Backdoor Trojan Generic und laut malwarebyte noch einiges anderes

 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.11.10.10

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Admin :: KI-PC [Administrator]

Schutz: Aktiviert

11.11.2012 03:42:09
mbam-log-2012-11-11 (03-42-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 396139
Laufzeit: 1 Minute(n), 37 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\***\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 77
C:\Users\***\AppData\Roaming\rundll32.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\svchost.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\fk1xxx.e2ts (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-08-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-09-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-10-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-14-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-15-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-16-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-17-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-25-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-28-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-29-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-30-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-08-31-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-01-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-02-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-03-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-04-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-07-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-08-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-09-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-10-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-12-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-19-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-20-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-21-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-22-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-23-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-28-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-09-29-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-01-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-04-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-05-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-06-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-07-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-08-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-10-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-11-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-12-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-15-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-16-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-17-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-18-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-20-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-21-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-23-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-25-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-26-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-27-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-08-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-09-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\***\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         

 OTL logfile created on: 11.11.2012 03:55:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads\Sicherheit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 49,11% Memory free
6,99 Gb Paging File | 4,95 Gb Available in Paging File | 70,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 37,06 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 385,00 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 48,69 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 394,40 Gb Total Space | 392,55 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
 
Computer Name: KI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.11 03:24:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\Sicherheit\OTL.exe
PRC - [2012.11.11 02:13:31 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe
PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe
PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe
PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2011.03.24 05:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe
PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe
PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.11.15 12:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe
PRC - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe
PRC - [2009.07.14 00:15:34 | 002,222,528 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.11 02:13:32 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll
MOD - [2012.11.11 02:13:32 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll
MOD - [2012.11.11 02:13:32 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.06.07 14:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2012.11.11 02:13:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.10.30 19:45:47 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService)
SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
SRV - [2011.03.24 05:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF)
SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE)
SRV - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService)
SRV - [2010.08.25 08:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.09.19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus)
DRV:64bit: - [2012.08.24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.07.30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm)
DRV:64bit: - [2012.07.26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.04.19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.04.01 15:57:34 | 000,147,456 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv06.sys -- (acedrv06)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.06.07 15:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.06.07 14:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.06.01 04:16:50 | 000,535,656 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.15 07:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata)
DRV:64bit: - [2011.04.15 07:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata)
DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc)
DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.12.15 16:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.06.29 22:01:04 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.11.02 12:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 12:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic)
DRV:64bit: - [2007.11.02 12:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 12:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5)
DRV:64bit: - [2007.11.02 12:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus)
DRV:64bit: - [2007.11.02 12:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2012.03.07 12:10:18 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2012.03.07 12:10:06 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 5D EE F1 00 98 CD 01  [binary data]
IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.)
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH
IE - HKCU\..\SearchScopes\{8B726408-FC51-41b0-9B58-34063A0B29EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F469578-85E8-4E24-8D78-97BEF2A9A6D4}&mid=e0c969345e4247d1bc8822b543fa9a09-52926ac3aa91da349849f33e9482894a21cfc1af&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{D7C7313E-E586-40c8-832F-294E6A63100F}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "orf.at"
FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4
FF - prefs.js..extensions.enabledAddons: foxfilter@inspiredeffect.net:7.6.4
FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68
FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926
FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6
FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.13.1.106
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=NT01&ctid=CT2269050&SearchSource=2&q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.03.07 11:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.03.07 11:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012.03.07 11:53:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.10 18:58:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 20:04:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 18:53:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 18:53:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.05 20:52:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 18:53:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 18:53:01 | 000,000,000 | ---D | M]
 
[2012.03.07 11:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions
[2012.11.02 22:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions
[2012.11.02 22:45:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.10.07 21:22:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.03.10 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.06.22 22:57:03 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.07.08 21:57:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.03.10 02:02:39 | 000,092,840 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\foxfilter@inspiredeffect.net.xpi
[2012.11.02 18:59:54 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.07.26 22:34:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.03.07 13:22:16 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.09.29 21:07:52 | 000,001,028 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\dvdvideosofttb-customized-web-search.xml
[2012.03.10 00:32:09 | 000,001,632 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\firefox-add-ons.xml
[2012.03.10 00:31:27 | 000,002,492 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\ixquick-https.xml
[2012.03.10 00:31:58 | 000,001,283 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\wiktionary-de.xml
[2012.11.02 18:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.11.02 18:53:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.12 22:00:17 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.05 12:45:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer)
O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.)
O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer)
O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB878B31-CE46-451B-9D38-69B23B7EED40}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5887D6D-E25D-4FD1-AA60-EE7834223B66}: DhcpNameServer = 195.34.133.21 212.186.211.21
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.11 03:19:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes
[2012.11.11 03:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.11.11 03:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.11.11 03:19:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.11.11 03:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.11.02 22:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB
[2012.11.02 19:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow
[2012.11.02 19:02:32 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll
[2012.11.02 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow
[2012.11.02 18:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xploder
[2012.11.02 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xploder
[2012.11.02 18:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.11.02 18:34:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SAdK
[2012.11.02 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\SAdK
[2012.11.02 18:34:02 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.02 18:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.11.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies
[2012.11.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA
[2012.11.02 18:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2012.11.02 18:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.11.02 18:31:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft
[2012.11.02 18:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft
[2012.09.05 13:21:24 | 2715,238,741 | ---- | C] (ProSiebenSat1Games) -- C:\Program Files (x86)\SetupAudition.exe
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.11 03:53:34 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2012.11.11 03:42:31 | 000,001,226 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat
[2012.11.11 03:30:16 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 03:30:16 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.11 03:03:26 | 000,003,382 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err
[2012.11.11 03:02:06 | 000,000,680 | RHS- | M] () -- C:\Users\Admin\ntuser.pol
[2012.11.11 03:00:57 | 000,000,810 | ---- | M] () -- C:\NET.INI
[2012.11.11 02:54:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.11 02:54:58 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.11 02:54:58 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.11 02:54:58 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.11 02:54:58 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.11 02:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.11 02:48:13 | 2816,491,520 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.11 02:14:16 | 099,894,448 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.11.02 22:45:31 | 000,000,009 | ---- | M] () -- C:\END
[2012.11.02 18:56:27 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\Wii Xploder.lnk
[2012.11.02 18:34:02 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2012.11.02 18:31:11 | 000,002,336 | ---- | M] () -- C:\Users\Admin\Desktop\Die Siedler - Aufbruch der Kulturen.lnk
 
========== Files Created - No Company Name ==========
 
[2012.11.11 03:53:34 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2012.11.09 21:25:03 | 000,003,382 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err
[2012.11.02 19:02:33 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.02 18:56:27 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\Wii Xploder.lnk
[2012.11.02 18:31:11 | 000,002,336 | ---- | C] () -- C:\Users\Admin\Desktop\Die Siedler - Aufbruch der Kulturen.lnk
[2012.04.23 22:11:54 | 000,001,226 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat
[2012.04.23 22:10:25 | 000,000,124 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini
[2012.04.23 22:10:25 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL
[2012.04.23 22:10:23 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe
[2012.04.23 22:10:23 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys
[2012.04.23 22:10:22 | 000,000,626 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini
[2012.04.01 15:57:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll
[2012.04.01 15:55:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2012.04.01 15:55:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2012.04.01 15:55:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2012.04.01 15:55:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2012.04.01 15:55:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2012.04.01 15:55:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2012.04.01 15:55:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2012.04.01 15:55:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2012.04.01 15:55:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2012.04.01 15:55:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2012.04.01 15:55:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2012.04.01 15:55:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2012.04.01 15:55:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2012.04.01 15:55:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2012.04.01 15:55:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2012.04.01 15:55:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2012.04.01 15:55:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2012.04.01 15:55:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2012.04.01 15:55:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2012.04.01 15:44:50 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat
[2012.03.10 02:10:44 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.03.07 12:10:18 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.03.07 11:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.03.07 11:54:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2012.03.07 11:47:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.03.07 09:05:21 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol
[2011.06.07 22:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.04.01 23:05:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.contentlauncher
[2012.03.07 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012
[2012.09.29 19:38:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft
[2012.09.29 19:39:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.03.10 00:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView
[2012.04.01 23:05:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\juv
[2012.04.01 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Klett
[2012.03.10 00:40:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX
[2012.04.01 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\pdfforge
[2012.04.23 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Salfeld
[2012.03.07 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Splashtop
[2012.03.07 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird
[2012.03.10 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TIPP10
 
========== Purity Check ==========
 
 

< End of report >
         

 OTL Extras logfile created on: 11.11.2012 03:55:54 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Admin\Downloads\Sicherheit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 49,11% Memory free
6,99 Gb Paging File | 4,95 Gb Available in Paging File | 70,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 37,06 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 385,00 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 48,69 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 394,40 Gb Total Space | 392,55 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
 
Computer Name: KI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21AB96E3-37E6-4106-B60E-1EE8F44A420A}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{2B58DF1B-AFF5-45AA-842D-48B35067D4EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{39B06442-D575-47F1-B126-D4B5B973EBAA}" = lport=137 | protocol=17 | dir=in | app=system | 
"{4E3C2A6A-3B67-4B9C-B4B3-FE577A795BB3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{4ED8A1FB-49DA-44FD-8236-2E0A81578CF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{535CC1FC-1283-4130-B0E4-4E6A7D02D32E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{65DBE268-7730-4483-9CC8-B8D720283541}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{677264A9-64A6-4AE2-AE00-475D40709170}" = rport=139 | protocol=6 | dir=out | app=system | 
"{6BA4096B-4055-426C-B3E3-CECDE6911AC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{6CD82A1D-7339-4D18-A70F-78969CE578C8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{840533CC-B61C-4A5E-883A-83AECBA6E105}" = rport=138 | protocol=17 | dir=out | app=system | 
"{9B225E04-B6F1-40E6-934F-F4E5ED07C7AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A0BEAE1C-4BF4-4A28-B768-325AE52C66D1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{A372594A-5243-4A3F-9C7D-912FA4D7B21B}" = lport=445 | protocol=6 | dir=in | app=system | 
"{A5482350-4953-44C1-93CA-CF7BCCCB4178}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BA28CCA9-5A30-4F1F-B696-34420B7EDF43}" = rport=445 | protocol=6 | dir=out | app=system | 
"{C1A8A867-5D26-49F8-B33E-48130475C8D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{D406D45D-6ECC-4E43-9537-38E52CD77E9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{DF5E5FD7-A3D3-4327-9EC1-02C1C333826A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DFC5DEA4-9F26-4552-886D-4F61960DC0B8}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{FBDD2D65-BCF3-43A6-80E9-A081B916191C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A0A939-B245-433A-8AF2-778AD8D775F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{096F05EA-395F-4ED6-933D-63E4706B2B62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{10B75F77-CAB5-4392-A62D-22BEA16DF6B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{11DCC6DE-624A-49B8-BD4B-A5ED1FB98589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{13918B8F-E7B6-4570-838A-D9FCFF74687B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{159AB4C0-5E95-4F1A-BFAD-AE1120E3E5C7}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\akamai\netsession_win.exe | 
"{192F19B9-1FA6-47F6-9E32-37FF3FAE2950}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{1AF259DD-8D07-4103-B165-CE201D346F1F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 | 
"{2453877C-7F4F-4005-BA23-56F8525D8436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2A37AA77-3941-463F-B390-5FBCAAF2AC47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{3E9A8615-E74D-4315-835D-F2A5C281D187}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{40EE46FE-293A-4F7B-8224-44A5B5889284}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe | 
"{464A6748-1CED-4713-9C3D-A649CC3905B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{49FC6970-1FBF-497C-B533-1C6E65EAC58C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{54CAFEB5-F575-4762-B18F-FF067960B266}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{57BEBF2F-0EB2-4B51-912E-7E2F1404499B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E4A12D8-2ADF-44D9-90AC-3236AAC6C2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{7E378568-E0BF-477B-9D4A-8D9E86815BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe | 
"{8285E526-56F5-4232-94BD-0387D51BF790}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{8CFEA159-1B07-4144-A889-081B34696299}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{8F69A275-5D83-4607-8F1B-6150DA652C13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{9D24028C-B356-4AEB-8B6F-20234313107C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{A18BFF0F-75EA-4F97-B521-BE58A92D8283}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{A56614BF-5776-4700-A031-B50013E4E900}" = protocol=6 | dir=out | app=system | 
"{B4C766C7-2C70-4009-AD50-EAC98C5ABA30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{C21940E8-08BC-4A8A-B7C0-E42238ECB993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CB04BEF5-B34C-437A-974B-1C0FD570DACA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D0E99404-354B-497E-AA93-CC1D0B9F7D03}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\akamai\netsession_win.exe | 
"{D18CD604-346C-4F92-A561-D6969FAB0184}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{F6868D94-77BA-47ED-B08D-5FE577873624}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe | 
"{FA3A9B4D-3B23-40A4-8B79-BB4F9A1CFA94}" = protocol=58 | dir=in | app=system | 
"TCP Query User{C3E441AA-596E-4739-8498-A7A4C1A76FAD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"UDP Query User{C87426E4-B9C5-4BF2-A26D-B1890FAAAAE9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{4E09871F-1285-CE5A-F1E1-74EE9537D1F3}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{822D0F14-D815-8540-3264-839DB958DE66}" = AMD Media Foundation Decoders
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DDD72DB8-BB69-1AE3-9E21-BFD1CB87AEDF}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0F6199F2-A00F-E0D3-9AA8-A8C77CBA71E5}" = CCC Help Korean
"{15D2ABC9-D0E1-8FED-0124-22B3D631B65E}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{242B2601-AF61-42B7-B6DB-B1C34FE5830F}" = Wii Xploder Cheat Saves and Media Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A23E37B-DE77-98FB-8538-AD4B0D6EE632}" = CCC Help Swedish
"{2BA3C106-F8CE-9381-6D8E-AACA006386A1}" = CCC Help Norwegian
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E560D11-B767-46CF-47EC-CEACD190BE40}" = Catalyst Control Center Graphics Previews Common
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0704.1
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5347A5BA-9390-E244-5529-636DFEB5A869}" = CCC Help French
"{5E7626D4-61D6-05F9-5ED1-E633DCECC618}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B5FC28-2C93-C7CC-91C3-805AC5EEE795}" = CCC Help Spanish
"{62AF1819-74A4-6260-0702-783ADF29C21F}" = AMD VISION Engine Control Center
"{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare
"{6A85A2E4-C06D-0021-1627-1B35BDBCB480}" = CCC Help Greek
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{768CA608-CBDB-D1F1-FB8E-4D5DBF2117B4}" = CCC Help Russian
"{8109378D-FF10-7794-F864-DE78FD082164}" = CCC Help Turkish
"{82465076-8328-2F93-E01D-88ADFEA62ABC}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A96FB74-09A1-8157-4FBF-89A1AFC9D0D8}" = CCC Help Thai
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC9C809-6A85-8CED-1153-95B1FB4B4D73}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11255.1
"{A4FBF47A-178D-11C0-CF85-174AB58E854A}" = CCC Help Finnish
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A670706C-6792-16E7-409E-0BA8964DEB16}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0674260-49DC-5A89-63F3-18F7B7CF0105}" = CCC Help Dutch
"{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10
"{B836D1A0-3FD2-CCE4-E55B-73F78D83C3CB}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C6317628-C85F-4CEE-A2A7-8D4477EC7C24}" = Red Line 2 Sprachtrainer
"{C6DD7119-47BD-2049-C198-CDA0C62406D4}" = CCC Help Polish
"{CDA34A2D-8E04-39EC-A1AC-F05E57A32A26}" = CCC Help Danish
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA55C3AE-41D7-D163-62B1-C0D6B0D6C3C2}" = Catalyst Control Center InstallProxy
"{DEC2B592-A6C8-81C3-32AA-179A8EE15DA8}" = CCC Help German
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E46210DE-11E9-F0FD-3D25-3AC39066A2FE}" = CCC Help English
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54C0A3F-D78F-BF70-C4BD-12A4A983B866}" = CCC Help Italian
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FC9ADE57-C19B-AE0F-7EFD-03B7D76CFD46}" = CCC Help Chinese Traditional
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Audition Online1.2.6064" = Audition Online
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ffdshow_is1" = ffdshow [rev 1953] [2008-05-04]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0704.1
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2012
"Lernerfolg Grundschule Mathematik 1" = Lernerfolg Grundschule Mathematik 1
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"SADK" = Die Siedler - Aufbruch der Kulturen
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wizard101(DE)_is1" = Wizard101(DE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10.11.2012 21:48:42 | Computer Name = Ki-PC | Source = ESENT | ID = 455
Description = Windows (3776) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0014F.log.
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >