C:\Program Files\Uninstall.exe [2011.12.01 20:38:22 | 000,106,118 | ---- | C] () -- C:\Program Files\Zip64.SFX [2011.12.01 20:38:22 | 000,102,864 | ---- | C] () -- C:\Program Files\WinCon64.SFX [2011.12.01 20:38:22 | 000,100,726 | ---- | C] () -- C:\Program Files\winrar.lng [2011.12.01 20:38:22 | 000,099,840 | ---- | C] () -- C:\Program Files\Default.SFX [2011.12.01 20:38:22 | 000,079,872 | ---- | C] () -- C:\Program Files\Zip.SFX [2011.12.01 20:38:22 | 000,073,728 | ---- | C] () -- C:\Program Files\WinCon.SFX [2011.12.01 20:38:22 | 000,038,092 | ---- | C] () -- C:\Program Files\rar.lng [2011.12.01 20:38:22 | 000,008,084 | ---- | C] () -- C:\Program Files\uninstall.lng [2011.12.01 20:38:22 | 000,003,973 | ---- | C] () -- C:\Program Files\Order.htm [2011.12.01 20:38:22 | 000,003,584 | ---- | C] () -- C:\Program Files\rarext.lng [2011.12.01 20:38:22 | 000,001,422 | ---- | C] () -- C:\Program Files\Descript.ion [2011.12.01 20:38:22 | 000,001,400 | ---- | C] () -- C:\Program Files\RarFiles.lst [2011.12.01 20:38:22 | 000,000,700 | ---- | C] () -- C:\Program Files\Uninstall.lst [2011.12.01 20:38:22 | 000,000,622 | ---- | C] () -- C:\Program Files\File_Id.diz [2011.12.01 16:57:27 | 000,000,801 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Club Gold Casino.lnk [2011.12.01 16:13:37 | 3206,787,072 | -HS- | C] () -- C:\hiberfil.sys [2011.12.01 16:02:09 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat [2011.12.01 14:55:10 | 000,787,456 | ---- | C] () -- C:\Windows\SysNative\Cmeau102.exe [2011.12.01 14:55:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix102.dll [2011.12.01 14:55:10 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx [2011.12.01 14:55:10 | 000,000,107 | ---- | C] () -- C:\Windows\Cm102.ini.cfl [2011.12.01 14:54:44 | 000,000,135 | ---- | C] () -- C:\Windows\Cm102.ini.imi [2011.12.01 14:54:25 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll [2011.12.01 14:54:25 | 000,000,494 | ---- | C] () -- C:\Windows\Cm102.ini.cfg [2011.12.01 14:54:25 | 000,000,084 | ---- | C] () -- C:\Windows\System\Cm102.ini [2011.12.01 14:54:07 | 000,000,449 | ---- | C] () -- C:\Windows\cm102.ini [2011.12.01 14:37:02 | 000,001,262 | -H-- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk [2011.12.01 14:10:01 | 000,093,158 | -H-- | C] () -- C:\Users\***\Documents\cc_20111201_140954.reg [2011.12.01 08:38:56 | 000,001,409 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2011.12.01 08:38:51 | 000,001,260 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin [2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin [2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin [2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== LOP Check ========== [2011.12.10 06:19:19 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Azureus [2011.12.04 01:18:03 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite [2011.12.11 01:35:57 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager [2011.12.10 03:03:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011.12.09 13:18:44 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\T-Online [2011.12.02 12:14:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.12.09 13:14:01 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TP [2011.12.06 21:27:29 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\VshareComplete [2011.12.01 16:59:03 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2011.12.11 01:42:05 | 000,025,978 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras.txt:OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.12.2011 15:29:12 - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,98 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,85% Memory free
7,96 Gb Paging File | 5,46 Gb Available in Paging File | 68,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1606,98 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1f7fdd50-deac-46f0-ae3b-beb62f962976}" = Slotastic
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3a4df6e3-5d5b-4d3b-a829-5e4fea186714}" = Lucky18 Casino
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{8467b556-b091-4b48-ac95-c32808a4d3aa}" = iNetBet Casino
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{d7cb908f-8b0f-48b5-8d71-ef6b226bb434}" = Intertops Casino
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE03E7C3-0250-49DC-A5AA-24FE0555EA22}" = AudioAdvantageMicro
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{fe986ae8-5283-4177-9178-52ba8d21bb10}" = Jackpot Capital
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Azureus" = Azureus
"CasinoClub" = CasinoClub
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"gowild" = Go Wild Casino
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Liven asennustyökalu
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Club Gold Casino" = Club Gold Casino
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 09.12.2011 07:18:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea790c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6c67f1e9
ID
des fehlerhaften Prozesses: 0xc84 Startzeit der fehlerhaften Anwendung: 0x01ccb662cc351e2a
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\valve\steam\steamapps\cyman3\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
7b3aeae0-2257-11e1-b280-8c89a56bfac5
Error - 09.12.2011 14:14:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
0x4ea78f27 Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
0.0.0.0, Zeitstempel: 0x4ea790c9 Ausnahmecode: 0xc0000005 Fehleroffset: 0x6cc6f1e9
ID
des fehlerhaften Prozesses: 0xd94 Startzeit der fehlerhaften Anwendung: 0x01ccb69ce3b27cc9
Pfad
der fehlerhaften Anwendung: c:\program files (x86)\valve\steam\steamapps\cyman3\counter-strike
source\hl2.exe Pfad des fehlerhaften Moduls: filesystem_steam.dll Berichtskennung:
aedffcfc-2291-11e1-b280-8c89a56bfac5
Error - 09.12.2011 17:21:30 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm PowerDVD9.exe, Version 9.0.2917.0 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 14ac Startzeit:
01ccb6b7d6d51003 Endzeit: 135 Anwendungspfad: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe
Berichts-ID:
b869ebe3-22ab-11e1-b280-8c89a56bfac5
Error - 09.12.2011 22:18:53 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Error: Die Serververbindung wurde aufgrund eines
Fehlers beendet. ErrorCode: 14007(0x36b7).
Error - 10.12.2011 13:09:55 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.0.147, Zeitstempel:
0x4e084ccc Name des fehlerhaften Moduls: javaw.exe, Version: 7.0.0.147, Zeitstempel:
0x4e084ccc Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000014c99 ID des fehlerhaften
Prozesses: 0x1a74 Startzeit der fehlerhaften Anwendung: 0x01ccb750cf8b5936 Pfad der
fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Java\jre7\bin\javaw.exe Berichtskennung: c7cd095e-2351-11e1-abb0-8c89a56bfac5
Error - 10.12.2011 13:16:27 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.0.147 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1d90 Startzeit:
01ccb75e96db4d93 Endzeit: 107 Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe
Berichts-ID:
a6c415b3-2352-11e1-abb0-8c89a56bfac5
Error - 10.12.2011 15:07:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.0.147, Zeitstempel:
0x4e084ccc Name des fehlerhaften Moduls: javaw.exe, Version: 7.0.0.147, Zeitstempel:
0x4e084ccc Ausnahmecode: 0x40000015 Fehleroffset: 0x0000000000014c99 ID des fehlerhaften
Prozesses: 0x17c0 Startzeit der fehlerhaften Anwendung: 0x01ccb75f75ecb5f7 Pfad der
fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe Pfad des fehlerhaften
Moduls: C:\Program Files\Java\jre7\bin\javaw.exe Berichtskennung: 3d3c132a-2362-11e1-abb0-8c89a56bfac5
Error - 10.12.2011 20:42:20 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description =
Error - 10.12.2011 20:44:45 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description =
Error - 10.12.2011 20:49:03 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description =
[ System Events ]
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 10.12.2011 20:45:22 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description =
Error - 10.12.2011 20:48:41 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description =
Error - 10.12.2011 21:36:44 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description =
< End of report >
Sorry, double-post, kann gelöscht werden. Habe nun nochmals SpyBot und Avira durchlaufen lassen, beide haben nichts mehr gefunden. Was meinen die Experten zum Logfile, gibts da z.B. Registry Probleme oder andere Trojaner Aktivitäten?  Ich weiß, dass nicht sofort geantwortet werden kann ... es wäre nur toll, wenn jemand kurz übers Logfile drüber gucken könnte, weil ich auf meinem PC zur Zeit nur ungern Passwörter etc. eingebe ... anyone? Ich möchte nicht drängen, nur verstehe ich zu wenig von OTL als das ich mich trauen würde, wieder Passwörter an meinem PC zu verwenden ... was meint ihr? OK, zum fünften Mal ... ich brauche Hilfe! Ähm, ich trau mich ja kaum zu fragen, aber an die Moderatoren: Was mache ich falsch? Habe ich etwas nicht gepostet, was zur Fehlerdiagnose nötig ist? Moderator? |
| Themen zu Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! |
| 64-bit, abgebrochen, automatisch, avira, babylon, babylon toolbar, blau, c:\windows\system32\rundll32.exe, computer, crypt.xpack.gen, dateiordner, desktop, e2give, entfernen, explorer, folge, free download, funktioniert, grand theft auto, herunterfahren, internet, internet explorer, logfiles, microsoft office starter 2010, mozilla thunderbird, nvidia update, officejet, plug-in, programm, safer networking, scan, sched.exe, sich automatisch, spybot, surfen, systemsteuerung, systemwiederherstellung, taskleiste, tr/crypt.xpack.ge, tr/crypt.xpack.gen, usb 3.0, version=1.0, webcheck, windows, windows media player |
Baum-Darstellung