Virus, zugemüllt oder Hardware Defekt?

SteffenJ · 01.11.2012, 18:19

Guten Abend,

Seit etwa zwei Monaten hängt sich mein Windows 7 64Bit System wegen jedem Mist auf, selbst die primitivsten Anwendungen oder Seiten wie google.de benötigen oftmals 1-2 Minuten um geladen zu werden. Spielen tue ich mit dem Rechner nur Warcraft III (2003) und selbst dort habe ich nun eine Verzögerung von 2 Sekunden, was das Gesamte Onlinespielen UNMÖGLICH macht.

Beobachtungen die ich gemacht habe:
Die CPU Auslastung ist sehr gering, meistens um die 3% und beim Starten von Anwendungen auch nicht viel höher. Dasselbe beim Physischen Speicher.
Der Rechner macht den Eindruck als wäre er einfach nur zugemüllt mit Viren und müsste mal wieder defragmentiert werden, aber leider komme ich dazu nun:

Was ich bisher unternommen habe:
Maleware Bytes:
Keine Funde, nirgends.

Avira Antivir:
2 Funde (TR/Packed und TR.dropper), die laut google bei Antivir zwar gelöscht sein müssten, aber dennoch oftmals noch existieren. Laut Antivir werden sie als nahezu harmlos eingestuft.

Spybot S&D: 2-3 Maleware, leider trotzdem keine Leistungssteigerung.

MemCheck4 ("billig"-Speichertest): Keine Fehler.

Defragmentierung --> keine Leistungssteigerung.
Datenträgerbereinigung --> keine Leistungssteigerung.

Eset Check : keine Funde oder Warnungen.

Zu erwähnen ist vielleicht noch, dass diese extreme Leistungsminderung innerhalb von kürzester Zeit (1-2 Tagen) aufgetreten ist, soweit ich es in Erinnerung habe.

Informationen zu meinem System
Acer Aspire M3870
Inter Core i3 CPU 530 @ 2.93 GHz
4,00GB DDR3 RAM
Windows 7 Home Premium 64Bit
nVidia GeForce GT 330
Internetverbindung: WLAN 54mbit über Fritzbox (4/5 Balken)

Der Rechner wurde Ende 2010 gekauft und seitdem wurde weder Hardware ausgetauscht, noch irgendein anderes Betriebssystem aufgespielt oder neuinstalliert.
Im Anhang sind die beiden TXT Files von OTL, falls sie euch helfen.

Ich wäre echt dankbar, wenn irgendein schlauer Kopf sich die Zeit nehmen würde, sich damit zu beschäftigen. Ich bin mit meinem Latein nämlich absolut am Ende.

Beste Grüße

Steffen

kira · 02.11.2012, 06:00

Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:

Zitat:

"Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
- da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
- also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
Charakteristische Merkmale/Profilinformationen:
- aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
Die Systemprüfung und Bereinigung:
- kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
Innerhalb der Betreuungszeit:
- ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
Die Reihenfolge:
- genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
Ansonsten unsere Forumsregeln:
- Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?

Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen

► Hilfeleistung - geplante Vorgehensweise:

Problemsuche
Problembeseitigung/Systembereinigung
Verwendete Programme deinstallieren/entfernen
Thema abschließen: Tipps zur Computersicherheit

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
erneut einen Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Mache Häckchen bei LOP- und Purity-Prüfung
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

2.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:

Download den CCleaner herunter
Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:

Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]

** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw

gruß
kira

SteffenJ · 02.11.2012, 14:57

Danke für die Hilfsbereitschaft!

hier ersteinmal die neue OTL und TXT:
OTL:

Code:

ATTFilter

OTL logfile created on: 02.11.2012 13:40:27 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 69,70% Memory free
9,82 Gb Paging File | 8,58 Gb Available in Paging File | 87,41% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,45 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\browsermngr-16.0.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Robocppy) -- C:\Windows\SysNative\sqlsrw32.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPSLPSVC) -- C:\Users\Steffen\AppData\Local\Temp\7zS479F\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZDCNDIS6a64) -- C:\Windows\SysNative\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ZDCNDIS6a64) -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope = {7A491AC1-1137-449F-8426-10ADD829BFF7}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_4&babsrc=SP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=8Q&apn_dtid=YYYYYYYYDE&apn_uid=FD70FE23-BE82-4EDB-AAFF-B8A44FCAF2B1&apn_sauid=7648A8B1-A574-4BF0-B9D1-B76156772785
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.26 11:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.31 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.01 12:37:00 | 000,000,000 | ---D | M]
 
[2012.07.04 09:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.11.01 15:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions
[2012.11.01 00:05:12 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com
[2012.10.31 23:51:46 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\firebug@software.joehewitt.com.xpi
[2012.07.26 03:10:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.01 14:27:19 | 000,002,431 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml
[2012.11.01 00:46:04 | 000,002,790 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml
[2012.10.09 07:04:06 | 000,002,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml
[2012.10.13 22:01:09 | 000,002,401 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml
[2012.10.14 00:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 11:45:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.11.01 12:37:00 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.10.31 21:20:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.31 21:20:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.01 12:37:26 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.31 21:20:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.31 21:20:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 21:20:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 21:20:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 21:20:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Steffen\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A79AD6B-F792-42B1-A3E8-812A018D7D87}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A19B9D-6D26-4D2D-8B0A-497D545826A3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B7FDBF-8729-4625-AA6A-B5B121430625}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8338706-1B8E-4306-B99C-9BA1D30DD659}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D874298D-C04F-408B-B7F9-DA12E7106DFE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23811~1.154\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.25 07:23:05 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi(2).exe -- [ NTFS ]
O32 - AutoRun File - [2011.04.17 01:05:08 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi.exe -- [ NTFS ]
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell - "" = AutoRun
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.01 15:27:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\ABBYY
[2012.11.01 14:56:21 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.11.01 14:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.11.01 14:24:05 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.11.01 14:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.11.01 13:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.01 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.11.01 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.11.01 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.01 12:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.11.01 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.11.01 00:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.11.01 00:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanion
[2012.10.31 23:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.31 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Avira
[2012.10.31 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.31 21:18:26 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.31 21:18:26 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.31 21:18:26 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.28 22:25:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\ProcAlyzer Dumps
[2012.10.28 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.28 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.10.28 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Programs
[2012.10.21 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2012.10.21 21:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012.10.21 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012.10.21 21:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012.10.16 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\3DMark 11
[2012.10.16 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\IsolatedStorage
[2012.10.16 19:34:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Futuremark_Corporation
[2012.10.16 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012.10.16 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2012.10.16 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Booster
[2012.10.16 19:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2012.10.15 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.10.15 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 20:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.10.15 11:42:36 | 000,000,000 | ---D | C] -- C:\found.001
[2012.10.15 04:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.15 04:24:59 | 000,000,000 | ---D | C] -- C:\e7c37b4451c742f932307e85080001ac
[2012.10.14 23:56:00 | 000,000,000 | ---D | C] -- C:\found.000
[2012.10.14 00:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 11:59:10 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.11 11:59:09 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.11 11:59:09 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.11 11:58:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.11 11:58:58 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.11 11:58:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.11 11:58:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.11 11:58:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.11 11:58:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.11 11:58:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.11 11:58:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.11 11:58:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.11 11:58:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.11 11:58:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.11 11:58:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.11 11:58:44 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.11 11:58:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 21:23:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:32 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:21 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.08 19:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2012.10.08 19:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2012.10.05 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012.10.05 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010.05.24 21:40:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.02 13:35:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 13:35:40 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.02 13:32:22 | 003,271,516 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.02 13:32:22 | 001,381,198 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.02 13:32:22 | 000,942,810 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.02 13:32:22 | 000,836,760 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.02 13:32:22 | 000,005,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.02 13:27:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.02 13:27:23 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.01 17:15:57 | 000,027,681 | ---- | M] () -- C:\Users\Steffen\Desktop\OTLundExtras.rar
[2012.11.01 15:56:19 | 004,904,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.01 15:54:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | M] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:23:55 | 000,000,064 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:15:47 | 011,632,640 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:05:11 | 000,000,043 | ---- | M] () -- C:\END
[2012.10.31 23:27:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.31 22:59:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.31 21:57:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.31 01:21:04 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.10.29 13:26:48 | 000,045,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.28 16:20:34 | 000,007,607 | ---- | M] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.10.10 21:23:48 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:44 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.10 21:22:32 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 19:57:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 19:57:21 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.04 12:07:05 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.01 17:15:57 | 000,027,681 | ---- | C] () -- C:\Users\Steffen\Desktop\OTLundExtras.rar
[2012.11.01 15:54:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | C] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:08:39 | 011,632,640 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:08:39 | 000,000,064 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:05:11 | 000,000,043 | ---- | C] () -- C:\END
[2012.10.21 22:28:12 | 000,045,270 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.15 20:53:36 | 000,007,607 | ---- | C] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.08.09 06:41:28 | 000,018,537 | ---- | C] () -- C:\Users\Steffen\.recently-used.xbel
[2012.07.12 14:34:08 | 000,000,040 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\cdr.ini
[2012.06.20 11:26:15 | 000,302,425 | ---- | C] () -- C:\Users\Steffen\AppData\Local\funmoods-speeddial.crx
[2012.04.09 00:04:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2012.03.14 20:47:31 | 000,000,250 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.20 17:07:14 | 000,061,440 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\chrtmp
[2011.02.16 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.20 02:10:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.20 02:10:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.06 21:47:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.22 03:33:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.17 22:25:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.minecraft
[2012.11.01 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.07.17 22:57:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.09 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAEMON Tools Lite
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.10.31 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Dropbox
[2012.07.01 23:06:28 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoft
[2010.12.08 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.30 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Efyvop
[2012.10.29 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2011.06.05 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GetRightToGo
[2012.11.01 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.08.13 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\gtk-2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.06.19 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Iminent
[2012.03.30 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Isevuc
[2011.03.07 06:50:12 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAGIX
[2010.11.16 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OEM
[2012.08.26 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OpenOffice.org
[2012.06.25 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Opera
[2012.03.15 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Paonu
[2012.08.28 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\pdfforge
[2010.12.29 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PowerCinema
[2011.03.09 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Propellerhead Software
[2012.11.01 14:24:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.06.20 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Sigel
[2012.10.16 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2010.12.29 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftDMA
[2012.09.25 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftGrid Client
[2011.06.18 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Steinberg
[2012.09.11 14:18:38 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer
[2010.12.06 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TP
[2012.11.01 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent
[2011.03.09 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\VST3 Presets
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 02.11.2012 13:40:27 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen\Downloads
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,74 Gb Available Physical Memory | 69,70% Memory free
9,82 Gb Paging File | 8,58 Gb Available in Paging File | 87,41% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,45 Gb Free Space | 86,77% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080DFE78-3F67-4176-AA33-5910EA1A8B9F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0B71975C-2503-4A1B-A770-F0C221914959}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{135C48C1-C842-4B22-96AE-7BD8BDE6CCE5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{14431A3A-0DE9-4046-A94B-1BF9666DB2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E7FF8E1-3AB5-4864-8788-9B4A9CD06F38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C75D057-FBF8-478A-A93C-76126D772B1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37AD4B12-D45E-417B-AAFA-90878F034759}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{422EE04C-2631-41EC-BE97-35C04DA4F47A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{45F58694-CF13-4CB1-AE45-ACDF33B9862B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46C676F1-3301-4911-AA85-703442321634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49AC30DD-C5CA-4AE6-A51B-66934EC64ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4B9EF246-9A30-4FC5-AE11-09D41BF764D7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C512FB2-D561-4E5F-B7BC-7876542B4957}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F67A6EB-E724-4260-AFB4-3B67414455BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{525BDF3A-979D-4D90-BB09-26C47DA59B3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{551EA618-360F-4BCC-9BAD-942C4FC54AB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BAA75E8-F0C9-478C-B021-A0D5C0BC8B25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5BCE24B3-8718-47F3-9A38-4B4099A4E56B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{607A4468-6A53-47CB-AFE4-FA093BE2E76E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{654FD6F3-44A9-4CBC-971E-BE51C04F1F8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A23A04F-AC24-47A4-B09E-4191CD0CDFED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6C89C317-BCE7-435B-A5C4-E2EACFAD76E3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70B6D59C-7FF6-4017-8317-4F7D1D7F49B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{740A3E46-3815-43C7-9D17-BB17E9233873}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BDA49D2-8313-4910-B301-449F0971554B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{90383B2A-CE6D-4A3C-AD66-BF4E8C914612}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9C088032-B4B6-41A0-894F-2EC9AAFC98A1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9D00939C-CABE-4858-90C9-71AF97A3B484}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3D23C9D-0FD5-4D21-BD16-57658D2EFC9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A8B1F011-DB60-47A1-953F-BF4C23F82D68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A969EF55-B12D-4514-BB47-9C0205A2B94D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A9DA78BD-8DF2-4002-95E6-8605E1B20B01}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ADCD776C-FFAB-43C4-84C8-C4F4FD174F33}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B254E0D5-B244-4A3B-864C-186F955AF28A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B327B430-A742-4855-A057-BB5E0814753B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B54B0296-7793-4F64-BD98-FCE15D5C3FE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF5200FF-BCC1-45F6-9BFB-EC2AC1F954B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ED36C996-02DF-44F7-B2BC-EAF5642DCA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F101F9D8-C67E-46F0-9C3D-11715C5E8261}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F952F516-B58D-4721-AB35-FF8193D326E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF9AEA1B-0C4A-467C-B5B9-F4F290A101B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1C41A5-8309-47EA-A914-6B76E48056AE}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{0D4C49BF-9343-4CA9-834C-C0C9791FDB65}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{10F371E6-667F-4781-9CCE-A716DBACDFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{1266269A-08CF-440E-AFD9-09705181E62E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{15009FDB-4E2D-465B-8424-038B42A6DED2}" = protocol=6 | dir=out | app=system | 
"{18D01EA0-05BF-4313-9E94-D3A0F4794286}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1BDB3A0F-38A6-4600-947A-7D348F8D5F05}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{1C11DAE2-A59F-4DE9-B025-64CEBACD5281}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{1F23C7DC-518F-4F9D-8B29-B88C98E3FAAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21396A91-F880-4167-B551-3FA87BE6D270}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{214609A2-A1C5-4F4C-BF6D-DE065D5DB5C0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2565C9B1-9D35-49E5-9EDD-9FE39CABEF32}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{272F6D72-F391-4B15-A7A9-2D94F5CBF852}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{28D89F0A-B122-4CFF-B0AD-A2775B1A51D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E6D2D58-9BF1-4C70-9949-0A172B969E14}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{30D0F709-9905-4AAE-A04C-983C1BC8F3C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{32140FF8-0EAE-4D68-8A03-36FB1C159063}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{322E93DD-FB80-42FB-B638-5E581AB56C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{33665BAA-CFF7-44F5-87ED-8E7DAB735C39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{33F8517E-2A11-43F6-8475-DBDCE842996C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{349CF970-EDD5-4AA8-B317-D05F19EDEEF9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{3554F4E7-A3DF-4139-8A53-9682CB7C88B6}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{36B84D08-8209-4CCD-B45C-B6782DBACA05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3DAE183A-0248-42E4-90A5-815C297828EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41B44266-18D8-402B-B722-44B811777C97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{42A3E66C-BB69-4993-B0A1-5CDE0ED5DE62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4371CF4A-32CA-46CE-86F7-3D4DB987D904}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BDBD8CF-0B56-4952-8804-4B3FEBBA5227}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{4BF0BDAD-7FEB-4F3B-B8BD-A1D1D28C1D41}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{4E111BCD-08A3-4BEE-A415-81E156DC8955}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{50DCBB40-8CF1-49CE-97F8-0F7EC881DF1B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{59E4B612-0A3A-4C1F-9883-9F3931F8633B}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5C1C8DBB-A2C6-471D-9244-82167C2641ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{600DBE09-896D-4276-9494-86E629874BA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60DC6AEE-936E-4419-A102-0A4BEF01D3A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{62C9B90A-A2A2-4B36-B157-A7D084EA9FBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6312DC16-6F6F-4301-8D82-865BEC772730}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6FCACCD7-2F65-47AD-B9C4-E26112710182}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{70978235-9488-4FE2-8593-945F18F91D97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7475D5D3-40EE-4985-AAF7-064F9A944B29}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{762ED1D5-283A-415F-949E-DF7BD95A0870}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{775D2A75-2617-4113-BF78-5F9C42723F63}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{798D4220-AF1D-493A-A0EB-E026879C6DA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B1D2A9A-99BD-4AF2-9169-2ECA6698CD30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7D40F88A-7C48-40F0-977B-99E341540DBD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{81399730-3E00-41EF-88D9-9310EF405A82}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{8ADEFFAB-7373-4856-8C28-4B322677B071}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{8FF832D8-B3A4-4A27-9D8A-D2D3FB01411A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{914D93B6-2DA1-40B6-BDC0-2AB96869FF10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{93CE2066-B25C-4109-8F96-92177405ADA2}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steam.exe | 
"{93F83278-F444-466A-A1A4-CF2DAC075739}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe | 
"{97814C58-7BF7-433F-B50D-259A0BCB3543}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{986C8730-D0CE-4E51-8D1A-32A1C8F7F06D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{98FE26FE-A7E7-4F6E-9B64-F77A6EBA964A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{9ED9353B-D9A9-4F04-8042-50D6EA994AC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A4F4C791-0EF0-4846-B6AD-C290B80E0B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A65A8318-2C50-4A77-99F8-9D8F5991A1EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA95ECD5-AF4B-467A-BB2A-3CF14F48ACBB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{AE27F2C0-895F-4EA2-88A5-4C1AA8211BE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AF5B6D41-8CAE-4698-A0C0-2F1C01E28C73}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{B2816847-EDAF-4C0B-9655-A949520843BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B697AA97-9F19-4EE7-B6A7-D093F0FE658B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B6BD7548-38EF-47CD-9CFA-E5B433F07AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B7AD185B-35C7-48F2-9F6B-8A98D56BA448}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steam.exe | 
"{BCCDC2E7-3FDC-4271-96BF-693DB1438046}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{BDC3FB01-F675-4B0E-8A86-2F9C9C21D222}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{BEC8407C-70A0-4A44-ABC2-AEC0AAAA453E}" = protocol=6 | dir=in | name=wc3 host tcp | 
"{BED3C202-D87E-4E5C-8E79-0DB95030651C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{BF7444AD-0BAA-43D6-8077-437927E26338}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{C057B405-0995-4AA9-B36C-B92F3D304619}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{C6C2A6EF-FFC9-4071-888E-CE5D852434B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{C8C3F5BE-C765-43BF-ACB6-E21E422379B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C995A38E-F8A1-44DA-9D89-351D57544E97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CDDA4973-CDE0-4372-B29F-13E982BEBE39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDEEED98-57DB-4542-9B17-1A8EF5DD6039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF73F686-CA54-430C-9772-992EC5544AFF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{DBCA0AEC-F898-4B33-9AE7-CCF4C6505FEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DFFFBDB7-C06E-4258-B07F-3120E1276562}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe | 
"{E3C4C196-FD9F-4278-9CCF-5B0D8EBC9ED9}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{E84622B9-66DE-489A-AC90-3ED98F7E7F52}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{EBDE1498-AE9A-4CB9-BFEA-E6CBF0D7A728}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F9B54667-425A-4376-A815-65CA7CA83A30}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{FA3E11D9-9085-416E-A08E-D7E4493FC9D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{FCB86112-1E3B-4CB0-B641-8EA57988933E}" = protocol=17 | dir=in | name=wc3 host udp | 
"{FD3DDA08-9BF1-4737-914B-11EBB4FBA5DA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe | 
"TCP Query User{5C1222DC-7E87-4A47-BF86-707DC836444C}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"TCP Query User{62B90D4E-610F-429A-9E67-D4AD53E85F12}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe | 
"TCP Query User{897CF4DA-550B-476F-92B3-BD4E04CB4C4F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{919709D4-A789-41DD-805C-866D445AC6D2}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{AB8A165F-815C-48E3-913F-0F0CFDF5FD97}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe | 
"TCP Query User{B8F41EBD-7166-41B2-9202-AF60A48D54B5}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe | 
"TCP Query User{BFF19A0D-B488-4CFA-BB0A-F9B713BD294B}D:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\starcraft\starcraft.exe | 
"TCP Query User{C2E55CCF-3181-4029-B2C5-6F3BB554B8BF}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe | 
"TCP Query User{C79AAC02-5FD1-47BA-908E-C70B55C5618C}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe | 
"TCP Query User{E1493029-3F06-4B7F-8162-7FD1CF3C4479}D:\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\ut3\binaries\ut3.exe | 
"TCP Query User{EDEF650F-46A7-46ED-AA62-437D00B91D19}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{F2638986-E734-4BE2-A4DC-8176DEEAAECD}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"TCP Query User{FCCD6F16-920E-46AB-9084-BF67A10EF9BB}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{02C06B91-B414-415F-B902-B5BC6D23FF88}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{05D13E44-7F22-43A0-8D37-7920F67AF6FC}D:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\starcraft\starcraft.exe | 
"UDP Query User{09CB1FA0-3CD1-46CF-956C-915ABA96FB6E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe | 
"UDP Query User{0A0BCCFB-9A2D-4A75-B509-71E9DBE1D8FD}D:\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\ut3\binaries\ut3.exe | 
"UDP Query User{1E6BAE99-B314-4875-A2E8-E0523CB58E2A}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe | 
"UDP Query User{315AC987-18B5-4689-8779-A8C411D4598B}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"UDP Query User{65593D29-A27D-480D-8A77-C1D36593D95F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{678A44AE-69B3-4B9D-9940-EF131FA11FAD}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe | 
"UDP Query User{6A8A12A6-84D7-4122-9909-2CD114599814}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{8474D882-33E4-4EE0-9BE0-E7BEDF25A1DF}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{CAAB597D-FBE3-48FB-BD1F-B42A58AB486E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe | 
"UDP Query User{DAF82367-AC75-4BBF-B49D-DA2767578C37}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe | 
"UDP Query User{F3AFBF0B-E0B9-4239-90DF-BA1FA1B9E272}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe | 
"UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15c4d5e7-603f-4eee-b162-096a82edb38d}" = Nero 9 Essentials
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22AC6A90-A99A-4E41-BADC-AC05C811C2C8}_is1" = CDA to MP3 Converter v3.3 build 1228
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AnalogX AutoTune" = AnalogX AutoTune
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.50.0.1632
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"im" = Garena Plus
"IMBoosterARP" = Iminent
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.00.1467" = Opera 12.00
"Reason4_is1" = Reason 4.0
"Replay Explorer_is1" = Replay Explorer 2
"Sigel Professional Label Software SE" = Sigel Professional Label Software SE
"Startup Booster_is1" = Startup Booster v2.4
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
"Dropbox" = Dropbox
"fbDownloader" = fbDownloader
"polo-AT_MAIN" = Polo Cup (AT)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 25.06.2012 18:38:22 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1688  Startzeit der fehlerhaften Anwendung: 0x01cd5323393942c6  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: 775bf7b1-bf16-11e1-a7be-4487fc79af0a
 
Error - 26.06.2012 08:14:21 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 26.06.2012 08:15:29 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 26.06.2012 08:17:03 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "c:\Users\Steffen\downloads\softonicdownloader_fuer_cdex.exe".
 Fehler in  Manifest- oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche
 Komponentenversion steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.
In
 Konflikt stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 27.06.2012 09:44:36 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.06.2012 09:44:37 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.06.2012 09:44:39 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
 (x86)\Windows Live\Photo Gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "C:\Program Files (x86)\Windows Live\Photo Gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
 werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
 ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
 DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
 und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
 
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
[ System Events ]
Error - 01.11.2012 13:30:37 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.11.2012 13:30:42 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 01.11.2012 13:31:10 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 01.11.2012 13:31:16 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 01.11.2012 14:47:24 | Computer Name = Steffen-PC | Source = iaStor | ID = 262153
Description = 
 
Error - 02.11.2012 08:27:53 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.11.2012 08:27:57 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2012 08:28:02 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2012 08:28:32 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.11.2012 08:28:37 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

Install.txt aus CCleaner:

Code:

ATTFilter

7-Zip 9.20		21.12.2010		
Acer Arcade Deluxe	CyberLink Corp.	26.05.2010	102MB	3.2.7222
Acer eRecovery Management	Acer Incorporated	24.05.2010		4.05.3007
Acer Registration	Acer Incorporated	26.05.2010		1.02.3006
Acer ScreenSaver	Acer Incorporated	26.05.2010		1.02.0722
Acer Updater	Acer Incorporated	24.05.2010		1.01.3017
Acrobat.com	Adobe Systems Incorporated	24.05.2010	1,60MB	1.6.65
Adobe AIR	Adobe Systems Incorporated	17.07.2012		3.3.0.3670
Adobe Audition 3.0	Adobe Systems Incorporated	12.04.2011		3.0
Adobe Audition 3.0 Vista Compatibility		12.04.2011		
Adobe Download Assistant	Adobe Systems Incorporated	17.07.2012		1.2
Adobe Flash Player 11 ActiveX	Adobe Systems Incorporated	09.10.2012	6,00MB	11.4.402.287
Adobe Flash Player 11 Plugin	Adobe Systems Incorporated	09.10.2012	6,00MB	11.4.402.287
Adobe Reader 9.2 MUI	Adobe Systems Incorporated	16.01.2011	652MB	9.2.0
Alice Greenfingers	Oberon Media	26.05.2010		
Amazonia	Oberon Media	26.05.2010		
AnalogX AutoTune	AnalogX	17.04.2011		
Apple Mobile Device Support	Apple Inc.	12.07.2012	24,9MB	5.2.0.6
Avira Free Antivirus	Avira	31.10.2012	124MB	13.0.0.2735
Bonjour	Apple Inc.	12.07.2012	2,04MB	3.0.0.10
Canon Inkjet Printer Driver Add-On Module V2.00		13.04.2012		
Canon MP Navigator 3.0		13.04.2012		
Canon My Printer		15.04.2012		
CCleaner	Piriform	24.10.2012		3.24
CDA to MP3 Converter v3.3 build 1228	Hoo Technologies	24.06.2012	12,8MB	
Chicken Invaders 2	Oberon Media	26.05.2010		
Civilization III		08.10.2012		
Conduit Engine	Conduit Ltd.	03.04.2011		
DAEMON Tools Lite	DT Soft Ltd	09.03.2011		4.40.2.0131
DAEMON Tools Toolbar	DT Soft Ltd	09.03.2011		1.1.4.0024
Dairy Dash	Oberon Media	26.05.2010		
DivX-Setup	DivX, LLC	26.09.2012		2.6.1.9
Dream Day First Home	Oberon Media	26.05.2010		
Dropbox	Dropbox, Inc.	18.06.2012		1.4.7
DVDVideoSoftTB Toolbar	DVDVideoSoftTB	03.04.2011		6.3.3.3
ESET Online Scanner v3		31.10.2012		
eSobi v2	esobi Inc.	24.05.2010	20,4MB	2.0.4.000274
Farm Frenzy 2	Oberon Media	26.05.2010		
fbDownloader	HTTO Group, Ltd.	01.11.2012		1.0.0.0
First Class Flurry	Oberon Media	26.05.2010		
Futuremark SystemInfo	Futuremark Corporation	16.10.2012		4.12.0
Game Booster 3	IObit	01.11.2012	14,9MB	3.4
Garena Plus	Garena Online Pte Ltd.	21.10.2012		2011
GIMP 2.6.11	The GIMP Team	09.12.2010	106MB	2.6.11
Glary Utilities 2.50.0.1632	Glarysoft Ltd	01.11.2012	21,9MB	2.50.0.1632
Google Toolbar for Internet Explorer	Google Inc.	27.09.2012		7.4.3230.2052
Gothic III	JoWooD Productions Software AG	30.03.2012		1.0.0
Granny In Paradise	Oberon Media	26.05.2010		
Heroes of Hellas	Oberon Media	26.05.2010		
Hotkey Utility	Acer Incorporated	26.05.2010		2.05.3003
Identity Card	Acer Incorporated	26.05.2010		1.00.3003
Iminent	Iminent	19.06.2012		5.18.52.0
IMinent Toolbar	IMinent	19.06.2012	3,37MB	3.26.0
Java(TM) 7 Update 5	Oracle	04.07.2012	101MB	7.0.50
Java(TM) 7 Update 5 (64-bit)	Oracle	04.07.2012	95,0MB	7.0.50
Merriam Websters Spell Jam	Oberon Media	26.05.2010		
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	25.11.2010	38,8MB	4.0.30319
Microsoft .NET Framework 4 Client Profile DEU Language Pack	Microsoft Corporation	25.11.2010	2,93MB	4.0.30319
Microsoft Age of Empires II		05.10.2012		
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	06.12.2010		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	11.05.2012	168MB	4.1.10329.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	26.05.2010	1,72MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	01.11.2012	290KB	8.0.61001
Microsoft Visual C++ 2005 Redistributable (x64)	Microsoft Corporation	18.07.2012	572KB	8.0.61000
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148	Microsoft Corporation	18.07.2012	786KB	9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161	Microsoft Corporation	19.07.2012	788KB	9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	01.11.2012	590KB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219	Microsoft Corporation	19.07.2012	13,8MB	10.0.40219
Mozilla Firefox 16.0.2 (x86 de)	Mozilla	31.10.2012	38,5MB	16.0.2
Mozilla Maintenance Service	Mozilla	31.10.2012	329KB	16.0.2
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	19.11.2010	1,27MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	19.11.2010	1,33MB	4.20.9876.0
MyWinLocker Suite	Egis Technology Inc.	24.05.2010	2,20MB	3.1.210.0
Nero 9 Essentials	Nero AG	24.05.2010		
Norton Online Backup	Symantec	24.05.2010	2,09MB	1.2.0.36
NVIDIA 3D Vision Treiber 306.97	NVIDIA Corporation	01.11.2012		306.97
NVIDIA Display Control Panel	NVIDIA Corporation	26.05.2010		1.10
NVIDIA Grafiktreiber 306.97	NVIDIA Corporation	01.11.2012		306.97
NVIDIA PhysX	NVIDIA Corporation	23.06.2012	78,9MB	9.10.0513
NVIDIA Update 1.10.8	NVIDIA Corporation	01.11.2012		1.10.8
Opera 12.00	Opera Software ASA	25.06.2012		12.00.1467
PDFCreator	Frank Heindörfer, Philip Chinery	28.08.2012		1.4.3
Polo Cup (AT)		26.12.2010		
QuickTime	Apple Inc.	05.01.2011	73,7MB	7.69.80.9
Realtek Ethernet Controller Driver For Windows Vista and Later	Realtek	24.05.2010		1.00.0011
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	16.02.2011		6.0.1.6299
Reason 4.0	Propellerhead Software AB	09.03.2011		4.0
Replay Explorer 2	Hans-Peter Wolf	15.03.2012		
Sigel Professional Label Software SE		20.06.2012		
SiSoftware Sandra Lite 2012.SP4c	SiSoftware	01.11.2012	92,9MB	18.52.2012.6
Skype™ 5.10	Skype Technologies S.A.	11.09.2012	19,4MB	5.10.116
Speedport W 101 Stick WLAN Manager	Deutsche Telekom	20.02.2012		1.00.0000
Startup Booster v2.4	Smart PC Solutions	16.10.2012		2.4
Steinberg Cubase 5	Steinberg Media Technologies GmbH	18.06.2011	306MB	5.1.2
Steinberg Drum Loop Expansion 01	Steinberg Media Technologies GmbH	09.03.2011	424MB	1.0.0.1
Steinberg Groove Agent ONE Content	Steinberg Media Technologies GmbH	09.03.2011	142MB	1.0.0.003
Steinberg HALionOne	Steinberg Media Technologies GmbH	09.03.2011	387MB	1.1.0.457
Steinberg HALionOne Additional Content Set 01	Steinberg Media Technologies GmbH	09.03.2011	940MB	1.0.0.001
Steinberg HALionOne Expression Set	Steinberg Media Technologies GmbH	09.03.2011	231MB	1.0.1.0
Steinberg HALionOne GM Drum Set	Steinberg Media Technologies GmbH	09.03.2011	23,9MB	1.0.1.457
Steinberg HALionOne GM Set	Steinberg Media Technologies GmbH	09.03.2011	63,6MB	1.0.1.457
Steinberg HALionOne Pro Set	Steinberg Media Technologies GmbH	09.03.2011	123MB	1.0.1.457
Steinberg HALionOne Studio Drum Set	Steinberg Media Technologies GmbH	09.03.2011	48,0MB	1.0.1.457
Steinberg HALionOne Studio Set	Steinberg Media Technologies GmbH	09.03.2011	112MB	1.0.1.457
Steinberg LoopMash Content	Steinberg Media Technologies GmbH	09.03.2011	612MB	1.0.0.005
Steinberg REVerence Content 01	Steinberg Media Technologies GmbH	09.03.2011	169MB	1.0.0.006
TeamViewer 6	TeamViewer GmbH	24.06.2011		6.0.10722
Uninstall 1.0.0.1		03.04.2011	10,9MB	
VLC media player 1.1.5	VideoLAN	29.12.2010		1.1.5
Warcraft III	Blizzard Entertainment	20.02.2012		
Welcome Center	Acer Incorporated	26.05.2010		1.00.3011
Windows Live Anmelde-Assistent	Microsoft Corporation	26.05.2010	1,93MB	5.000.818.5
Windows Live Essentials	Microsoft Corporation	26.05.2010		14.0.8089.0726
Windows Live Sync	Microsoft Corporation	26.05.2010	2,79MB	14.0.8089.726
Windows Live-Uploadtool	Microsoft Corporation	26.05.2010	224KB	14.0.8014.1029
WinRAR		29.12.2010

Bei weiteren Fragen, bitte melden.

Gruß

Steffen

kira · 02.11.2012, 19:04

1.
OTL wurde falsch platziert/gespeichert:
OTL muss auf dem Desktop abgelegt werden!
Stell deine Browser so ein, dass er OTL auf dem Desktop speichern soll!
also entfernen und erneut herunterladen:-> Lade OTL von Oldtimer herunter und speichere es auf Deinem Desktop.
** nachdem es gespeichert wurde auf dem Desktop in das Logfile von OTL, soll etwa so aussehen:

Zitat:

Folder = C:\Users\Dein Name\Desktop

2.
Systemscan mit OTL

Doppelklick auf die OTL.exe
Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
Unter Extra Registry, wähle bitte Use SafeList
Mache Häckchen bei LOP- und Purity-Prüfung
Klicke nun auf Run Scan links oben
Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

SteffenJ · 03.11.2012, 01:29

Habe nun alles exakt so ausgeführt, wie Du es gesagt hast.
Mein rechner ist übrigens noch langsamer geworden,
mittlerweile geht sogut wie GARNICHTS mehr. Selbst den OTL Scan musste ich komplett von vorne beginnen, weil er sich währenddessen aufgehangen hat.
Es geht immer weiter bergab..

Hier die neuen Files:

OTL:

Code:

ATTFilter

OTL logfile created on: 03.11.2012 00:21:13 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 70,87% Memory free
9,82 Gb Paging File | 8,64 Gb Available in Paging File | 88,03% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,43 Gb Free Space | 86,76% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Steffen\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension\components\browsermngr-16.0.dll ()
MOD - C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (Robocppy) -- C:\Windows\SysNative\sqlsrw32.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (Browser Manager) -- C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (Futuremark SystemInfo Service) -- C:\Program Files (x86)\Futuremark\Futuremark SystemInfo\FMSISvc.exe (Futuremark Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (HPSLPSVC) -- C:\Users\Steffen\AppData\Local\Temp\7zS479F\hpslpsvc64.dll (Hewlett-Packard Co.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (TeamViewer6) -- C:\Program Files (x86)\TeamViewer\Version6\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (PnkBstrB) -- C:\Windows\SysWOW64\PnkBstrB.exe ()
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (MWLService) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe (Egis Technology Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (USBS3S4Detection) -- C:\OEM\USBDECTION\USBS3S4Detection.exe ()
SRV - (Greg_Service) -- C:\Program Files (x86)\Acer\Registration\GregHSRW.exe (Acer Incorporated)
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\RpcAgentSrv.exe (SiSoftware)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (AAV UpdateService) -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV:64bit: - (acedrv05) -- C:\Windows\SysNative\drivers\acedrv05.sys ()
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (netr28ux) -- C:\Windows\SysNative\drivers\netr28ux.sys (Ralink Technology Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (athrusb) -- C:\Windows\SysNative\drivers\athrxusb.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZY202_VS) -- C:\Windows\SysNative\drivers\WlanGZG.sys (Atheros Communications, Inc.)
DRV:64bit: - (ZDCNDIS6a64) -- C:\Windows\SysNative\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (PID_0928) -- C:\Windows\SysNative\drivers\LV561V64.sys (Logitech Inc.)
DRV - (WinRing0_1_2_0) -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys (OpenLibSys.org)
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2012.SP4c\WNt500x64\sandra.sys (SiSoftware)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ZDCNDIS6a64) -- C:\Windows\SysWOW64\ZDCNDIS6a64.sys (Printing Communications Assoc., Inc. (PCAUSA))
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Backup.Old.Start Page = [String data over 1000 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages =  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope = {7A491AC1-1137-449F-8426-10ADD829BFF7}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_4&babsrc=SP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=8Q&apn_dtid=YYYYYYYYDE&apn_uid=FD70FE23-BE82-4EDB-AAFF-B8A44FCAF2B1&apn_sauid=7648A8B1-A574-4BF0-B9D1-B76156772785
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}: "URL" = hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = hxxp://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = hxxp://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.09.26 11:45:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.31 21:20:56 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{b64982b1-d112-42b5-b1e4-d3867c4533f8}: C:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\FirefoxExtension [2012.11.01 12:37:00 | 000,000,000 | ---D | M]
 
[2012.07.04 09:25:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Extensions
[2012.11.01 15:15:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions
[2012.11.01 00:05:12 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com
[2012.10.31 23:51:46 | 002,042,908 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\firebug@software.joehewitt.com.xpi
[2012.07.26 03:10:13 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.11.01 14:27:19 | 000,002,431 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml
[2012.11.01 00:46:04 | 000,002,790 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml
[2012.10.09 07:04:06 | 000,002,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml
[2012.10.13 22:01:09 | 000,002,401 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml
[2012.10.14 00:53:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.09.26 11:45:36 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 &lt;video&gt;) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5
[2012.11.01 12:37:00 | 000,000,000 | ---D | M] (Browser Manager) -- C:\PROGRAMDATA\BROWSER MANAGER\2.3.811.154\{61D8B74E-8D89-46FF-AFA6-33382C54AC73}\FIREFOXEXTENSION
[2012.10.31 21:20:56 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.31 21:20:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.01 12:37:26 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.10.31 21:20:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.31 21:20:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.31 21:20:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.31 21:20:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.31 21:20:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (FBDownloader) - {553318DA-D010-469E-84B1-496563CAE1BF} - C:\Users\Steffen\AppData\Local\fbDownloader\Extensions\FBDownloader.dll (HTTO Group, Ltd)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (IMinent WebBooster (BHO)) - {A09AB6EB-31B5-454C-97EC-9B294D92EE2A} - C:\Program Files (x86)\Iminent\Iminent.WebBooster.InternetExplorer.dll (Iminent)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (IMinent Toolbar) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - C:\Program Files (x86)\IMinent Toolbar\tbcore3.dll ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Program Files (x86)\ICQ7.2\ICQ.exe File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A79AD6B-F792-42B1-A3E8-812A018D7D87}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{96A19B9D-6D26-4D2D-8B0A-497D545826A3}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0B7FDBF-8729-4625-AA6A-B5B121430625}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8338706-1B8E-4306-B99C-9BA1D30DD659}: NameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D874298D-C04F-408B-B7F9-DA12E7106DFE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23811~1.154\{61d8b~1\browse~1.dll) - c:\ProgramData\Browser Manager\2.3.811.154\{61d8b74e-8d89-46ff-afa6-33382c54ac73}\browsermngr.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.25 07:23:05 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi(2).exe -- [ NTFS ]
O32 - AutoRun File - [2011.04.17 01:05:08 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi.exe -- [ NTFS ]
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell - "" = AutoRun
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell\AutoRun\command - "" = L:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.03 00:19:42 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.11.02 13:50:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2012.11.02 13:50:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2012.11.01 15:27:55 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\ABBYY
[2012.11.01 14:56:21 | 062,968,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MRT.exe
[2012.11.01 14:42:11 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2012.11.01 14:24:05 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\fbDownloader
[2012.11.01 14:24:04 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.11.01 14:23:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.11.01 14:23:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Glary Utilities
[2012.11.01 13:56:29 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation
[2012.11.01 12:37:14 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.11.01 12:37:09 | 000,000,000 | ---D | C] -- C:\ProgramData\IBUpdaterService
[2012.11.01 12:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2012.11.01 12:36:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\ProgramData\IObit
[2012.11.01 12:36:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IObit
[2012.11.01 00:08:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SiSoftware
[2012.11.01 00:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\SiSoftware
[2012.11.01 00:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GinyasBrowserCompanion
[2012.10.31 23:31:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2012.10.31 21:21:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Avira
[2012.10.31 21:18:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.10.31 21:18:26 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.10.31 21:18:26 | 000,099,248 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.10.31 21:18:26 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.10.31 21:18:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.10.28 22:25:15 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\ProcAlyzer Dumps
[2012.10.28 20:21:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.10.28 20:21:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2012.10.28 20:20:59 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Programs
[2012.10.21 21:32:29 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2012.10.21 21:32:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garena
[2012.10.21 21:32:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Garena Plus
[2012.10.21 21:32:18 | 000,000,000 | ---D | C] -- C:\ProgramData\GarenaMessenger
[2012.10.16 19:35:45 | 000,000,000 | ---D | C] -- C:\Users\Steffen\Documents\3DMark 11
[2012.10.16 19:35:39 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\IsolatedStorage
[2012.10.16 19:34:50 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Local\Futuremark_Corporation
[2012.10.16 19:34:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Futuremark
[2012.10.16 19:11:57 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2012.10.16 19:10:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup Booster
[2012.10.16 19:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart PC Solutions
[2012.10.15 20:47:44 | 000,000,000 | ---D | C] -- C:\Users\Steffen\AppData\Roaming\Malwarebytes
[2012.10.15 20:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.10.15 20:06:01 | 000,000,000 | ---D | C] -- C:\ProgramData\SecTaskMan
[2012.10.15 11:42:36 | 000,000,000 | ---D | C] -- C:\found.001
[2012.10.15 04:25:06 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2012.10.15 04:24:59 | 000,000,000 | ---D | C] -- C:\e7c37b4451c742f932307e85080001ac
[2012.10.14 23:56:00 | 000,000,000 | ---D | C] -- C:\found.000
[2012.10.14 00:53:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.10.11 11:59:10 | 005,505,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.10.11 11:59:09 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.10.11 11:59:09 | 003,902,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.10.11 11:58:58 | 001,162,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2012.10.11 11:58:58 | 000,425,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2012.10.11 11:58:58 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2012.10.11 11:58:58 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2012.10.11 11:58:57 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2012.10.11 11:58:57 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2012.10.11 11:58:57 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2012.10.11 11:58:57 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2012.10.11 11:58:57 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2012.10.11 11:58:57 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2012.10.11 11:58:57 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2012.10.11 11:58:57 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2012.10.11 11:58:57 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2012.10.11 11:58:53 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wintrust.dll
[2012.10.11 11:58:44 | 001,462,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.10.11 11:58:44 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.10.10 21:23:48 | 018,252,136 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:32 | 015,309,160 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:21 | 010,220,472 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.08 19:34:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Infogrames
[2012.10.08 19:34:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Infogrames
[2012.10.05 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games
[2012.10.05 22:06:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games
[2010.05.24 21:40:37 | 000,036,136 | ---- | C] (Oberon Media) -- C:\ProgramData\FullRemove.exe
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.03 00:19:43 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Steffen\Desktop\OTL.exe
[2012.11.03 00:18:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 00:18:11 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.03 00:14:43 | 003,300,600 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.03 00:14:43 | 001,389,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.03 00:14:43 | 000,951,846 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.03 00:14:43 | 000,844,880 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.03 00:14:43 | 000,005,414 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.03 00:09:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.03 00:09:43 | 3163,901,952 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.02 13:50:48 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.01 15:56:19 | 004,904,296 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.11.01 15:54:40 | 000,003,288 | ---- | M] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | M] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | M] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | M] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:23:55 | 000,000,064 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:15:47 | 011,632,640 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:05:11 | 000,000,043 | ---- | M] () -- C:\END
[2012.10.31 23:27:09 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.10.31 22:59:06 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.10.31 21:57:08 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.10.31 01:21:04 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2012.10.29 13:26:48 | 000,045,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.28 16:20:34 | 000,007,607 | ---- | M] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.10.10 21:23:48 | 018,252,136 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.10.10 21:23:48 | 001,867,112 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.10.10 21:23:40 | 001,482,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispgenco64.dll
[2012.10.10 21:23:38 | 006,127,464 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvopencl.dll
[2012.10.10 21:23:38 | 002,574,696 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.10.10 21:23:34 | 025,256,296 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.10.10 21:23:24 | 007,414,632 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvopencl.dll
[2012.10.10 21:23:24 | 002,731,880 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvapi64.dll
[2012.10.10 21:23:10 | 014,922,600 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvwgf2umx.dll
[2012.10.10 21:23:06 | 009,146,728 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.10.10 21:23:04 | 007,697,768 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.10.10 21:23:00 | 012,501,352 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.10.10 21:23:00 | 002,218,344 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.10.10 21:22:54 | 002,428,776 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.10.10 21:22:52 | 026,331,496 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvoglv64.dll
[2012.10.10 21:22:52 | 001,760,104 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdispco64.dll
[2012.10.10 21:22:44 | 000,016,127 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2012.10.10 21:22:32 | 015,309,160 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvd3dum.dll
[2012.10.10 21:22:26 | 002,747,240 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.10.10 21:22:24 | 019,906,920 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.10.10 21:22:14 | 017,559,912 | ---- | M] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.10.09 19:57:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2012.10.09 19:57:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2012.10.09 19:57:21 | 010,220,472 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerInstaller.exe
[2012.10.04 12:07:05 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.02 13:50:48 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk
[2012.11.01 15:54:40 | 000,003,288 | ---- | C] () -- C:\bootsqm.dat
[2012.11.01 14:23:55 | 000,000,330 | ---- | C] () -- C:\Windows\tasks\GlaryInitialize.job
[2012.11.01 14:23:53 | 000,001,070 | ---- | C] () -- C:\Users\Steffen\Desktop\Glary Utilities.lnk
[2012.11.01 12:36:01 | 000,001,186 | ---- | C] () -- C:\Users\Public\Desktop\Switch to Gaming Mode.lnk
[2012.11.01 00:08:39 | 011,632,640 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.mdb
[2012.11.01 00:08:39 | 000,000,064 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\Sandra.ldb
[2012.11.01 00:05:11 | 000,000,043 | ---- | C] () -- C:\END
[2012.10.21 22:28:12 | 000,045,270 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\room_v3.dat
[2012.10.15 20:53:36 | 000,007,607 | ---- | C] () -- C:\Users\Steffen\AppData\Local\Resmon.ResmonCfg
[2012.08.09 06:41:28 | 000,018,537 | ---- | C] () -- C:\Users\Steffen\.recently-used.xbel
[2012.07.12 14:34:08 | 000,000,040 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\cdr.ini
[2012.06.20 11:26:15 | 000,302,425 | ---- | C] () -- C:\Users\Steffen\AppData\Local\funmoods-speeddial.crx
[2012.04.09 00:04:20 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\acedrv05.dll
[2012.03.14 20:47:31 | 000,000,250 | ---- | C] () -- C:\Windows\wininit.ini
[2011.08.20 17:07:14 | 000,061,440 | ---- | C] () -- C:\Users\Steffen\AppData\Roaming\chrtmp
[2011.02.16 17:43:13 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2010.12.20 02:10:09 | 000,189,248 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.20 02:10:08 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.12.06 21:47:02 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.11.22 03:33:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.17 22:25:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\.minecraft
[2012.11.01 12:37:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Babylon
[2012.07.17 22:57:00 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2011.03.09 19:40:31 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DAEMON Tools Lite
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DataMgr
[2012.10.31 01:21:14 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Dropbox
[2012.07.01 23:06:28 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoft
[2010.12.08 17:34:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.30 16:38:55 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Efyvop
[2012.10.29 23:12:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GarenaPlus
[2011.06.05 16:41:27 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GetRightToGo
[2012.11.01 15:29:10 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\GlarySoft
[2012.08.13 19:59:15 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\gtk-2.0
[2012.11.01 14:24:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\HMN
[2012.06.19 22:54:04 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Iminent
[2012.03.30 22:28:51 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Isevuc
[2011.03.07 06:50:12 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\MAGIX
[2010.11.16 18:02:49 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OEM
[2012.08.26 20:45:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\OpenOffice.org
[2012.06.25 23:39:50 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Opera
[2012.03.15 22:37:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Paonu
[2012.08.28 14:09:30 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\pdfforge
[2010.12.29 20:06:18 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\PowerCinema
[2011.03.09 20:16:45 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Propellerhead Software
[2012.11.01 14:24:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SDIV 2.0
[2012.06.20 13:42:09 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Sigel
[2012.10.16 19:11:57 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Smart PC Solutions
[2010.12.29 20:06:23 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftDMA
[2012.09.25 23:04:40 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\SoftGrid Client
[2011.06.18 19:32:48 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\Steinberg
[2012.09.11 14:18:38 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TeamViewer
[2010.12.06 21:47:44 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\TP
[2012.11.01 14:48:32 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\uTorrent
[2011.03.09 20:08:05 | 000,000,000 | ---D | M] -- C:\Users\Steffen\AppData\Roaming\VST3 Presets
 
========== Purity Check ==========
 
 

< End of report >

Extras:

Code:

ATTFilter

OTL Extras logfile created on: 03.11.2012 00:21:13 - Run 4
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Steffen\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,93 Gb Total Physical Memory | 2,78 Gb Available Physical Memory | 70,87% Memory free
9,82 Gb Paging File | 8,64 Gb Available in Paging File | 88,03% Paging File free
Paging file location(s): c:\pagefile.sys 6034 6034 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,45 Gb Total Space | 393,43 Gb Free Space | 86,76% Space Free | Partition Type: NTFS
Drive D: | 453,96 Gb Total Space | 276,78 Gb Free Space | 60,97% Space Free | Partition Type: NTFS
 
Computer Name: STEFFEN-PC | User Name: Steffen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DefaultOutboundAction" = 0
"DefaultInboundAction" = 0
"DisableUnicastResponsesToMulticastBroadcast" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 1
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{080DFE78-3F67-4176-AA33-5910EA1A8B9F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{0B71975C-2503-4A1B-A770-F0C221914959}" = rport=2869 | protocol=6 | dir=out | app=system | 
"{135C48C1-C842-4B22-96AE-7BD8BDE6CCE5}" = lport=137 | protocol=17 | dir=in | app=system | 
"{14431A3A-0DE9-4046-A94B-1BF9666DB2C9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1E7FF8E1-3AB5-4864-8788-9B4A9CD06F38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2C75D057-FBF8-478A-A93C-76126D772B1C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{37AD4B12-D45E-417B-AAFA-90878F034759}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{422EE04C-2631-41EC-BE97-35C04DA4F47A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{45F58694-CF13-4CB1-AE45-ACDF33B9862B}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{46C676F1-3301-4911-AA85-703442321634}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{49AC30DD-C5CA-4AE6-A51B-66934EC64ABB}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{4B9EF246-9A30-4FC5-AE11-09D41BF764D7}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{4C512FB2-D561-4E5F-B7BC-7876542B4957}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{4F67A6EB-E724-4260-AFB4-3B67414455BD}" = lport=67 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{525BDF3A-979D-4D90-BB09-26C47DA59B3A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{551EA618-360F-4BCC-9BAD-942C4FC54AB7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{5BAA75E8-F0C9-478C-B021-A0D5C0BC8B25}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{5BCE24B3-8718-47F3-9A38-4B4099A4E56B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{607A4468-6A53-47CB-AFE4-FA093BE2E76E}" = rport=445 | protocol=6 | dir=out | app=system | 
"{654FD6F3-44A9-4CBC-971E-BE51C04F1F8E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6A23A04F-AC24-47A4-B09E-4191CD0CDFED}" = lport=547 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{6C89C317-BCE7-435B-A5C4-E2EACFAD76E3}" = rport=139 | protocol=6 | dir=out | app=system | 
"{70B6D59C-7FF6-4017-8317-4F7D1D7F49B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{740A3E46-3815-43C7-9D17-BB17E9233873}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{8BDA49D2-8313-4910-B301-449F0971554B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{90383B2A-CE6D-4A3C-AD66-BF4E8C914612}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{9C088032-B4B6-41A0-894F-2EC9AAFC98A1}" = lport=139 | protocol=6 | dir=in | app=system | 
"{9D00939C-CABE-4858-90C9-71AF97A3B484}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A3D23C9D-0FD5-4D21-BD16-57658D2EFC9D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{A8B1F011-DB60-47A1-953F-BF4C23F82D68}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A969EF55-B12D-4514-BB47-9C0205A2B94D}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A9DA78BD-8DF2-4002-95E6-8605E1B20B01}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{ADCD776C-FFAB-43C4-84C8-C4F4FD174F33}" = lport=68 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{B254E0D5-B244-4A3B-864C-186F955AF28A}" = rport=138 | protocol=17 | dir=out | app=system | 
"{B327B430-A742-4855-A057-BB5E0814753B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{B54B0296-7793-4F64-BD98-FCE15D5C3FE8}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{BF5200FF-BCC1-45F6-9BFB-EC2AC1F954B2}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{ED36C996-02DF-44F7-B2BC-EAF5642DCA2C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{F101F9D8-C67E-46F0-9C3D-11715C5E8261}" = lport=53 | protocol=17 | dir=in | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F952F516-B58D-4721-AB35-FF8193D326E0}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{FF9AEA1B-0C4A-467C-B5B9-F4F290A101B3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0D1C41A5-8309-47EA-A914-6B76E48056AE}" = dir=in | app=c:\program files (x86)\iminent\iminent.exe | 
"{0D4C49BF-9343-4CA9-834C-C0C9791FDB65}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\pmvservice.exe | 
"{10F371E6-667F-4781-9CCE-A716DBACDFF5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{1266269A-08CF-440E-AFD9-09705181E62E}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{15009FDB-4E2D-465B-8424-038B42A6DED2}" = protocol=6 | dir=out | app=system | 
"{18D01EA0-05BF-4313-9E94-D3A0F4794286}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{1BDB3A0F-38A6-4600-947A-7D348F8D5F05}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe | 
"{1C11DAE2-A59F-4DE9-B025-64CEBACD5281}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{1F23C7DC-518F-4F9D-8B29-B88C98E3FAAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21396A91-F880-4167-B551-3FA87BE6D270}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{214609A2-A1C5-4F4C-BF6D-DE065D5DB5C0}" = protocol=58 | dir=in | name=@hnetcfg.dll,-148 | 
"{2565C9B1-9D35-49E5-9EDD-9FE39CABEF32}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{272F6D72-F391-4B15-A7A9-2D94F5CBF852}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{28D89F0A-B122-4CFF-B0AD-A2775B1A51D0}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2E6D2D58-9BF1-4C70-9949-0A172B969E14}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\homemedia\homemedia.exe | 
"{30D0F709-9905-4AAE-A04C-983C1BC8F3C1}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{32140FF8-0EAE-4D68-8A03-36FB1C159063}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{322E93DD-FB80-42FB-B638-5E581AB56C3C}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{33665BAA-CFF7-44F5-87ED-8E7DAB735C39}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{33F8517E-2A11-43F6-8475-DBDCE842996C}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{349CF970-EDD5-4AA8-B317-D05F19EDEEF9}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{3554F4E7-A3DF-4139-8A53-9682CB7C88B6}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{36B84D08-8209-4CCD-B45C-B6782DBACA05}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{3DAE183A-0248-42E4-90A5-815C297828EF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{41B44266-18D8-402B-B722-44B811777C97}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{42A3E66C-BB69-4993-B0A1-5CDE0ED5DE62}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4371CF4A-32CA-46CE-86F7-3D4DB987D904}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4BDBD8CF-0B56-4952-8804-4B3FEBBA5227}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{4BF0BDAD-7FEB-4F3B-B8BD-A1D1D28C1D41}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{4E111BCD-08A3-4BEE-A415-81E156DC8955}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{50DCBB40-8CF1-49CE-97F8-0F7EC881DF1B}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{59E4B612-0A3A-4C1F-9883-9F3931F8633B}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5C1C8DBB-A2C6-471D-9244-82167C2641ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{600DBE09-896D-4276-9494-86E629874BA3}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{60DC6AEE-936E-4419-A102-0A4BEF01D3A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{62C9B90A-A2A2-4B36-B157-A7D084EA9FBA}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{6312DC16-6F6F-4301-8D82-865BEC772730}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{6FCACCD7-2F65-47AD-B9C4-E26112710182}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{70978235-9488-4FE2-8593-945F18F91D97}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{7475D5D3-40EE-4985-AAF7-064F9A944B29}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{762ED1D5-283A-415F-949E-DF7BD95A0870}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{775D2A75-2617-4113-BF78-5F9C42723F63}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{798D4220-AF1D-493A-A0EB-E026879C6DA5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{7B1D2A9A-99BD-4AF2-9169-2ECA6698CD30}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{7D40F88A-7C48-40F0-977B-99E341540DBD}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{81399730-3E00-41EF-88D9-9310EF405A82}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{8ADEFFAB-7373-4856-8C28-4B322677B071}" = dir=in | app=c:\program files (x86)\acer arcade deluxe\playmovie\playmovie.exe | 
"{8FF832D8-B3A4-4A27-9D8A-D2D3FB01411A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{914D93B6-2DA1-40B6-BDC0-2AB96869FF10}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{93CE2066-B25C-4109-8F96-92177405ADA2}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steam.exe | 
"{93F83278-F444-466A-A1A4-CF2DAC075739}" = protocol=17 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe | 
"{97814C58-7BF7-433F-B50D-259A0BCB3543}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{986C8730-D0CE-4E51-8D1A-32A1C8F7F06D}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{98FE26FE-A7E7-4F6E-9B64-F77A6EBA964A}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\risen 2\system\risen2.exe | 
"{9ED9353B-D9A9-4F04-8042-50D6EA994AC2}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{A4F4C791-0EF0-4846-B6AD-C290B80E0B69}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{A65A8318-2C50-4A77-99F8-9D8F5991A1EA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{AA95ECD5-AF4B-467A-BB2A-3CF14F48ACBB}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{AE27F2C0-895F-4EA2-88A5-4C1AA8211BE0}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{AF5B6D41-8CAE-4698-A0C0-2F1C01E28C73}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{B2816847-EDAF-4C0B-9655-A949520843BE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{B697AA97-9F19-4EE7-B6A7-D093F0FE658B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{B6BD7548-38EF-47CD-9CFA-E5B433F07AC6}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{B7AD185B-35C7-48F2-9F6B-8A98D56BA448}" = protocol=6 | dir=in | app=d:\dungeon siege 3\steam.exe | 
"{BCCDC2E7-3FDC-4271-96BF-693DB1438046}" = protocol=17 | dir=in | app=d:\dungeon siege 3\steamapps\common\dungeon siege iii\dungeon siege iii.exe | 
"{BDC3FB01-F675-4B0E-8A86-2F9C9C21D222}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{BEC8407C-70A0-4A44-ABC2-AEC0AAAA453E}" = protocol=6 | dir=in | name=wc3 host tcp | 
"{BED3C202-D87E-4E5C-8E79-0DB95030651C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{BF7444AD-0BAA-43D6-8077-437927E26338}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{C057B405-0995-4AA9-B36C-B92F3D304619}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer_service.exe | 
"{C6C2A6EF-FFC9-4071-888E-CE5D852434B4}" = protocol=17 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"{C8C3F5BE-C765-43BF-ACB6-E21E422379B9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{C995A38E-F8A1-44DA-9D89-351D57544E97}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{CDDA4973-CDE0-4372-B29F-13E982BEBE39}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CDEEED98-57DB-4542-9B17-1A8EF5DD6039}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{CF73F686-CA54-430C-9772-992EC5544AFF}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{DBCA0AEC-F898-4B33-9AE7-CCF4C6505FEC}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{DFFFBDB7-C06E-4258-B07F-3120E1276562}" = protocol=6 | dir=in | app=c:\users\steffen\appdata\local\temp\7zs479f\hppiw.exe | 
"{E3C4C196-FD9F-4278-9CCF-5B0D8EBC9ED9}" = dir=in | app=c:\program files (x86)\iminent\iminent.messengers.exe | 
"{E84622B9-66DE-489A-AC90-3ED98F7E7F52}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{EBDE1498-AE9A-4CB9-BFEA-E6CBF0D7A728}" = dir=out | svc=sharedaccess | app=%systemroot%\system32\svchost.exe | 
"{F9B54667-425A-4376-A815-65CA7CA83A30}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.2\aolload.exe | 
"{FA3E11D9-9085-416E-A08E-D7E4493FC9D4}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.2\icq.exe | 
"{FCB86112-1E3B-4CB0-B641-8EA57988933E}" = protocol=17 | dir=in | name=wc3 host udp | 
"{FD3DDA08-9BF1-4737-914B-11EBB4FBA5DA}" = protocol=6 | dir=in | app=c:\program files (x86)\teamviewer\version6\teamviewer.exe | 
"TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
"TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=6 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe | 
"TCP Query User{5C1222DC-7E87-4A47-BF86-707DC836444C}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"TCP Query User{62B90D4E-610F-429A-9E67-D4AD53E85F12}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe | 
"TCP Query User{897CF4DA-550B-476F-92B3-BD4E04CB4C4F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{919709D4-A789-41DD-805C-866D445AC6D2}C:\windows\syswow64\dplaysvr.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"TCP Query User{AB8A165F-815C-48E3-913F-0F0CFDF5FD97}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=6 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe | 
"TCP Query User{B8F41EBD-7166-41B2-9202-AF60A48D54B5}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe | 
"TCP Query User{BFF19A0D-B488-4CFA-BB0A-F9B713BD294B}D:\starcraft\starcraft.exe" = protocol=6 | dir=in | app=d:\starcraft\starcraft.exe | 
"TCP Query User{C2E55CCF-3181-4029-B2C5-6F3BB554B8BF}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe | 
"TCP Query User{C79AAC02-5FD1-47BA-908E-C70B55C5618C}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=6 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe | 
"TCP Query User{E1493029-3F06-4B7F-8162-7FD1CF3C4479}D:\ut3\binaries\ut3.exe" = protocol=6 | dir=in | app=d:\ut3\binaries\ut3.exe | 
"TCP Query User{EDEF650F-46A7-46ED-AA62-437D00B91D19}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{F2638986-E734-4BE2-A4DC-8176DEEAAECD}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"TCP Query User{FCCD6F16-920E-46AB-9084-BF67A10EF9BB}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{02C06B91-B414-415F-B902-B5BC6D23FF88}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{05D13E44-7F22-43A0-8D37-7920F67AF6FC}D:\starcraft\starcraft.exe" = protocol=17 | dir=in | app=d:\starcraft\starcraft.exe | 
"UDP Query User{09CB1FA0-3CD1-46CF-956C-915ABA96FB6E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\map-server.exe | 
"UDP Query User{0A0BCCFB-9A2D-4A75-B509-71E9DBE1D8FD}D:\ut3\binaries\ut3.exe" = protocol=17 | dir=in | app=d:\ut3\binaries\ut3.exe | 
"UDP Query User{1E6BAE99-B314-4875-A2E8-E0523CB58E2A}C:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\char-server.exe | 
"UDP Query User{315AC987-18B5-4689-8779-A8C411D4598B}C:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\gameserver.exe | 
"UDP Query User{65593D29-A27D-480D-8A77-C1D36593D95F}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{678A44AE-69B3-4B9D-9940-EF131FA11FAD}C:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\fertiges album\trackzztore\keeperfx.exe | 
"UDP Query User{6A8A12A6-84D7-4122-9909-2CD114599814}C:\program files (x86)\microsoft games\age of empires ii\empires2.icd" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of empires ii\empires2.icd | 
"UDP Query User{8474D882-33E4-4EE0-9BE0-E7BEDF25A1DF}C:\windows\syswow64\dplaysvr.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\dplaysvr.exe | 
"UDP Query User{CAAB597D-FBE3-48FB-BD1F-B42A58AB486E}C:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe" = protocol=17 | dir=in | app=c:\users\steffen\desktop\eathena-txt-15175[trunk]\login-server.exe | 
"UDP Query User{DAF82367-AC75-4BBF-B49D-DA2767578C37}C:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ascaron entertainment\sacred underworld\sacred.exe | 
"UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" = protocol=17 | dir=in | app=c:\users\steffen\appdata\roaming\isevuc\rynai.exe | 
"UDP Query User{F3AFBF0B-E0B9-4239-90DF-BA1FA1B9E272}C:\program files (x86)\garena plus\room\garena_room.exe" = protocol=17 | dir=in | app=c:\program files (x86)\garena plus\room\garena_room.exe | 
"UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{1F557316-CFC0-41BD-AFF7-8BC49CE444D7}" = Shredder
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75d2897c-87aa-4a06-8710-3ebda9f02de0}.sdb" = Adobe Audition 3.0 Vista Compatibility
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{C3113E55-7BCB-4de3-8EBF-60E6CE6B2396}_is1" = SiSoftware Sandra Lite 2012.SP4c
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"CANONIJINBOXADDON200" = Canon Inkjet Printer Driver Add-On Module V2.00
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{02B244A2-7F6A-42E8-A36F-8C385D7A1625}" = Gothic III
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{0D7CD0D9-4A88-4A63-8F91-3F4E8F371768}" = MyWinLocker
"{15c4d5e7-603f-4eee-b162-096a82edb38d}" = Nero 9 Essentials
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{20400dbd-e6db-45b8-9b6b-1dd7033818ec}" = Nero InfoTool Help
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22AC6A90-A99A-4E41-BADC-AC05C811C2C8}_is1" = CDA to MP3 Converter v3.3 build 1228
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2348b586-c9ae-46ce-936c-a68e9426e214}" = Nero StartSmart Help
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{33cf58f5-48d8-4575-83d6-96f574e4d83a}" = Nero DriveSpeed
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{490BF87E-1F75-4453-BF55-9F540543A3CA}" = Steinberg Drum Loop Expansion 01
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A19D6AC-ADE0-4A07-80FF-9C9812C45557}" = Steinberg Cubase 5
"{4D43D635-6FDA-4fa5-AA9B-23CF73D058EA}" = Nero StartSmart OEM
"{4D454CF8-12FD-464D-B57B-B46FE27B78BB}" = Steinberg LoopMash Content
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{532B917B-8235-4FA5-BE36-643A8BB053A5}" = Steinberg REVerence Content 01
"{53C141BA-4F9E-43FB-B4F9-0C01BB716FA8}" = Adobe Audition 3.0
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{595a3116-40bb-4e0f-a2e8-d7951da56270}" = NeroExpress
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{65CB4C08-C47B-4A7E-A6A4-50C06ADA5FC6}" = Adobe AIR
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{7748ac8c-18e3-43bb-959b-088faea16fb2}" = Nero StartSmart
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110209593}" = Chicken Invaders 2
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110551697}" = Granny In Paradise
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112662477}" = Merriam Websters Spell Jam
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11273477}" = Amazonia
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113786380}" = Heroes of Hellas
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113832110}" = Dream Day First Home
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115053100}" = Dairy Dash
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-115208410}" = First Class Flurry
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11531173}" = Farm Frenzy 2
"{83202942-84b3-4c50-8622-b8c0aa2d2885}" = Nero Express Help
"{865D9ED1-EAC2-436D-AFA7-0B750EB5AAAB}" = Steinberg HALionOne Studio Drum Set
"{869200db-287a-4dc0-b02b-2b6787fbcd4c}" = Nero DiscSpeed
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows Vista and Later
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9866E5F0-121F-E018-E2D1-2E1770847ABF}" = Adobe Download Assistant
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A76AA284-E52D-47E6-9E4F-B85DBF8E35C3}" = IMinent Toolbar
"{A8F2089B-1F79-4BF6-B385-A2C2B0B9A74D}" = ImagXpress
"{AC76BA86-7AD7-FFFF-7B44-A91000000001}" = Adobe Reader 9.2 MUI
"{AC997F93-0757-4ED4-A701-F40C2D654D09}" = Steinberg HALionOne GM Drum Set
"{b2ec4a38-b545-4a00-8214-13fe0e915e6d}" = Advertising Center
"{bd5ca0da-71ad-43da-b19e-6eee0c9adc9a}" = Nero ControlCenter
"{BD86F1AC-B594-46E4-85DC-1258AC9E2232}" = Steinberg Groove Agent ONE Content
"{BEE64C14-BEF1-4610-8A68-A16EAA47B882}" = Futuremark SystemInfo
"{C2695E83-CF1D-43D1-84FE-B3BEC561012A}" = Shredder
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}" = Norton Online Backup
"{C5D78EFC-A9C1-44F3-81CB-D42C5DF8EA09}" = Speedport W 101 Stick WLAN Manager
"{cc019e3f-59d2-4486-8d4b-878105b62a71}" = Nero DiscSpeed Help
"{D23CBFDA-C46B-4920-BA70-FC7878A3F05A}" = Steinberg HALionOne Studio Set
"{D82CDA0D-C182-42C8-8FF2-5649C98D6003}" = Steinberg HALionOne Pro Set
"{dba84796-8503-4ff0-af57-1747dd9a166d}" = Nero Online Upgrade
"{DF6FE172-006A-4324-AF7F-ACFE4BA290FE}" = AAVUpdateManager
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E22AD5D3-EB60-4A8F-835C-6C10E369DCE2}" = Steinberg HALionOne Expression Set
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{e5c7d048-f9b4-4219-b323-8bdb01a2563d}" = Nero DriveSpeed Help
"{E70E7159-93B1-470D-9FBD-D8E9EF34B538}" = Steinberg HALionOne
"{e8a80433-302b-4ff1-815d-fcc8eac482ff}" = Nero Installer
"{EE171732-BEB4-4576-887D-CB62727F01CA}" = Acer Updater
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F057965A-D974-4C64-ADB1-4381CD4B8956}" = Steinberg HALionOne GM Set
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3AFD063-8BAD-485E-B641-E7F5A2C5AE71}" = Steinberg HALionOne Additional Content Set 01
"{f4041dce-3fe1-4e18-8a9e-9de65231ee36}" = Nero ControlCenter
"{F7CF0E9A-D48B-4942-9537-259ED0568DF4}" = Iminent
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{fbcdfd61-7dcf-4e71-9226-873ba0053139}" = Nero InfoTool
"7-Zip" = 7-Zip 9.20
"Acer Registration" = Acer Registration
"Acer Screensaver" = Acer ScreenSaver
"Acer Welcome Center" = Welcome Center
"Adobe AIR" = Adobe AIR
"Adobe Audition 3.0" = Adobe Audition 3.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Age of Empires 2.0" = Microsoft Age of Empires II
"AnalogX AutoTune" = AnalogX AutoTune
"Avira AntiVir Desktop" = Avira Free Antivirus
"CanonMyPrinter" = Canon My Printer
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"conduitEngine" = Conduit Engine
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DivX Setup" = DivX-Setup
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ESET Online Scanner" = ESET Online Scanner v3
"Game Booster_is1" = Game Booster 3
"Glary Utilities_is1" = Glary Utilities 2.50.0.1632
"Hotkey Utility" = Hotkey Utility
"Identity Card" = Identity Card
"im" = Garena Plus
"IMBoosterARP" = Iminent
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}" = MyWinLocker Suite
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator 3.0" = Canon MP Navigator 3.0
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Opera 12.00.1467" = Opera 12.00
"Reason4_is1" = Reason 4.0
"Replay Explorer_is1" = Replay Explorer 2
"Sigel Professional Label Software SE" = Sigel Professional Label Software SE
"Startup Booster_is1" = Startup Booster v2.4
"TeamViewer 6" = TeamViewer 6
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.5
"Warcraft III" = Warcraft III
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{206a7328-437f-4bd9-b53e-12bfee24d588}" = gutscheinfilter.de
"Dropbox" = Dropbox
"fbDownloader" = fbDownloader
"polo-AT_MAIN" = Polo Cup (AT)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 27.06.2012 17:11:47 | Computer Name = Steffen-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
 für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
 
Error - 28.06.2012 06:46:31 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 28.06.2012 06:47:39 | Computer Name = Steffen-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile  8.  Die 
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
 überein.  Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
 WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1".  Verwenden Sie
 das Programm "sxstrace.exe" für eine detaillierte Diagnose.
 
Error - 29.06.2012 17:29:31 | Computer Name = Steffen-PC | Source = Iminent | ID = 0
Description = 
 
Error - 29.06.2012 17:31:21 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0xfb8  Startzeit der fehlerhaften Anwendung: 0x01cd563e8100ea0e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c4aeb0e1-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:31:27 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1330  Startzeit der fehlerhaften Anwendung: 0x01cd563e849ee159  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: c82b54e8-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:31:31 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x137c  Startzeit der fehlerhaften Anwendung: 0x01cd563e8b6810e3  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: caacb0b3-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:31:59 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0xae0  Startzeit der fehlerhaften Anwendung: 0x01cd563e961f4bc0  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: db6cc8a3-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:32:03 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1020  Startzeit der fehlerhaften Anwendung: 0x01cd563e96918dcd  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: ddb74588-c231-11e1-a0f2-4487fc79af0a
 
Error - 29.06.2012 17:32:06 | Computer Name = Steffen-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16446,
 Zeitstempel: 0x4fb57c8f  Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7600.16915,
 Zeitstempel: 0x4ec49d10  Ausnahmecode: 0xc0000374  Fehleroffset: 0x000ce903  ID des fehlerhaften
 Prozesses: 0x1034  Startzeit der fehlerhaften Anwendung: 0x01cd563ea0cafd7e  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe  Pfad
 des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll  Berichtskennung: dfa4219e-c231-11e1-a0f2-4487fc79af0a
 
[ System Events ]
Error - 02.11.2012 12:08:42 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2012 12:08:48 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2012 12:09:15 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.11.2012 12:09:20 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.11.2012 12:12:25 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7009
Description = 
 
Error - 02.11.2012 19:10:13 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description = 
 
Error - 02.11.2012 19:10:17 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2012 19:10:22 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.11.2012 19:10:47 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.11.2012 19:10:51 | Computer Name = Steffen-PC | Source = Service Control Manager | ID = 7024
Description = 
 
 
< End of report >

kira · 03.11.2012, 05:57

Systembereinigung und Prüfung:

► Wenn Du nun alle Schritte erledigt hast, melde dich mit die gewünschten Ergebnisse zurück!
Nur bei Probleme inzwischen melden!

1.
Deinstalliere unter Systemsteuerung-> Software/Programme:

Code:

ATTFilter

Conduit Engine	 <- Adware !!
DAEMON Tools Toolbar <- unnötig
DVDVideoSoftTB Toolbar <- unnötig
fbDownloader	<- ebenfalls
Iminent	<- Adware !!
IMinent Toolbar	<- Adware !!

Leider oft tragen sich "ungebetene Gäste direkt in die Suchleiste, Startseite und unter Erweiterungen ein" und sie können schon wirklich lästig sein... meistens aus Unwissenheit oder Ignoranz wird mitinstalliert, manche davon gehört sogar zur gefährlichsten Art der Adware , oder auch zum eine "Foistware-Gruppe".

Immer die benutzerdefinierte Installation wählen, nicht die Standardinstallation, weil dann oft Sachen mitinstalliert werden, die man nicht braucht oder nicht möchte.
Während des Installationsvorgangs die Lizenzbestimmungen immer lesen, und nicht sofort überall den Haken setzen bzw gesetzten Haken belassen, weil damit stimmt man nämlich zu, dass andere "Fremdprogramm", oder sogar Adware (Werbe-Pop-ups) durch Partnerprogrammen, Sponsoren etc - mitinstalliert wird, weil sich Freeware damit finanziert.
In diese Kategorie gehören noch einige, wie z.B: -> Unerwünschte Toolbars

Zitat:

Daher ist es ratsam, nach jeder Installation in alle installierten Browser zu kontrollieren:
die aktuelle Webseite als Startseite unter die Lupe nehmen
unter Extras ⇒ Erweiterungen nach ungewollte AddOns/PlugIns, Toolbars schauen
In der Liste Zurzeit installierte Programme (unter Systemsteuerung) nachsehen, ob sich so etwas "ungewoltes" (Programm, Toolbar etc) eingenistet hat!

2.

Zitat:

Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)

Fixen mit OTL

Starte die OTL.exe.
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Kopiere folgendes Skript also - nach dem "Code", alles was in der Codebox steht - (also beginnend mit :OTL und am Ende [emptytemp]), alles was in der Codebox steht (ohne "code"!) :

Code:

ATTFilter

:OTL
SRV:64bit: - (Robocppy) -- C:\Windows\SysNative\sqlsrw32.exe ()
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.funmoods.com/?f=1&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://start.funmoods.com/results.php?f=4&q={searchTerms}&a=sware&chnl=sware&cd=2XzutAtN2Y1L1QzuyEyEzzyB0F0CyBzy0A0FtD0AtBtBtDtBtN0D0TzutBtDtCtBtDyCtBtD&cr=651520241
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_m3870&r=173611100416pe485v1j5w4691v421
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.sweetim.com/?crg=3.1010000&st=10
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - No CLSID value found
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,Backup.Old.DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://search.chatzum.com/?q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2776682
IE - HKLM\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKLM\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = hxxp://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114508&tt=4412_4&babsrc=HP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://search.fbdownloader.com/?channel=sfde203fbdgy21
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\SearchScopes,Backup.Old.DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64}
IE - HKCU\..\SearchScopes,DefaultScope = {7A491AC1-1137-449F-8426-10ADD829BFF7}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = http://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=26e02faa-9b5c-45d4-ab14-ea1712e09f10&searchtype=ds&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.searchplusnetwork.com/?sp=st3&q={searchTerms}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=114508&tt=4412_4&babsrc=SP_clro&mntrId=dc9722020000000000000019cb84d2bf
IE - HKCU\..\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=VDJ&o=41647959&src=kw&q={searchTerms}&locale=&apn_ptnrs=8Q&apn_dtid=YYYYYYYYDE&apn_uid=FD70FE23-BE82-4EDB-AAFF-B8A44FCAF2B1&apn_sauid=7648A8B1-A574-4BF0-B9D1-B76156772785
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = http://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE406DE407
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}: "URL" = http://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q={searchTerms}
IE - HKCU\..\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}: "URL" = http://search.chatzum.com/?q={SearchTerms}
IE - HKCU\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = http://www.daemon-search.com/search/web?q={searchTerms}
IE - HKCU\..\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}: "URL" = http://search.iminent.com/?appId=&ref=toolbox&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}: "URL" = http://search.sweetim.com/search.asp?src=6&crg=3.1010000&st=10&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.selectedEngine: "FBDownloader"
FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21"
[2012.11.01 00:05:12 | 000,000,000 | ---D | M] (Ginyas Browser Companion) -- C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com
[2012.11.01 14:27:19 | 000,002,431 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml
[2012.11.01 00:46:04 | 000,002,790 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml
[2012.10.09 07:04:06 | 000,002,270 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml
[2012.10.13 22:01:09 | 000,002,401 | ---- | M] () -- C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml
[2012.11.01 12:37:26 | 000,006,522 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {D0F4A166-B8D4-48b8-9D63-80849FE137CB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.06.25 07:23:05 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi(2).exe -- [ NTFS ]
O32 - AutoRun File - [2011.04.17 01:05:08 | 000,389,912 | ---- | M] (AnalogX, LLC) - D:\autoi.exe -- [ NTFS ]
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell - "" = AutoRun
O33 - MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\Shell\AutoRun\command - "" = L:\setup.exe

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" =-
"UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe" =-
"TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe" =-
"UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe" =-

:Files
C:\Users\Steffen\AppData\Roaming\pdfforge
C:\Windows\SysNative\sqlsrw32.exe 
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]

und füge es hier ein:
Schließe alle Programme.
Klicke auf den Fix Button.
Klick auf .
OTL verlangt einen Neustart. Bitte zulassen.
Nach dem Neustart findest Du ein Textdokument.
Kopiere den Inhalt hier in Deinen Thread.

3.
Java-Version prüfen ggf aktualisieren:-> klick hier!
Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.
Wichtig! -> Warum sollte ich ältere Java-Versionen aus dem System entfernen?

4.
Alle Programme/Fenster schließen
Java-Cache leeren - sollte man öfters tun!

Start => Systemsteuerung => Java => Allgemein => Temporäre Internet-Dateien "Einstellungen" => Dateien löschen => Haken bei "Anwendungen und Applets" sowie bei "Verfolgungs- und Protokolldateien" setzen => OK
-> Wie leere ich den Java-Cache?
-> Java-Cache leeren
-> Kurze Videoanleitung wie man unter Windows 7 und XP den JAVA Cache löschen kann.

5.
kann ich nicht zuordnen, um was handelt es sich dabei ?:

Code:

ATTFilter

C:\Users\Steffen\AppData\Roaming\Efyvop

6.
Tipps - Der Internet Explorer von Microsoft gehört zur Grundausstattung unter Windows, somit wie alle andere installierte Software muss gepflegt werden! Auch bei Nicht-Verwendung!:
-> Tipps zu Internet Explorer
-> Standard Suchmaschine des Explorers ändern
-> Ändern oder Auswählen eines Suchanbieters in Internet Explorer 7/8
-> Wie kann ich den Cache im Internet Explorer leeren?

7.
Alle Programme/Fenster schliessen
reinige dein System mit CCleaner:

"CCleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
"Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
Starte dein System neu auf

8.
Vorbereitung

Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
Bitte während der Online-Scans deaktivieren:
Anti-Virus-Programm und Firewall.
Internet Explorer starten => im Menü unter Extras => Internetoption => Datenschutz => den Haken bei "Popupblocker einschalten" entfernen und
unter dem Reiter "Sicherheit" => die Sicherheitsstufe ggfs. auf "Mittelhoch" herabsetzen.
Nicht vergessen, sie hinterher wieder einzuschalten bzw. die Internetoptionen wie zuvor einzustellen..
Während der Online-Scans auf andere Online-Aktivitäten verzichten.
Du musst das Herunterladen und Installieren von ActiveX-Steuerelementen (Controls) zulassen.
.

Den PC NUR online scannen und NICHT ein zweites Antivirenprogramm installieren!!!

Eset Online Scanner (NOD32)
- Unterstützte Betriebssysteme: Microsoft Windows 7 - Vista - XP - 2000 - NT.
- Anmerkung für Vista und Windows 7-User: Bitte den Browser unbedingt als Administrator starten.
- Dein Anti-Virus-Programm während des Scans deaktivieren.
- Button "ESET Online Scanner" drücken.
- IE-User müssen das Installieren eines ActiveX Elements erlauben.
- Einen Haken bei "YES, I accept the Terms of Use." machen und auf den Button "Start" drücken.
- Einen Haken bei "Remove found threads" und "Scan archives" machen.
- Start drücken.
- Signaturen werden heruntergeladen.
- Der Scan beginnt automatisch.
- Wenn fertig, das Protokoll speichern und mir posten.
  -> List of found threats
  -> Export to text file
  -> Back
  -> Delete quarantäne files
- Finish drücken.
- Browser schließen.
- Deinstallation nachdem das Protokoll mir gepostet hast: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
- Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

9.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

10.
adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren

Downloade Dir bitte AdwCleaner auf deinen Desktop.

Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Search.
Nach Ende des Suchlaufs öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

SteffenJ · 03.11.2012, 13:41

Alle Schritte wurden ausgeführt. War eine sehr anstrengende Nacht! Vor allem,
weil der Rechner für jede Kleinigkeit 10 Minuten gebraucht hat..
Nachdem die unnötige Software deinstalliert wurde, habe ich nach Anweisung OTL Fix
ausgeführt. Hier das Ergebnis (einige Vorgänge sind anscheinend fehlgeschlagen):

Code:

ATTFilter

All processes killed
========== OTL ==========
Service Robocppy stopped successfully!
Service Robocppy deleted successfully!
C:\Windows\SysNative\sqlsrw32.exe moved successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{855F3B16-6D32-4fe6-8A56-BBB695989046} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{855F3B16-6D32-4fe6-8A56-BBB695989046}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\{872b5b88-9db5-4310-bdd0-ac189557e5f5} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{872b5b88-9db5-4310-bdd0-ac189557e5f5}\ not found.
File C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{afdbddaa-5d3f-42ee-b79c-185a7020515b}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKCU\SOFTWARE\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\\ deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{006ee092-9658-4fd6-bd8e-a21a348e59f5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{34848DC8-23EC-AA6F-63B3-2B87BACE40D9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{60CBD65C-A2B0-456A-9B4B-79DB39E19A83}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{7A491AC1-1137-449F-8426-10ADD829BFF7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7A491AC1-1137-449F-8426-10ADD829BFF7}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{96bd48dd-741b-41ae-ac4a-aff96ba00f7e}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BFFED5CA-8BDF-47CC-AED0-23F4E6D77732}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C360-6118-11DC-9C72-001320C79847}\ not found.
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
Prefs.js: "FBDownloader" removed from browser.search.selectedEngine
Prefs.js: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21" removed from browser.startup.homepage
Folder C:\Users\Steffen\AppData\Roaming\mozilla\Firefox\Profiles\a8m14fai.default\extensions\bbrs_002@blabbers.com\ not found.
C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\FBDownloader.xml moved successfully.
C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Plusnetwork.xml moved successfully.
File C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\SearchTheWeb.xml not found.
C:\Users\Steffen\AppData\Roaming\mozilla\firefox\profiles\a8m14fai.default\searchplugins\Web Search.xml moved successfully.
C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml moved successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D0F4A166-B8D4-48b8-9D63-80849FE137CB} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D0F4A166-B8D4-48b8-9D63-80849FE137CB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
D:\autoi(2).exe moved successfully.
D:\autoi.exe moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{657196cd-68c1-11df-9cb3-806e6f6e6963}\ not found.
File E:\SETUP.EXE not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{dca17a8c-4a61-11e0-acd7-4487fc79af0a}\ not found.
File L:\setup.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{313CC5BE-0926-46C6-B1F2-02FEC97A7799}C:\users\steffen\appdata\roaming\isevuc\rynai.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{EE6BDDAC-5AD6-48ED-808B-F5D231BC5E54}C:\users\steffen\appdata\roaming\isevuc\rynai.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\TCP Query User{064A1461-36AF-46D1-908C-E66250F359AD}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\UDP Query User{F8A07290-F082-4E22-B61C-02A427D5BEC7}C:\program files (x86)\utorrent\utorrent.exe deleted successfully.
========== FILES ==========
C:\Users\Steffen\AppData\Roaming\pdfforge\PDFArchitect folder moved successfully.
C:\Users\Steffen\AppData\Roaming\pdfforge\Images2PDF folder moved successfully.
C:\Users\Steffen\AppData\Roaming\pdfforge folder moved successfully.
File\Folder C:\Windows\SysNative\sqlsrw32.exe not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Steffen\Desktop\cmd.bat deleted successfully.
C:\Users\Steffen\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: AppData
 
User: Default
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
User: Default User
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: Steffen
->Temp folder emptied: 378448994 bytes
->Temporary Internet Files folder emptied: 126482314 bytes
->Java cache emptied: 4927310 bytes
->FireFox cache emptied: 83434342 bytes
->Opera cache emptied: 252465 bytes
->Flash cache emptied: 506 bytes
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56478 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 155648 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1396625 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36051531 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 602,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11032012_064447

Files\Folders moved on Reboot...
C:\Users\Steffen\AppData\Local\Temp\7zS479F\HPSLPSVC64.DLL moved successfully.
C:\Users\Steffen\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

C:\Users\Steffen\AppData\Roaming\Efyvop , den Du nicht zuordnen konntest, kann ich leider auch nicht zuordnen, der Ordner war leer (habe ihn gelöscht). Es war der EINZIGE Ordner in Roaming..

Eset hat leider "nur" 6 Infektionen gefunden. Alles Dateien, die ich kenne, aber nicht notwendig sind. Es war über Nacht am laufen, was genau das Programm damit gemacht hat und wie ich sie genau weg bekomme weis ich nicht.

Hier der Bericht:

Code:

ATTFilter

C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_game-booster.exe	a variant of Win32/SoftonicDownloader.E application	cleaned by deleting - quarantined
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_glary-utilities.exe	a variant of Win32/SoftonicDownloader.E application	cleaned by deleting - quarantined
C:\Users\Steffen\Downloads\SoftonicDownloader_fuer_sisoft-sandra.exe	a variant of Win32/SoftonicDownloader.E application	cleaned by deleting - quarantined
D:\SoftonicDownloader_fuer_cdex.exe	a variant of Win32/SoftonicDownloader.D application	cleaned by deleting - quarantined
D:\SoftonicDownloader_fuer_ragnarok.exe	Win32/SoftonicDownloader.D application	cleaned by deleting - quarantined
D:\SoftonicDownloader_fuer_undercoverxp.exe	a variant of Win32/SoftonicDownloader.D application	cleaned by deleting - quarantined

ADWCleaner Log:

Code:

ATTFilter

# AdwCleaner v2.006 - Datei am 03/11/2012 um 12:39:37 erstellt
# Aktualisiert am 30/10/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium  (64 bits)
# Benutzer : Steffen - STEFFEN-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Steffen\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\Steffen\AppData\Local\funmoods-speeddial.crx
Ordner Gefunden : C:\Program Files (x86)\ChatZum Toolbar
Ordner Gefunden : C:\Program Files (x86)\DAEMON Tools Toolbar
Ordner Gefunden : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\ICQ\ICQToolbar
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\Users\Steffen\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Steffen\AppData\LocalLow\Toolbar4
Ordner Gefunden : C:\Users\Steffen\AppData\Roaming\Babylon

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\AppDataLow\Software
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\ChatZum Toolbar
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\ChatZum Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2BF2028E-3F3C-4C05-AB45-B2F1DCFE0759}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{DB538320-D3C5-433C-BCA9-C4081A054FCF}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\Software\Iminent
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Babylon_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\Iminent_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{02054E11-5113-4BE3-8153-AA8DFB5D3761}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\pgafcinpmmpklohkojmllohdhomoefph
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{11111111-1111-1111-1111-110011501160}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68B81CCD-A80C-4060-8947-5AE69ED01199}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E6B969FB-6D33-48D2-9061-8BBD4899EB08}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IM
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{021B4049-F57D-4565-A693-FD3B04786BFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0362AA09-808D-48E9-B360-FB51A8CBCE09}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{06844020-CD0B-3D3D-A7FE-371153013E49}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{0ADC01BB-303B-3F8E-93DA-12C140E85460}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10D3722F-23E6-3901-B6C1-FF6567121920}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1675E62B-F911-3B7B-A046-EB57261212F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{192929F2-9273-3894-91B0-F54671C4C861}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2932897E-3036-43D9-8A64-B06447992065}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{2DE92D29-A042-3C37-BFF8-07C7D8893EFA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{32B80AD6-1214-45F4-994E-78A5D482C000}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{3A8E103F-B2B7-3BEF-B3B0-88E29B2420E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{478CE5D3-D38E-3FFE-8DBE-8C4A0F1C4D8D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{48B7DA4E-69ED-39E3-BAD5-3E3EFF22CFB0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5982F405-44E4-3BBB-BAC4-CF8141CBBC5C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{5D8C3CC3-3C05-38A1-B244-924A23115FE9}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{641593AF-D9FD-30F7-B783-36E16F7A2E08}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{711FC48A-1356-3932-94D8-A8B733DBC7E4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{72227B7F-1F02-3560-95F5-592E68BACC0C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{7B5E8CE3-4722-4C0E-A236-A6FF731BEF37}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{890D4F59-5ED0-3CB4-8E0E-74A5A86E7ED0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8C68913C-AC3C-4494-8B9C-984D87C85003}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8D019513-083F-4AA5-933F-7D43A6DA82C4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{923F6FB8-A390-370E-A0D2-DD505432481D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9BBB26EF-B178-35D6-9D3D-B485F4279FE5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A62DDBE0-8D2A-339A-B089-8CBCC5CD322A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A82AD04D-0B8E-3A49-947B-6A69A8A9C96D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ADEB3CC9-A05D-4FCC-BD09-9025456AA3EA}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{B06D4521-D09C-3F41-8E39-9D784CCA2A75}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C06DAD42-6F39-4CE1-83CC-9A8B9105E556}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C2E799D0-43A5-3477-8A98-FC5F3677F35C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D16107CD-2AD5-46A8-BA59-303B7C32C500}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D25B101F-8188-3B43-9D85-201F372BC205}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D2BA7595-5E44-3F1E-880F-03B3139FA5ED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D35F5C81-17D9-3E1C-A1FC-4472542E1D25}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D8FA96CA-B250-312C-AF34-4FF1DD72589D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DAFC1E63-3359-416D-9BC2-E7DCA6F7B0F3}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{DC5E5C44-80FD-3697-9E65-9F286D92F3E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E1B4C9DE-D741-385F-981E-6745FACE6F01}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E7B623F5-9715-3F9F-A671-D1485A39F8A2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ED916A7B-7C68-3198-B87D-2DABC30A5587}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{EFA1BDB2-BB3D-3D9A-8EB5-D0D22E0F64F4}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F4CBF4DD-F8FE-35BA-BB7E-68304DAAB70B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{FC32005D-E27C-32E0-ADFA-152F598B75E7}
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\cjpglkicenollcignonpgiafdgfeehoj
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\fdloijijlkoblmigdofommgnheckmaki
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{32099AAC-C132-4136-9E9A-4E364A424E17}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{977AE9CC-AF83-45E8-9E03-E2798216E2D5}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{9E131A93-EED7-4BEB-B015-A0ADB30B5646}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{32099AAC-C132-4136-9E9A-4E364A424E17}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[HKCU\Software\Microsoft\Internet Explorer\Main - Backup.Old.Start Page] = hxxp://search.iminent.com/?appId=DE628768-2911-445A-83BA-71146FB26A34

-\\ Mozilla Firefox v16.0.2 (de)

Profilname : default 
Datei : C:\Users\Steffen\AppData\Roaming\Mozilla\Firefox\Profiles\a8m14fai.default\prefs.js

Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "dc9722020000000000000019cb84d2bf");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15533");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "ppcbl");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.5.29.1");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.5.29.1");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=109958&tt=200612_n_mont");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.5.29.115:33:15");

-\\ Opera v12.0.1467.0

Datei : C:\Users\Steffen\AppData\Roaming\Opera\Opera\operaprefs.ini

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [15747 octets] - [03/11/2012 12:39:37]

########## EOF - C:\AdwCleaner[R1].txt - [15808 octets] ##########

Hier sehe selbst ich, dass einige unnützliche Toolbars etc. zu beseitigen sind.
Wie wird das alles gefixt / entfernt ?

Danke schoneinmal im Vorraus!

Gruß

Steffen

kira · 03.11.2012, 21:39

1.
Zur Info:

Zitat:

SoftonicDownloader

Programme/Treiber ausschließlich vom Herstellerseite herunterladen!! Die Softonic-Seite bietet auch Software zum Download an, damit auch jede Menge Müll (Toolbars, der Standardsuchdienst und die Standard-Startseite im Browser verändert. usw) "mitinstalliert".

2.
adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen

Schließe alle offenen Programme und Browser.
Starte die adwcleaner.exe mit einem Doppelklick.
Klicke auf Delete.
Bestätige jeweils mit Ok.
Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
Poste mir den Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.

3.
erneut einen Scan mit OTL:

Doppelklick auf die OTL.exe
Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
Oben findest Du ein Kästchen mit Ausgabe.
Wähle bitte Standard-Ausgabe
Unter Extra-Registrierung wähle bitte Benutze SafeList.
Mache Häckchen bei LOP- und Purity-Prüfung.
Klicke nun auf Scan links oben.
Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
Poste die Logfiles in Code-Tags hier in den Thread.

► berichte erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

SteffenJ · 03.11.2012, 22:28

Habe die Logs im oberen Post reingepackt.
Der Rechner ist nun deutlich schneller und die Laggs wurden start reduziert!
Danke dafür!

Nun habe ich noch 2-3 kleine Fragen zum Schluss:

1.) Auf meinem Rechner befinden sich 6-7 cmd.exe Dateien. Ist das normal?

2.) cmd.exe öffnet sich manchmal beim Ausführen eines Programms
(20% CPU Auslastung!). Dies kommt sehr selten vor, aber manchmal..

3.) Mein Browser zeigt mir bei manchen Plugins wie zum Beispiel Java folgendes:
"Es wird zur deaktivierung des Plugins geraten,
da es zu Systeminstabilität führen kann".

Danke für die ausführliche Hilfe!
Alleine hätte ich die meisten Sachen nicht hinbekommen!

Gruß

Steffen

kira · 03.11.2012, 22:41

erstmal die Schritte von hier erledigen, dann berichte erneut:-> http://www.trojaner-board.de/126375-...tml#post950139

SteffenJ · 13.11.2012, 04:28

mir ist etwas weiteres aufgefallen. Ich hoffe ich kann es gescheit erklären.
Dadurch, dass zu 90% meine Internetverbindung leidet (PC geht wieder, danke!),
und ich für ein paar Sekunden einen Ping von 10000 habe, habe ich einen Blik auf meinen Router geworfen.
Hier die Dinge, die ich beobachtet habe:

Meine Freundin schläft gerade und Ihr Netbook ist AUS(!) und TROTZDEM wird er in der Routereinstellung als VERBUNDEN angezeigt und zwar ZWEI MAL!
("Larissa" und "Larissa(2))

Mein PC wird NICHT als verbungen angezeigt! Aber wieso kann ich dann auf die Fritzbox zugreifen?! Ist das ein Trojaner der über ihre Daten irgendwie in mein WLAN reinkommt?

Ich habe das WLAN schon ewig und es war IMMER PERFEKT und hatte guten Empfang bei 6K DSL...

Bitte um Hilfe, ich denke wenn da geregelt ist, funktioniert wieder alles..