Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.06.2012, 14:25   #1
virulent
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2



Hallo!

Mein Avira hat die Atraps-Viren vor etwa zwei Wochen aufgespürt. Nach einigem Geschmöker im Internet und einigem Herumgespiele mit Malwarebytes Anti-Malware (u.a. mehrere stundenlange Deep-Scans) schien der Schaden bereinigt zu sein. Vorhin habe ich dann den Mediyes entdeckt. Dies lässt mich vermuten, dass meine Viren nie wirklich verschwunden waren.

Auf meinem Rechner liegen sehr wertvolle Daten für mich, die etwa das Arbeitspensum von 5 Jahren wiederspiegeln. Sie sind auf einer externen Festplatte abgesichert, aber ich weiß nicht, ob diese nicht ebenfalls vom Virus befallen sind (oder von mehreren Viren, je nachdem).

Ich war schon einmal ein bisschen erleichtert, als ich gesehen habe, dass auch andere die Probleme mit Atraps haben (siehe Nachbarthread). Ich würde mich sehr freuen, wenn ich den Dreck wieder sauber von der Platte bekäme. Ich gebe mir jetzt erst einmal Mühe, alle Schritte im Threaderstellungsthread zu befolgen und editieren den Thread dann, um die Scans und Daten einzufügen. Vielen Dank im Voraus!

Hier kommt das OTL LogfileOTL Logfile:
OTL EXTRAS Logfile:
Code:
ATTFilter
OTL logfile created on: 13.06.2012 15:26:34 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,04% Memory free
16,00 Gb Paging File | 14,06 Gb Available in Paging File | 87,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 30,82 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.06.13 15:19:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
PRC - [2012.05.17 14:05:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\tools)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\tools)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Tools\webcam logitech\LWS\Webcam Software\LWS.exe
PRC - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Tools\ICQLite\ICQ7.2\ICQ.exe
PRC - [2010.07.23 04:09:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Tools\Mozilla Firefox\firefox.exe
PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.11.11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\QTGui4.dll
MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\QTXml4.dll
MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll
MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\ImageFormats\QGif4.dll
MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\QTCore4.dll
MOD - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011.01.05 10:18:56 | 000,733,184 | ---- | M] () -- C:\Tools\ICQLite\ICQ7.2\MDb.dll
MOD - [2010.07.23 04:09:20 | 001,015,768 | ---- | M] () -- C:\Tools\Mozilla Firefox\js3250.dll
MOD - [2009.02.27 16:38:22 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2012.06.02 17:18:14 | 000,354,304 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\SysNative\poua28um7.dll -- (Dnscache)
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.05.26 23:14:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.17 14:05:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.29 22:37:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\tools)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2011.12.22 17:38:30 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service)
SRV - [2010.04.09 14:31:26 | 000,567,808 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Tools\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64)
DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135)
DRV:64bit: - [2010.12.16 16:01:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.12 21:51:51 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.spiegel.de"
FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900
FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900
FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.20
FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\tools\Gamersplanet Downloader\npdd.dll (Metaboli)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.01 22:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.01 22:10:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Tools\Mozilla Firefox\components [2010.08.11 18:06:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Tools\Mozilla Firefox\plugins [2011.01.01 22:10:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Tools\Mozilla Thunderbird\components [2010.08.11 19:50:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Tools\Mozilla Thunderbird\plugins [2011.01.01 22:10:45 | 000,000,000 | ---D | M]
 
[2010.08.11 19:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions
[2010.08.11 19:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.06.12 22:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions
[2012.05.28 22:56:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2011.12.16 07:29:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2012.05.31 22:12:22 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions\crossriderapp3491@crossrider.com
[2012.01.13 15:48:00 | 000,002,005 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vcre8wbi.default\searchplugins\sternde-suche.xml
[2010.08.12 11:59:54 | 000,004,140 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vcre8wbi.default\searchplugins\youtube.xml
[2011.01.01 22:10:45 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO
[2011.01.01 22:10:46 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA
[2009.03.18 16:29:31 | 000,000,000 | ---D | M] (Java Console) -- C:\TOOLS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2010.08.15 22:38:19 | 000,000,000 | ---D | M] (Java Console) -- C:\TOOLS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Tools\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD)
O4 - HKLM..\Run: [avgnt] C:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [LWS] C:\tools\webcam logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\tools)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~3\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~3\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Tools\ICQLite\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Tools\ICQLite\ICQ7.2\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dyu8nt9.dll File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\nsp8ca5s.dll File not found
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80ACCFED-1E68-48DB-A727-E15E765083D0}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~3\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.03.10 13:53:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{1a563e08-091d-11e0-93f4-00248c1f690d}\Shell - "" = AutoRun
O33 - MountPoints2\{1a563e08-091d-11e0-93f4-00248c1f690d}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{a6d3d7fc-583f-11e0-b8d2-00248c1f690d}\Shell - "" = AutoRun
O33 - MountPoints2\{a6d3d7fc-583f-11e0-b8d2-00248c1f690d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.13 15:19:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.06.10 22:04:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx
[2012.06.02 20:15:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira
[2012.06.02 20:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.06.02 20:10:05 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.06.02 20:10:04 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.06.02 20:10:04 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.06.02 20:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.06.02 17:18:14 | 000,354,304 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua28um7.dll
[2012.06.02 09:19:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\MediaProSoft Free HD Video Converter
[2012.06.02 09:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaProSoft Free HD Video Converter
[2012.05.31 22:12:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Vid-Saver
[2012.05.31 22:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver
[2012.05.31 22:11:05 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2012.05.27 11:08:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Größenvergleich Planeten
[2012.05.26 23:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI
[2012.05.26 23:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT
[2012.05.26 23:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\AMD
[2012.05.26 23:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP
[2012.05.26 23:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center
[2012.05.26 23:35:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.05.26 23:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies
[2012.05.26 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies
[2012.05.19 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\satc
[2012.05.14 20:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.13 15:19:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe
[2012.06.13 15:16:12 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 15:16:12 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.13 15:09:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.13 15:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.13 15:08:39 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.13 15:07:31 | 000,000,020 | ---- | M] () -- C:\Users\Martin\defogger_reenable
[2012.06.13 15:06:39 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\Defogger.exe
[2012.06.13 14:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 14:43:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.11 20:28:30 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.11 20:28:30 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.11 20:28:30 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.11 20:28:30 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.11 20:28:30 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.06 17:56:22 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.06.02 17:18:14 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua28um7.dll
[2012.05.31 17:52:05 | 000,005,639 | ---- | M] () -- C:\Users\Martin\Desktop\Illustrationen_Übersicht_Geisterjahrmarkt_Hinter dem Spiegel.rtf
[2012.05.31 16:38:18 | 000,505,866 | ---- | M] () -- C:\Users\Martin\Desktop\Dämmerstunden_6_HinterdemSpiegel.rtf
[2012.05.30 13:23:36 | 000,051,739 | ---- | M] () -- C:\Users\Martin\helden.zip.hld.ok
[2012.05.30 13:23:36 | 000,000,319 | ---- | M] () -- C:\Users\Martin\.dsa4.properties
[2012.05.26 23:18:31 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.05.26 23:18:31 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.05.26 23:17:31 | 000,269,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.05.23 21:44:42 | 000,033,369 | ---- | M] () -- C:\Users\Martin\Desktop\Skizze_Toter Baum.PDF
[2012.05.23 21:44:15 | 000,505,584 | ---- | M] () -- C:\Users\Martin\Desktop\20120420 Hinter dem Spiegel.rtf
[2012.05.17 14:05:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.05.16 22:02:24 | 000,000,722 | ---- | M] () -- C:\Users\Martin\Desktop\SpeedFan.lnk
[2012.05.16 22:02:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.06.13 15:07:30 | 000,000,020 | ---- | C] () -- C:\Users\Martin\defogger_reenable
[2012.06.13 15:06:38 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\Defogger.exe
[2012.05.31 17:52:05 | 000,005,639 | ---- | C] () -- C:\Users\Martin\Desktop\Illustrationen_Übersicht_Geisterjahrmarkt_Hinter dem Spiegel.rtf
[2012.05.31 17:18:13 | 000,505,866 | ---- | C] () -- C:\Users\Martin\Desktop\Dämmerstunden_6_HinterdemSpiegel.rtf
[2012.05.31 17:18:13 | 000,505,584 | ---- | C] () -- C:\Users\Martin\Desktop\20120420 Hinter dem Spiegel.rtf
[2012.05.23 21:44:41 | 000,033,369 | ---- | C] () -- C:\Users\Martin\Desktop\Skizze_Toter Baum.PDF
[2012.05.16 22:02:24 | 000,000,722 | ---- | C] () -- C:\Users\Martin\Desktop\SpeedFan.lnk
[2012.05.16 22:02:22 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo
[2012.05.14 20:05:43 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk
[2012.05.09 16:44:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.02.15 16:46:11 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\{412D365E-21B7-43BA-A8AA-37D608E27B29}
[2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.04 15:59:35 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.04.16 17:13:23 | 000,001,358 | ---- | C] () -- C:\Windows\eReg.dat
[2011.03.26 09:43:06 | 000,000,108 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\42219ba0.dat
[2010.11.29 19:40:40 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.11.29 19:40:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.09 20:46:07 | 000,001,482 | ---- | C] () -- C:\Users\Martin\AppData\Local\RecConfig.xml
[2010.09.09 13:30:58 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.08.18 19:48:00 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.08.13 10:25:46 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.08.13 10:25:46 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2010.08.12 15:54:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.08.11 17:20:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== LOP Check ==========
 
[2011.06.02 14:03:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.ABC
[2011.09.12 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\46developments
[2011.04.23 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AAV
[2012.02.24 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Artweaver Free
[2011.04.04 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AtomZombieDemoData
[2011.06.05 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Cobra Mobile
[2012.04.07 13:12:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Code Force Limited
[2012.04.29 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite
[2012.04.29 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Pro
[2011.05.07 20:23:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dwarfs
[2010.11.12 16:53:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fortix
[2010.10.28 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeOrion
[2012.05.01 19:17:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GetRightToGo
[2011.05.01 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GoPal Assistant
[2010.08.18 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Gutscheinmieze
[2012.04.08 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HackSlashLoot
[2012.06.13 15:11:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ
[2011.08.27 22:00:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Kalypso Media
[2012.05.09 16:42:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech
[2011.01.01 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Local
[2012.01.23 17:32:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LucasArts
[2012.06.02 09:19:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MediaProSoft Free HD Video Converter
[2011.10.03 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo
[2011.09.18 14:06:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.04.07 12:18:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\qBittorrent
[2010.11.07 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ReactGames
[2011.02.12 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\System
[2010.08.12 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\The Creative Assembly
[2010.08.11 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird
[2012.05.03 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 4
[2011.08.11 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 4 Demo
[2011.02.19 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TrueCrypt
[2010.12.05 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client
[2011.10.16 20:24:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unigraphics Solutions
[2012.06.01 22:56:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent
[2011.04.30 15:21:45 | 000,000,000 | -HSD | M] -- C:\Users\Martin\AppData\Roaming\wyUpdate AU
[2010.11.17 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ZombieDriver
[2012.05.28 22:55:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

--- --- ---


Und jetzt noch der Text aus dem Extra-File:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 13.06.2012 15:26:34 - Run 1
OTL by OldTimer - Version 3.2.48.0     Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,04% Memory free
16,00 Gb Paging File | 14,06 Gb Available in Paging File | 87,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 30,82 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
 
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Tools\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067AA401-88CE-4610-8AED-197E85A82DED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1A148FE4-9A6C-4C1D-80D9-9CE5E25A6357}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2E4A7E11-6344-4EEB-B489-D3B84325B0C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2FEE9845-4AE9-477C-9611-BC21B69156B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{30ED9801-8646-4975-BB6E-137A5082630C}" = lport=137 | protocol=17 | dir=in | app=system | 
"{45456EBA-CDED-4344-B37D-AEB16AE39E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{4D7127EA-0EBD-4133-9F5E-04E3543ED832}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{542F1E03-73AF-4AD7-9309-5688D2DB841D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 | 
"{607CC2DB-DE6E-45FC-BFC9-E94A75770672}" = lport=139 | protocol=6 | dir=in | app=system | 
"{62164EFA-68CB-4C16-A890-DB144AAD6235}" = rport=138 | protocol=17 | dir=out | app=system | 
"{63F38187-5C3C-46CC-A49D-155356A7CC02}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65B0A963-7EF5-469C-A581-62807780C4EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe | 
"{6644FB85-AFCA-4DB7-9F76-7F6CEE9D00B2}" = rport=445 | protocol=6 | dir=out | app=system | 
"{66A4E24C-1E6F-4E56-91CF-ADC4DEDBEC5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{73A3BFD4-B9AC-4475-8854-C7ACF3BF5EC2}" = rport=137 | protocol=17 | dir=out | app=system | 
"{74D1F3C7-6F20-41BB-80EE-9C964BF6C8ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9158F732-3862-4CDC-9D1E-4204F5381762}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AA79A375-7FC5-446D-A399-243A0DFB6AC5}" = lport=138 | protocol=17 | dir=in | app=system | 
"{B2561534-DAFC-4978-B90A-D5263C9ECF05}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C84E42B6-4B38-443E-A74B-C858F6814489}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{CE948C8C-78B7-4707-BEC3-C923651593B1}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{D04A92F4-1B08-4DB2-8467-312A8F54DC75}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E0380FA8-FD91-446D-A7B4-4EDA374E6773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F11D011E-F421-461E-A6AC-7F787DE55C08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FEF3B0D6-047E-478A-B8EC-6DFB423A6AC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0115BC29-9E09-4E5F-8475-1F26888BF170}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{0248C3F3-FD0D-4CF5-9EA7-267DB1CEEC93}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe | 
"{02CCAE79-8EF1-4294-8563-CB5AB02F5D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{07EF4981-CBAC-4A03-AC71-C1C1D5239341}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{08CC9751-2FDC-4451-A3CA-015673054EFF}" = protocol=17 | dir=in | app=c:\tools\steam\steam.exe | 
"{0A5E4996-6707-42EB-ADF2-1EDC42A20EF1}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{119AB236-22E7-4EC1-9F92-A8A571215C31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{17092FFB-2BA7-48A8-A498-A7536CFD5881}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\left 4 dead 2\left4dead2.exe | 
"{173419A7-BB15-4DF7-AC21-1B81B57695F4}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"{1739ECF1-7317-4869-9C79-7D6BA42BABB8}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\blood bowl legendary edition\bb_le.exe | 
"{18A0A384-ACB2-4B0D-83B9-D4DD7FBFD0DB}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe | 
"{1C6395AD-E6CE-4FAC-8FC0-CB55262CFED4}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{219E481A-2E59-4851-A915-AC442D6F98C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{298CEA2F-793A-47FD-85D6-C7BF6FE81A6C}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{33A7A45E-BC1C-4670-9626-2279526DB545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{33C153D6-979C-4BAB-9884-BEDB440D7B05}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"{3C99F5CA-6B97-45B6-85C3-815BCFF00E18}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{44574D89-B49D-4CF8-926F-BF38C8BB2731}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{469A57D2-2A34-4029-B5D5-C4857C8B9269}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\support\blizzarddownloader.exe | 
"{48A01686-AB21-4F69-BF90-6272F18B33A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4AB650FD-3C96-4C49-967F-596607B7FD02}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{4D2745D5-1D50-43D5-BF1D-A918018CDED3}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe | 
"{4D7DD0E3-169B-4E26-8A56-9C7FA70304BA}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{51932C8F-E5F9-4B0D-BE29-921EB33FC756}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{54721509-6015-45AD-B7F1-2333EC294EB6}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe | 
"{598BB8CA-FD92-4681-81E0-E780B396ACD3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe | 
"{5B89CD35-81C3-4F7C-A859-A060E048B859}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{5E625CDE-E544-4830-B933-E23814FC5546}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{5F80919A-99B0-4A46-A8D1-B4339AEE635D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{60AB3FC1-BADD-4533-84A6-F97BFE80C9C3}" = protocol=17 | dir=in | app=c:\tools\utorrent\utorrent.exe | 
"{6EB9B7E5-2103-4A23-9425-F86D1B02456A}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{6ED5A525-AAA3-48B5-9E08-5FD039983CAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{70DE11EB-D635-4988-942D-4D1619ADA4B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{741B7A62-4BFE-4FDE-BC4C-DC4F437AE0D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{751DAB5A-FBFD-4F5A-8490-48C84831476F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{7918AB11-90D9-4A29-A987-E860DD8F9227}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\gotham city impostors\engine.exe | 
"{7B8268D3-CED1-4793-A100-695A3C30A6E2}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{7F6DE4DA-7477-449E-BC8B-8B1F9D3BBF06}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\gotham city impostors\engine.exe | 
"{8024277F-17D3-440F-BFA7-163E0BDF63DB}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe | 
"{80826BA4-A0AF-4C23-B18E-2DBCDB78F853}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe | 
"{819D0E54-3B97-48F7-BA9D-6142C72319C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{840DCEE0-03EC-4AC1-9F61-973D7804B929}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe | 
"{8C356876-A891-441E-88CA-1C95CAFDAF5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8E6532B5-3930-4622-958E-D3F48314716C}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{8F7AAF9C-8FF5-4E9C-BD26-6BC27A028B95}" = protocol=6 | dir=in | app=c:\tools\utorrent\utorrent.exe | 
"{9412F3B6-9EB2-48A8-95F4-DB058B6153D4}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3sp.exe | 
"{941B5110-97B3-4CCF-9EEC-22A8408588B0}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe | 
"{96DA6E65-6630-475D-B670-5E937A5FE8FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{98DAD6C6-6287-4FE7-97E1-7831A1022229}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\plants vs zombies\plantsvszombies.exe | 
"{9B204490-7416-4C3F-B220-9F23C14DE9FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"{9D60A960-05D9-4EA9-8FD0-0257591E73E5}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3mp.exe | 
"{9F57C9F4-2AFC-409B-B598-F8F9D0B44067}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{A25DA269-C48C-4486-B69E-E2DD88F0F146}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{A8B22474-A2BC-4CA9-878D-988613F29F9B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{AA4D4051-AFF0-404E-B641-43934583A6B4}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{AA9A02EF-28E5-4CB7-961C-ED5EAAAA511B}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{B298CACF-75E9-464D-9008-D4C2C10BB434}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe | 
"{B381DA33-AB72-4AD2-8343-4122D01E1B12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{B41EC812-2E02-4858-B8BF-9B83D9CAE870}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe | 
"{B5437E00-12A7-4182-8D2E-D94731DBA1C4}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{B5444F37-8098-426C-8ABE-F2EAE0712699}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe | 
"{B687A2E0-1A65-40F3-A54F-E92E23613AFF}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe | 
"{B698AA6A-F838-4DB2-95DC-64875F7D4D1C}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe | 
"{B7DF9139-E48E-4749-B608-428847874914}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{BD43A490-8BC2-4D02-A040-213810EC510E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{BE4C9387-57DC-4A43-A2D4-BDFCEF6761E0}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe | 
"{C2E6E10E-1C80-483A-BEE0-16CE313D5183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe | 
"{C47E7039-BBAA-4137-8AD7-77660B8965D7}" = protocol=6 | dir=out | app=system | 
"{C5587C83-6E08-4426-A2C2-063A012681AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{C6A6E45C-187F-4F2B-811E-6DF7DD72F81C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C6D1EAA8-D9D9-4F62-84DE-B57A561E1424}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{CDAF2418-63BF-49D2-8087-E9BF4BD83A63}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\crusader kings ii\ck2game.exe | 
"{D137A8FD-3565-4DBD-B886-A6C9A8992D75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D48464BD-38B8-476D-A750-755F5447F5C3}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\blood bowl legendary edition\bb_le.exe | 
"{DA4F2E82-5EE1-45BC-8F12-ED9723AB5340}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe | 
"{DD9889B2-7D9B-470C-B12E-F5AD72DA133F}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe | 
"{DDE4A5A1-DD07-4E98-AEFC-578D19F4578D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DE436697-B7FF-41C3-A171-2AC42471A15B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{DF2A522C-65AB-4901-80F1-F7A17EF78282}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe | 
"{E0CFBB91-0E34-4817-B634-750176E9A0D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E3CF9005-DD8D-41DE-BBEC-590BEEA1B3A6}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\skyrim\skyrimlauncher.exe | 
"{E574B836-932D-403F-B82A-913E9CEC7EEE}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm | 
"{E5DD28B0-C0D5-47C1-94B3-73BCF9DD803D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"{EA7670C6-2CD6-4C48-B057-85527BA1D715}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"{EDBF5593-6D32-4336-BBB5-2438F1A1C156}" = protocol=6 | dir=in | app=c:\tools\steam\steam.exe | 
"{EE976180-896C-427F-A63C-B4C2EEA62755}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\civilizationv.exe | 
"{EFF6BD10-BF8C-45C0-906D-173A4D3E1F7C}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe | 
"{F1D620BF-6E99-444A-8A3F-1DD5AEAEE1F8}" = dir=in | app=c:\tools\skype\phone\skype.exe | 
"{F94B8B7A-73E5-4EB2-B9B8-05C278534B77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{FD593EE1-A28A-4E92-8498-7737C95EB8D6}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe | 
"{FF6C5316-B057-4584-A6E4-636A61E73344}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{FFDA6CBD-8146-4751-821F-B657CCF1C9FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{0512090C-7A20-4A4C-8176-240253185367}C:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base21029\sc2.exe | 
"TCP Query User{1D4FDD35-1A7E-4234-8E1E-852DEA924A46}C:\spiele\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base18092\sc2.exe | 
"TCP Query User{250F2C06-4867-415B-8800-296BF71E1E57}C:\tools\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\defcon\defcon.exe | 
"TCP Query User{3D8F6E97-6A1C-4ED5-A3A0-F0C0262FEF60}C:\spiele\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base18574\sc2.exe | 
"TCP Query User{46EB9CDC-5329-4B05-9A39-718B777781BF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{4AF2BDF1-E8B6-48C9-84C2-6B86AFCD971B}C:\rest\download\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\rest\download\diablo-iii-8370-engb-installer-downloader.exe | 
"TCP Query User{4BF1F5B4-AA34-423E-8C1C-F1A4FBE4EDB9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{52A91874-BCF8-4303-AF5F-FD92A9DF176F}C:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{53DE086B-D596-488C-A965-D0EB9F68B52F}C:\spiele\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16605\sc2.exe | 
"TCP Query User{6E491F5E-3D63-4803-9F5A-FB67C18FBECB}C:\spiele\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16755\sc2.exe | 
"TCP Query User{8B3A43A8-B939-4454-88D3-D9A5AF3768D7}C:\tools\abc\abc.exe" = protocol=6 | dir=in | app=c:\tools\abc\abc.exe | 
"TCP Query User{A3DB0051-4A1D-41C0-A806-38618A4FCD8C}C:\spiele\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16561\sc2.exe | 
"TCP Query User{A51A3C98-5D81-4B0E-BCC6-85F4ED0786B6}C:\spiele\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16939\sc2.exe | 
"TCP Query User{AEFCA898-5BAD-439E-9CA2-B0BFE683E1EF}C:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base17326\sc2.exe | 
"TCP Query User{B8A28EC5-3038-4C35-BE56-276EDEABAA6A}C:\rest\download\utorrent.exe" = protocol=6 | dir=in | app=c:\rest\download\utorrent.exe | 
"TCP Query User{BC2E84B8-3AA3-4F18-BFAC-6776E50E1692}C:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe | 
"TCP Query User{D6615BB0-1448-4C0B-A801-ED54C009960B}C:\spiele\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base19132\sc2.exe | 
"TCP Query User{F3807209-7EB8-4F38-AE42-B5A73E9FA1DE}C:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base19679\sc2.exe | 
"TCP Query User{FEF2798C-D79A-4A5C-AF7C-52653BC70504}C:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{1EAD77CC-0715-4AA5-B054-8040CF043372}C:\rest\download\utorrent.exe" = protocol=17 | dir=in | app=c:\rest\download\utorrent.exe | 
"UDP Query User{21ECE2E6-E97A-4951-AD82-09E39493DE65}C:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base15405\sc2.exe | 
"UDP Query User{225EA3C3-DD89-41EB-B0AC-7FCBCE26B0ED}C:\spiele\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16755\sc2.exe | 
"UDP Query User{28CDC7CA-79CB-421E-A11C-C9F191015950}C:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base21029\sc2.exe | 
"UDP Query User{4AFBF616-6B2B-465E-8F18-9BD9A2EC9156}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{4BD244BA-09C7-48B8-ACB8-6A8C6EC18BB8}C:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base17326\sc2.exe | 
"UDP Query User{6164D213-6894-4E49-86E2-A469857933E4}C:\spiele\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base18574\sc2.exe | 
"UDP Query User{75720B9E-A63A-4AB5-8B79-90884DA38EFB}C:\spiele\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16561\sc2.exe | 
"UDP Query User{8BA04B10-9F88-4730-8E6D-94E4595A847D}C:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe | 
"UDP Query User{9DCB25D8-CA34-4EF5-BC83-6C04BF37E96C}C:\spiele\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base18092\sc2.exe | 
"UDP Query User{9ED1B86C-D908-4AF9-932E-D23426E02087}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{A9327352-E236-4B59-A50F-ADFDC6B9B0E6}C:\rest\download\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\rest\download\diablo-iii-8370-engb-installer-downloader.exe | 
"UDP Query User{C182E455-5777-47CD-9106-DFEBD7533B21}C:\spiele\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base19132\sc2.exe | 
"UDP Query User{D3E0611F-BA59-459A-8906-F35BCF487554}C:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base19679\sc2.exe | 
"UDP Query User{D75B5ABC-F538-41E9-B0F7-CC884FA79915}C:\spiele\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16939\sc2.exe | 
"UDP Query User{D76F320F-0E7F-4DE5-9E6B-15128F6E7B12}C:\spiele\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16605\sc2.exe | 
"UDP Query User{DA3755B6-A690-4D7E-98BD-627600658791}C:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{FD752B95-6254-48CD-9AAE-E72F4FBE541F}C:\tools\abc\abc.exe" = protocol=17 | dir=in | app=c:\tools\abc\abc.exe | 
"UDP Query User{FDF8A885-F0D1-4E14-BE5A-907CC85B006E}C:\tools\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\defcon\defcon.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In 
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"NVIDIA Drivers" = NVIDIA Drivers
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 3.5.1.131
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D191524-4976-45F9-94E8-4F6F4A1BD7C0}" = Rund um (2.0) ... Horizonte 8 BY
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}" = Brother MFL-Pro Suite DCP-130C
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.1
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CC185D10-5C0E-40C3-91F2-63314BB365AF}" = Solid Edge ST2
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E66EAC2A-7F41-4316-8277-0A54684BC999}" = Rund um (2.0) ... Horizonte 6
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}" = Tiny Personal Firewall 2.0.15
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Company of Heroes" = Company of Heroes
"Diablo III" = Diablo III
"Divine Wind_is1" = Divine Wind version 5.1
"DivX Setup.divx.com" = DivX-Setup
"Downloader" = Downloader
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaProSoft Free HD Video Converter_is1" = MediaProSoft Free HD Video Converter 5.9.5
"Medion GoPal Assistant" = Medion GoPal Assistant 4.01.028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Sid Meier's Alpha Centauri_is1" = Sid Meier's Alpha Centauri
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 1520" = DEFCON
"Steam App 202200" = Galactic Civilizations II: Ultimate Edition
"Steam App 203770" = Crusader Kings II
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 550" = Left 4 Dead 2
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8930" = Sid Meier's Civilization V
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 1.1.4
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tropico 4" = Tropico 4 1.00
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 26.08.2011 05:37:43 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 29.08.2011 04:36:34 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 30.08.2011 14:13:03 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 01.09.2011 02:53:49 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 02.09.2011 08:36:57 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 05.09.2011 17:28:51 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RelicCOH.exe, Version: 2.602.0.199,
 Zeitstempel: 0x4db843f0  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
 Zeitstempel: 0x4ce7ba58  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce653  ID des fehlerhaften
 Prozesses: 0x63c  Startzeit der fehlerhaften Anwendung: 0x01cc6c01e651f640  Pfad der
 fehlerhaften Anwendung: C:\Spiele\Company of Heroes\RelicCOH.exe  Pfad des fehlerhaften
 Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 0c285c90-d806-11e0-a138-00248c1f690d
 
Error - 06.09.2011 03:26:57 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 07.09.2011 13:02:48 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 07.09.2011 15:12:43 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
Error - 09.09.2011 03:24:50 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
 Toolkit\DiscSpeed.exe". Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine
 für die Anwendung erforderliche Komponentenversion steht in Konflikt mit  einer anderen,
 bereits aktiven Komponentenversion.  In Konflikt stehende Komponenten:.  Komponente
 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
 
[ System Events ]
Error - 02.06.2012 13:56:55 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?06.?2012 um 19:55:03 unerwartet heruntergefahren.
 
Error - 03.06.2012 10:16:41 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 03.06.2012 10:16:41 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 03.06.2012 10:16:42 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 03.06.2012 10:16:42 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
Error - 03.06.2012 11:46:43 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2012 um 17:45:01 unerwartet heruntergefahren.
 
Error - 06.06.2012 09:50:38 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2012 um 15:48:44 unerwartet heruntergefahren.
 
Error - 06.06.2012 12:26:34 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2012 um 18:24:13 unerwartet heruntergefahren.
 
Error - 11.06.2012 15:29:41 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?06.?2012 um 21:16:44 unerwartet heruntergefahren.
 
Error - 13.06.2012 08:58:32 | Computer Name = PC | Source = VDS Basic Provider | ID = 33554433
Description = 
 
 
< End of report >
         
--- --- ---

Gmer mache ich nicht, weil ich Win7 mit 64 Bit fahre, wenn ich das richtig verstanden habe.

Ich wäre euch für Hilfe wirklich sehr dankbar, da hängt viel dran, dass mein Rechner nicht auf den Müll muss.

Geändert von virulent (13.06.2012 um 14:41 Uhr)

Alt 14.06.2012, 10:37   #2
Psychotic
/// Malwareteam
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2



CkScan


Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.
__________________

__________________

Alt 16.06.2012, 14:12   #3
virulent
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2



CKScanner - Additional Security Risks - These are not necessarily bad
c:\spiele\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\shadow_wall_2_cracked.dds
c:\spiele\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked.nif
c:\spiele\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked_diff.dds
c:\tools\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga
scanner sequence 3.BB.11.RTCAUA
----- EOF -----

Da steht zwar was von cracked, aber das sind keine Cracks oder so.

Bislang hatte ich keine Virenmeldungen mehr, evtl. hat Avira doch alles erwischt.
__________________

Alt 18.06.2012, 08:21   #4
Psychotic
/// Malwareteam
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2





Mein Name ist Marius und ich werde dir bei deinem Problem helfen.

Eines vorneweg:

Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg.

Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist.

Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
  1. Bitte arbeite alle Schritte der Reihe nach ab.
  2. Lese die Anleitungen sorgfältig. Solltest du irgendwo nicht weiterkommen, stoppe an diesem Punkt und beschreibe dein Problem hier!
  3. Nur Scans durchführen, zu denen du von einem Helfer aufgefordert wirst.
  4. Bitte kein Crossposting (posten in mehreren Foren) - wenn du die Anweisungen mehrere Helfer ausführst, kann das schwere Probleme nach sich ziehen!.
  5. Installiere oder Deinstalliere während der Bereinigung keine Software (ausser, du wurdest dazu aufgefordert).
  6. Wenn etwas unklar ist: Frage, bevor du etwas "blind" machst!

    ...und ganz wichtig:

  7. Poste die Logfiles mit code-tags (das #-Symbol oben im Antwortfenster) in deinen Thread! Nicht anhängen, außer, ich fordere dich dazu auf. (Erschwert mir nämlich das Auswerten).


Vista und Win7 User
Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten.



Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall < >. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.[/color]



Schritt 1: aswMBR



Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
  • Starte die aswMBR.exe - (aswMBR.exe Anleitung) Vista und Win7 User mit Rechtsklick "als Admininstartor starten"
  • Das Tool wird dich fragen, ob Du mit der aktuellen Virendefinition von AVAST! dein System scannen willst. Beantworte diese Frage bitte mit Ja. ( Sollte deine Firewall fragen, bitte den Zugriff auf das Internet zulassen ) Der Download der Definitionen kann je nach Verbindung eine Weile dauern.
  • Klicke auf Scan.
  • Warte bitte bis Scan finished successfully im DOS Fenster steht.
  • Drücke auf Save Log und speichere diese auf dem Desktop.
Poste mir die aswMBR.txt in deiner nächsten Antwort. Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte es erneut nicht klappen teile mir das bitte mit.



Schritt 2: Scan mit TDSS-Killer


Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
  • Starte die TDSSKiller.exe
  • Klicke Change parameters, wähle Detect TDLFS file system, klicke OK.
  • Drücke Start Scan
  • Sollten infizierte Objekte gefunden werden, wähle keinesfalls Cure. Wähle Skip und speichere das Logfile. TDSSKiller wird eine Logfile auf deinem Systemlaufwerk speichern ( Meistens C:\ ) Als Beispiel: C:\TDSSKiller.<version_date_time>log.txt
Poste den Inhalt bitte hier in deinen Thread.
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 21.06.2012, 15:06   #5
Psychotic
/// Malwareteam
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2



Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist

__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 26.06.2012, 08:58   #6
Psychotic
/// Malwareteam
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________
--> Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2

Alt 27.06.2012, 20:04   #7
virulent
 
Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Standard

Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2



Hallo!

Da ich keine weiteren Fehlermeldungen bekommen habe, gehe ich davon aus, dass meine Virenscanner alles gesäubert haben. Falls sich doch noch was ergibt, dann melde ich mich wieder.

Ganz herzlichen Dank für die Hilfe bisher! Dankeschön!

Antwort

Themen zu Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2
adblock, anti-malware, atraps, avira, battle.net, befallen, call of duty, cpu-z, daten, ebenfalls, editieren, entdeck, festplatte, install.exe, interne, internet, jahre, lange, malwarebytes, mediyes, microsoft office word, nachbar, ntdll.dll, office 2007, pirates, platte, plug-in, probleme, rechner, richtlinie, sauber, searchscopes, tr/atraps.gen, verschwunden, version., virus, wirklich, woche, wochen, würde




Ähnliche Themen: Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2


  1. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  2. TR/Atraps.gen - TR/Atraps.gen2 - TR/Rogue.kdv.686334 - von AVIRA Antivirus entdeckt
    Log-Analyse und Auswertung - 05.09.2012 (24)
  3. TR/ATRAPS.Gen2 und TR/ATRAPS.Gen wird alle paar Minuten von Antivir gemeldet
    Plagegeister aller Art und deren Bekämpfung - 21.08.2012 (22)
  4. Antivir meldet TR/ATRAPS.Gen2 und TR/ATRAPS.Gen angebl. Shockwave Installation
    Log-Analyse und Auswertung - 17.08.2012 (5)
  5. Avira: 800000cb.@ TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in C:\Windows\Installer\.. und weitere Pfaden
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (25)
  6. antivir meldet alle paar minuten den fund TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 01.08.2012 (4)
  7. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 27.07.2012 (25)
  8. Viren,BDS/ZAccess.T,TR/ATRAPS.gen,TR/ATRAPS.gen2 in C:/Dokumente/Einstellungen/Administrator..
    Alles rund um Windows - 22.07.2012 (1)
  9. Trojaner TR/ATRAPS.gen und TR/ATRAPS.Gen2 lässt sich nicht entfernen
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (30)
  10. Trojaner Atraps.Gen, Atraps.Gen2 und Sirefef.AB.20 - gelöscht, aber auch sicher?
    Log-Analyse und Auswertung - 14.07.2012 (23)
  11. TR/ATRAPS.GEN, TR/ATRAPS.Gen2 6 seit ein paar Minuten auch noch ein Sirefef.P.528
    Plagegeister aller Art und deren Bekämpfung - 13.07.2012 (1)
  12. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  13. Nach Befall tr/atraps.gen tr/atraps.gen2 formatiert - Computer startet selbständig neu
    Log-Analyse und Auswertung - 09.07.2012 (1)
  14. Virus (Rootkit.0Access, TR/ATRAPS.Gen, TR/ATRAPS.Gen2) entfernt; tatsächlich clean?
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (7)
  15. Avira ANtivir meldet Befall durch: tr/atraps.gen & tr atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 03.07.2012 (3)
  16. Und noch einer: Trojaner TR/ATRAPS.Gen2 und TR/ATRAPS.Gen und W32/Patched.UA HILFE!!!
    Log-Analyse und Auswertung - 28.06.2012 (7)
  17. Antivir meldet ständig wiederholten Fund von TR/ATRAPS.Gen, TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 03.06.2012 (1)

Zum Thema Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 - Hallo! Mein Avira hat die Atraps-Viren vor etwa zwei Wochen aufgespürt. Nach einigem Geschmöker im Internet und einigem Herumgespiele mit Malwarebytes Anti-Malware (u.a. mehrere stundenlange Deep-Scans) schien der Schaden bereinigt - Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2...
Archiv
Du betrachtest: Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.