Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Bundespolizei Virus (PC gesperrt)/ wpbt0.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.11.2012, 15:36   #1
Jikklas
 
Bundespolizei Virus (PC gesperrt)/ wpbt0.dll - Standard

Bundespolizei Virus (PC gesperrt)/ wpbt0.dll



Hallo,
beim surfen hab ich mir gestern wohl diesen Bundespolizei Virus eingefangen.
Auf dem Bildschirm stand, dass mein Computer gesperrt sei. Habe daraufhin den Rechner sofort ausgeschaltet und beim Neustart ist das Problem nicht mehr aufgetaucht. Habe eine wpbt0.dll in
%USERPROFILE%/AppData/Local/Temp , die denk ich mal der Virus ist.
Habe den entprechenden Eintrag im Autostart deaktiviert und bräuchte jetzt Hilfe beim entfernen.

Habe Windows 7 Home Premium 64bit

Hier paar Logs:

defogger_disable.log

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:58 on 30/11/2012 (Nikita)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-




OTL.txt

OTL logfile created on: 11/30/2012 2:58:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikita\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3.85 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.71% Memory free
7.71 Gb Paging File | 5.94 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.66 Gb Total Space | 275.09 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
Drive E: | 702.83 Mb Total Space | 508.56 Mb Free Space | 72.36% Space Free | Partition Type: UDF

Computer Name: NC-PC | User Name: Nikita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/11/30 14:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikita\Desktop\OTL.exe
PRC - [2012/11/26 14:42:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/11/26 14:42:09 | 000,384,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/11/26 14:42:09 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/10/13 01:31:40 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/08/29 11:03:38 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2011/08/04 19:11:28 | 000,247,872 | ---- | M] () -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe
PRC - [2011/03/18 18:56:37 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla\Firefox\firefox.exe
PRC - [2010/08/05 09:08:56 | 003,241,840 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2010/07/30 09:20:18 | 001,752,680 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe
PRC - [2010/03/18 03:57:46 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\Cyberlink\Shared files\brs.exe
PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2010/01/19 03:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 4\WCScheduler.exe
PRC - [2009/11/02 06:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009/07/06 06:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe


========== Modules (No Company Name) ==========

MOD - [2011/03/18 18:56:37 | 001,874,904 | ---- | M] () -- C:\Program Files\Mozilla\Firefox\mozjs.dll
MOD - [2009/11/02 06:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 06:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll


========== Services (SafeList) ==========

SRV:64bit: - [2012/05/31 13:09:52 | 000,098,576 | ---- | M] (SANDBOXIE L.T.D) [Auto | Running] -- C:\Program Files\Sandboxie\SbieSvc.exe -- (SbieSvc)
SRV:64bit: - [2010/09/22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2010/07/07 19:50:56 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2012/11/29 17:23:56 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/11/26 14:42:22 | 000,085,280 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/11/26 14:42:09 | 000,109,344 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/10/13 01:31:40 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/08/30 22:13:40 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/29 11:03:36 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012/08/21 16:12:24 | 000,018,360 | ---- | M] (Overwolf Ltd) [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2011/08/04 19:11:28 | 000,247,872 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe -- (ICQ Service)
SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012/11/13 13:18:16 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/11/13 13:18:16 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/09/24 09:58:11 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012/08/09 19:45:14 | 000,051,776 | ---- | M] (microOLAP Technologies LTD) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pssdk41.sys -- (PsSdk41)
DRV:64bit: - [2012/05/31 13:09:50 | 000,166,576 | ---- | M] (SANDBOXIE L.T.D) [Kernel | On_Demand | Running] -- C:\Program Files\Sandboxie\SbieDrv.sys -- (SbieDrv)
DRV:64bit: - [2012/03/01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/09/15 10:41:02 | 000,078,928 | ---- | M] (BitDefender SRL) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bdsandbox.sys -- (bdsandbox)
DRV:64bit: - [2011/08/28 01:55:18 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011/08/03 19:57:04 | 002,768,384 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2011/07/15 15:12:44 | 000,258,224 | ---- | M] (BitDefender) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avchv.sys -- (avchv)
DRV:64bit: - [2011/03/11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010/07/07 20:30:10 | 007,195,648 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010/07/07 19:15:44 | 000,265,728 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2010/06/17 05:34:44 | 000,116,240 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2010/05/21 05:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2010/04/27 08:57:04 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010/02/27 01:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009/09/28 10:22:00 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/06/10 21:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI)
DRV:64bit: - [2009/03/18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010/11/01 17:31:41 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport)
DRV - [2010/02/24 03:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/09/16 19:08:56] [Kernel | Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://samsung.msn.com
IE - HKLM\..\URLSearchHook: - No CLSID value found
IE - HKLM\..\URLSearchHook: {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Amazon.de"
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: pagehacker-nico@nc:1.2
FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledAddons: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledAddons: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledAddons: {e36db930-f18d-4449-b45f-e286cfb9e03a}:4.0.11120600
FF - prefs.js..extensions.enabledAddons: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}:6.0.32
FF - prefs.js..extensions.enabledAddons: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.22
FF - prefs.js..extensions.enabledAddons: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.8
FF - prefs.js..extensions.enabledAddons: battlefieldplay4free@ea.com:1.0.80.2
FF - prefs.js..extensions.enabledAddons: ich@maltegoetz.de:1.4.3
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher@ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.7.2
FF - prefs.js..extensions.enabledAddons: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.2.2
FF - prefs.js..extensions.enabledAddons: {1018e4d6-728f-4b20-ad56-37578a4de76b}:4.2.3
FF - prefs.js..extensions.enabledAddons: {ada4b710-8346-4b82-8199-5de2b400a6ae}:2.0.2
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.12
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: battlefieldheroespatcher@ea.com:5.0.31.0
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:2.0.12
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.1
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:11.0.2.556
FF - prefs.js..extensions.enabledItems: pagehacker-nico@nc:1.2
FF - prefs.js..extensions.enabledItems: {C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}:0.6.0.8
FF - prefs.js..extensions.enabledItems: {F645A8C9-E969-42D9-B3F3-F325537222FD}:1.1.6
FF - prefs.js..extensions.enabledItems: {ada4b710-8346-4b82-8199-5de2b400a6ae}:1.9.9.3.1
FF - prefs.js..extensions.enabledItems: smartbookmarksbar@remy.juteau:1.4.3
FF - prefs.js..extensions.enabledItems: {e968fc70-8f95-4ab9-9e79-304de2a71ee1}:0.7.3
FF - prefs.js..extensions.enabledItems: {e36db930-f18d-4449-b45f-e286cfb9e03a}:4.0.11022100
FF - prefs.js..extensions.enabledItems: {6AC85730-7D0F-4de0-B3FA-21142DD85326}:2.5.5
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: support@predictad.com:1.11
FF - prefs.js..extensions.enabledItems: {29c4afe1-db19-4298-8785-fcc94d1d6c1d}:0.6.2009110501
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: KavAntiBanner@Kaspersky.ru:11.0.2.556
FF - prefs.js..network.proxy.http: "174.137.150.197"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\windows\system32\npDeployJava1.dll (Sun Microsystems, Inc.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: C:\Program Files (x86)\GamersFirst\LIVE!\nplivelauncher.dll File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll File not found
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/09/16 11:53:27 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla\Firefox\components [2011/05/29 21:48:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla\Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/05/19 20:12:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.20\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins

[2011/06/05 12:12:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikita\AppData\Roaming\mozilla\Extensions
[2011/06/05 12:12:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikita\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012/11/23 01:54:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions
[2012/10/11 15:19:13 | 000,000,000 | ---D | M] (Forecastfox) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2012/11/11 13:22:09 | 000,000,000 | ---D | M] (Flagfox) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2011/05/29 21:50:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012/08/05 21:44:04 | 000,000,000 | ---D | M] (ColorZilla) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}
[2012/11/15 16:41:15 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012/11/23 01:54:29 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2011/12/13 22:19:23 | 000,000,000 | ---D | M] (Wired-Marker) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{e36db930-f18d-4449-b45f-e286cfb9e03a}
[2012/08/05 21:44:05 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/05/29 21:50:23 | 000,000,000 | ---D | M] (User Agent Switcher) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}
[2011/05/29 21:50:23 | 000,000,000 | ---D | M] (QuickRestart) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{F645A8C9-E969-42D9-B3F3-F325537222FD}
[2011/05/29 21:50:21 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\battlefieldheroespatcher@ea(2).com
[2012/09/21 20:58:23 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\battlefieldheroespatcher@ea.com
[2012/09/06 21:03:33 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\battlefieldplay4free@ea.com
[2012/05/12 09:26:09 | 000,000,000 | ---D | M] ("Fox Splitter") -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\foxsplitter@piro.sakura.ne.jp
[2012/09/16 14:14:07 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\ich@maltegoetz.de
[2011/05/29 21:50:22 | 000,000,000 | ---D | M] ("Page Hacker") -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\pagehacker-nico@nc
[2011/05/29 21:50:22 | 000,000,000 | ---D | M] (Personas) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\personas@christopher.beard
[2011/05/29 21:50:22 | 000,000,000 | ---D | M] (Smart Bookmarks Bar) -- C:\Users\Nikita\AppData\Roaming\mozilla\Firefox\Profiles\a3ucslrf.default\extensions\smartbookmarksbar@remy.juteau
[2012/08/05 21:34:40 | 000,202,578 | ---- | M] () (No name found) -- C:\Users\Nikita\AppData\Roaming\mozilla\firefox\profiles\a3ucslrf.default\extensions\jid1-kV5U6puWw0Cdvg@jetpack.xpi
[2012/10/05 14:11:02 | 000,202,016 | ---- | M] () (No name found) -- C:\Users\Nikita\AppData\Roaming\mozilla\firefox\profiles\a3ucslrf.default\extensions\{C0CB8BA3-6C1B-47e8-A6AB-1FAB889562D9}.xpi
[2012/01/06 17:02:43 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Nikita\AppData\Roaming\mozilla\firefox\profiles\a3ucslrf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/06/02 13:04:34 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA\FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA}

O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (ICQ Sparberater) - {FE163F11-1919-4257-A280-FF5AF8DAEECB} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Winload Toolbar) - {40c3cc16-7269-4b32-9531-17f2950fb06f} - C:\Program Files (x86)\Winload\prxtbWinl.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O4 - HKCU..\Run: [SandboxieControl] C:\Program Files\Sandboxie\SbieCtrl.exe (SANDBOXIE L.T.D)
O4 - Startup: C:\Users\Nikita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\thunderbird.lnk = C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe (Mozilla Messaging)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9:64bit: - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.6 - {7644E42D-B096-457F-8B5B-901238FC81AE} - C:\Program Files (x86)\ICQ7.6\ICQ.exe (ICQ, LLC.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A87E2A79-4A90-4361-AE00-93F04C83D811}: NameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{c2fc9c20-d076-11e0-b21d-002454e7081e}\Shell - "" = AutoRun
O33 - MountPoints2\{c2fc9c20-d076-11e0-b21d-002454e7081e}\Shell\AutoRun\command - "" = G:\Setup.exe
O33 - MountPoints2\{c2fc9c20-d076-11e0-b21d-002454e7081e}\Shell\setup\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/30 14:57:07 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Nikita\Desktop\OTL.exe
[2012/11/30 01:07:02 | 000,000,000 | ---D | C] -- C:\Users\Nikita\AppData\Roaming\SpeedyPC Software
[2012/11/30 01:07:02 | 000,000,000 | ---D | C] -- C:\Users\Nikita\AppData\Roaming\DriverCure
[2012/11/30 01:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\SpeedyPC Software
[2012/11/28 21:53:14 | 000,000,000 | ---D | C] -- C:\Users\Nikita\AppData\Local\Programs
[2012/11/26 14:39:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2012/11/24 19:22:41 | 000,000,000 | ---D | C] -- C:\Users\Nikita\AppData\Roaming\.minecraft
[2012/11/24 15:25:18 | 000,000,000 | ---D | C] -- C:\Users\Nikita\Desktop\Minecraft Server
[2012/11/19 22:11:17 | 000,695,296 | ---- | C] (AnjoCaido) -- C:\Users\Nikita\Desktop\Minecraft.exe
[2012/11/15 16:48:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/11/15 16:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2012/11/15 16:29:54 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012/11/13 13:24:34 | 000,000,000 | ---D | C] -- C:\Users\Nikita\Documents\Registry saves
[2012/11/02 15:08:34 | 000,000,000 | ---D | C] -- C:\Users\Nikita\AppData\Roaming\Avira
[2012/11/02 15:02:59 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/11/02 15:02:59 | 000,098,888 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/11/02 15:02:59 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avkmgr.sys
[2012/11/02 15:02:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011/05/29 21:39:15 | 1182,267,889 | ---- | C] (Gameforge 4D GmbH ) -- C:\Users\Nikita\NosTale_DE_20100804.exe
[2011/05/29 21:39:10 | 012,420,392 | ---- | C] (Mozilla) -- C:\Users\Nikita\Firefox Setup 4.0.exe

========== Files - Modified Within 30 Days ==========

[2012/11/30 14:59:00 | 000,001,110 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/30 14:58:02 | 000,000,000 | ---- | M] () -- C:\Users\Nikita\defogger_reenable
[2012/11/30 14:57:07 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Nikita\Desktop\OTL.exe
[2012/11/30 14:56:39 | 000,050,477 | ---- | M] () -- C:\Users\Nikita\Desktop\Defogger.exe
[2012/11/30 14:56:15 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 14:56:15 | 000,014,144 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/30 14:49:00 | 000,001,106 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/30 14:48:42 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat
[2012/11/30 14:48:38 | 4137,852,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/30 00:42:44 | 000,001,972 | ---- | M] () -- C:\windows\Sandboxie.ini
[2012/11/29 23:23:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/29 14:04:59 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2012/11/25 16:25:15 | 001,528,142 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI
[2012/11/25 16:25:15 | 000,665,014 | ---- | M] () -- C:\windows\SysNative\perfh007.dat
[2012/11/25 16:25:15 | 000,625,156 | ---- | M] () -- C:\windows\SysNative\perfh009.dat
[2012/11/25 16:25:15 | 000,135,150 | ---- | M] () -- C:\windows\SysNative\perfc007.dat
[2012/11/25 16:25:15 | 000,110,794 | ---- | M] () -- C:\windows\SysNative\perfc009.dat
[2012/11/16 13:53:17 | 000,338,672 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT
[2012/11/13 13:18:16 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avipbb.sys
[2012/11/13 13:18:16 | 000,098,888 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\windows\SysNative\drivers\avgntflt.sys
[2012/11/03 02:47:06 | 000,270,240 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.xtr
[2012/11/03 02:47:06 | 000,270,240 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/11/03 02:45:12 | 000,270,240 | ---- | M] () -- C:\windows\SysWow64\PnkBstrB.ex0
[2012/11/02 15:03:07 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk

========== Files Created - No Company Name ==========

[2012/11/30 14:58:02 | 000,000,000 | ---- | C] () -- C:\Users\Nikita\defogger_reenable
[2012/11/30 14:56:39 | 000,050,477 | ---- | C] () -- C:\Users\Nikita\Desktop\Defogger.exe
[2012/11/29 16:47:35 | 000,000,884 | ---- | C] () -- C:\windows\tasks\Adobe Flash Player Updater.job
[2012/11/16 13:46:36 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012/11/16 07:25:23 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012/11/02 15:03:07 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012/08/11 21:56:17 | 000,270,240 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe
[2012/08/11 21:56:15 | 000,076,888 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe
[2012/07/20 02:58:46 | 000,007,597 | ---- | C] () -- C:\Users\Nikita\AppData\Local\Resmon.ResmonCfg
[2012/07/07 10:04:53 | 015,379,697 | ---- | C] () -- C:\Users\Nikita\Firefox 4.0 (de) - 2012-07-07.pcv
[2012/06/17 16:00:03 | 000,000,880 | ---- | C] () -- C:\Users\Nikita\.recently-used.xbel
[2012/06/13 19:34:46 | 000,001,972 | ---- | C] () -- C:\windows\Sandboxie.ini
[2012/03/31 15:38:51 | 000,000,094 | ---- | C] () -- C:\Users\Nikita\AppData\Local\fusioncache.dat
[2012/03/31 15:37:33 | 001,555,638 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI
[2012/03/19 15:25:22 | 000,073,422 | ---- | C] () -- C:\Users\Nikita\AppData\Roaming\icarus-dxdiag.xml
[2012/01/20 20:55:10 | 003,360,624 | ---- | C] () -- C:\windows\SysWow64\pbsvc.exe
[2011/11/25 21:17:02 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll
[2011/11/25 19:30:10 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll
[2011/10/13 21:30:24 | 000,042,392 | ---- | C] () -- C:\windows\SysWow64\xfcodec.dll
[2011/09/30 12:45:21 | 000,000,680 | RHS- | C] () -- C:\Users\Nikita\ntuser.pol
[2011/09/03 15:30:14 | 000,000,169 | ---- | C] () -- C:\windows\wininit.ini
[2011/08/27 00:34:09 | 000,201,836 | ---- | C] () -- C:\ProgramData\1314401404.bdinstall.bin
[2011/07/28 22:23:09 | 000,017,408 | ---- | C] () -- C:\Users\Nikita\AppData\Local\WebpageIcons.db
[2011/07/28 09:30:09 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011/05/29 21:44:04 | 000,789,638 | ---- | C] () -- C:\Users\Nikita\MozBackup-1.4.10-EN.exe
[2011/05/29 21:39:03 | 011,088,945 | ---- | C] () -- C:\Users\Nikita\Firefox 4.0.1 (de) - 2011-05-28.pcv
[2011/05/29 20:43:25 | 000,131,368 | ---- | C] () -- C:\ProgramData\FullRemove.exe

========== ZeroAccess Check ==========

[2012/11/09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Nikita\AppData\Roaming\Mozilla\Firefox\Profiles\a3ucslrf.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64

[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009/07/14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

========== LOP Check ==========

[2012/11/29 18:32:40 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\.minecraft
[2012/02/19 01:42:27 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\Blender Foundation
[2011/08/28 02:01:19 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\DAEMON Tools Lite
[2012/11/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\DriverCure
[2011/11/19 15:16:15 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\FOG Downloader
[2011/12/26 22:39:04 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\GameRanger
[2012/03/10 23:12:40 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\gtk-2.0
[2011/10/31 23:53:34 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\Need for Speed World
[2011/05/30 20:37:15 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\OpenOffice.org
[2011/08/27 00:31:41 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\QuickScan
[2012/11/30 01:07:02 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\SpeedyPC Software
[2011/06/05 12:12:56 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\Thunderbird
[2012/11/10 01:36:10 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\uTorrent
[2012/08/09 19:45:39 | 000,000,000 | ---D | M] -- C:\Users\Nikita\AppData\Roaming\XLink Kai

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> C:\Users\Public\Desktop\µTorrent.lnk:BDU

< End of report >



EXTRA.txt

OTL Extras logfile created on: 11/30/2012 2:58:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Nikita\Desktop
64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Schweiz | Language: DES | Date Format: dd.MM.yyyy

3.85 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 63.71% Memory free
7.71 Gb Paging File | 5.94 Gb Available in Paging File | 77.08% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 445.66 Gb Total Space | 275.09 Gb Free Space | 61.73% Space Free | Partition Type: NTFS
Drive E: | 702.83 Mb Total Space | 508.56 Mb Free Space | 72.36% Space Free | Partition Type: UDF

Computer Name: NC-PC | User Name: Nikita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla\Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0134724F-DF8B-4B92-9EB7-6A466B9AE209}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{02F4FA8E-7A8C-4F67-888F-C6835FE14E60}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{04978C38-F648-444E-8287-FFAB71957697}" = rport=138 | protocol=17 | dir=out | app=system |
"{0796E07C-50A9-4B58-B863-A1D41CFECA10}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{16B619BE-CEA2-409B-98DC-B4E6E9A2C008}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{19554244-28D1-4623-A88B-5D604F7C7C9F}" = rport=10243 | protocol=6 | dir=out | app=system |
"{1A9D938E-8AA1-4F94-9937-D1B8357E2152}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{2E27AB5E-33F9-4947-A43A-05BE07E827C5}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{2EA7752E-F9D0-4FD6-9458-11E346126CFF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{32B700A0-7440-4F0B-83EC-42D70B38763B}" = rport=445 | protocol=6 | dir=out | app=system |
"{3EAC7A61-0E60-4195-B7D5-C958B607D9BE}" = rport=137 | protocol=17 | dir=out | app=system |
"{41CF949A-F95D-4F85-9244-D0C1257BA536}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{4CF488B2-E46A-41A3-878F-256D50D23F30}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{547E1F5A-6037-4387-B977-E318B3AA3A09}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{66AAC750-6244-4EA4-8508-8E72F2B02D2B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
"{705E6488-E2DB-47D3-944D-2B386F5F9626}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7262E5B1-A818-4DC9-B336-31C4781DBA94}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{75B26260-A869-48E6-B588-D71C5836E1EB}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{7796EFEF-A240-4BF5-B3EC-AF7406A6065F}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
"{7C27D4A4-7B7A-4DD0-9620-120667A4AF79}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{7CA56EF5-3C4D-4845-9167-4CD0FB4D820C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{811214DA-F372-40C6-81FF-AD0DFD5E7706}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8696D7FF-86F1-4125-9EDD-DCD5DE2C5C9B}" = lport=137 | protocol=17 | dir=in | app=system |
"{A2306957-2B97-467F-ABA8-0377139B58E6}" = lport=445 | protocol=6 | dir=in | app=system |
"{A52DC306-ADF3-41F5-8657-295CD2038860}" = lport=139 | protocol=6 | dir=in | app=system |
"{B31B6D24-09AA-42A2-8658-1CBF8063AD16}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{B90E2E81-AEB8-4A66-B27E-2387FD33F8E2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{C0548D19-3A54-426B-97F5-0CA59D044E1F}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{C27EDEE5-3E53-42A1-8589-6811D450AF4B}" = lport=30000 | protocol=6 | dir=in | name=xlink kai |
"{CB98DC28-B41E-4F8A-B58A-5452731B24E5}" = rport=139 | protocol=6 | dir=out | app=system |
"{E28D1718-D95C-4B2D-A4A5-BAB7906653FD}" = lport=138 | protocol=17 | dir=in | app=system |
"{E6CFEE86-A211-4CD3-AB71-5D5A9F6B7467}" = lport=2869 | protocol=6 | dir=in | app=system |
"{E8F394AB-0A38-4E0C-A0F1-61E9E16CFBE9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EC380E06-5137-471D-BF19-AE6605873290}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EE98A7DE-2AF4-489A-8B31-1282813DD115}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{F33D2659-DAE9-4688-A0A7-1EB772ACEC4F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02469AF1-9134-4B1B-909A-972AA5C83CC2}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{067EB8C9-5B43-4CD4-9783-00F9E8B1A1B0}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{06C2A8D2-DDA6-44DC-B9C5-450A59FF02CC}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe |
"{07A535C4-94DE-4CE0-AD95-CE429B6D418E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{08481E51-4EAD-4CD1-8AD7-5DD719FE248B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{0B396864-7B74-441D-AF7C-44101BFE3F2C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{1336FBBD-925F-4387-81C0-99FF783D4AC4}" = protocol=6 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{17A25285-7DC7-45D2-9A53-1FAEF35EFF1E}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{184DCAAD-F7E8-40DC-93F9-579B9D1B3A29}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe |
"{1A0A0F85-5631-476E-8D1B-245C8AB1D19A}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"{1D05F068-3923-4390-8E9D-EB8457B1AFD6}" = protocol=17 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe |
"{206E4616-1A56-4079-93B0-3C9410394BD3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{20FB1138-8DBE-4D58-89AF-93B7F5FFE6C0}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{23044F64-28B9-453A-B980-859CC0829C00}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe |
"{2415B415-DCC3-4886-913A-ED4810A70032}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"{2548DA89-1235-4D6C-B84C-5ADF36F99B8D}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe |
"{2D187FF8-59BE-46E1-9855-C8985260E2C4}" = protocol=6 | dir=in | app=c:\users\nikita\appdata\roaming\gameranger\gameranger\gameranger.exe |
"{2E75DDD6-7DE7-434A-B31E-CA58107BFDE2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3403C58D-C2E5-437F-A470-2D3BE26490AC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{378B144D-1A59-4C5F-89D7-1F617300C006}" = dir=in | app=c:\program files (x86)\neuer ordner\brickforce\bflauncher.exe |
"{37B213A3-DD05-4874-949A-C70BF06C7FCD}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{38C9D867-96EC-48D4-BD50-48757C71DFF0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{3B0E7D07-59C3-471C-860C-C4B1DEA2B68D}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{3EB92883-EC08-41EB-8437-9F92E9BBD7EC}" = protocol=17 | dir=in | app=c:\users\nikita\appdata\roaming\gameranger\gameranger\gameranger.exe |
"{461045CE-8C7F-409D-A097-DC146F9C5C45}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BC4595D-57F9-40BE-8CFC-DCAA5D8AE5BE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BDC7179-88F4-4717-ADE2-02B199480690}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"{500130BA-02CC-4390-94BF-34239C3F2718}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{50D91476-3A42-47B5-989F-9F038CE9D36D}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{57AFCFE1-DDA0-462F-B05D-45E59FA77587}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{59FD579C-9AFB-4610-AF79-9956AD02A0B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{65324710-933E-4898-8340-0A37560A8FDF}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{6894BA10-D34B-44FE-B6E4-04AC7B5C1B89}" = dir=in | app=c:\program files (x86)\gpotato\allods\allods online\bin\launcher.exe |
"{69E82521-756A-4D4A-98C6-371CD5B1D6EE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{72A463B8-A6C3-48CC-BFBF-0EA723462F20}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{85146BAE-1057-47D4-BCD4-9E55C3A3D63A}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{887ACAD6-4145-41A5-8528-C3501FBD3547}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89064197-9FB7-4C00-84D4-0738A28ABF92}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{93831274-1351-4F03-A0E9-DE2A6CF834F1}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{9707CF0B-7DE6-4A86-B05A-30627BB3213E}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{9E02AC27-4233-4356-9119-551E984CB679}" = protocol=6 | dir=out | app=system |
"{9F840B99-D6A5-4AB8-9075-303A55E95F78}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{A8459033-55A6-4DA0-8BBE-EA9336600E23}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{AB1AD9AB-9A58-4642-A770-C3ACBBC094AF}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{AB43E437-ED3B-480D-9E23-A8BCC360B7F2}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe |
"{ACF2ADAE-7A23-4DE8-B91C-0BB8773C173B}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{BA27DD54-A239-41C1-B8D5-5396AAF0AFC4}" = dir=in | app=c:\program files (x86)\neuer ordner\brickforce\brickforce.exe |
"{CE3565CA-E417-4CB3-8A76-9A3D28C9973D}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D019D6E5-8933-4EDD-B3AF-8EC90B4E47D5}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{D34BFEAA-1509-4254-8B8F-BA22D4E70FC6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{DB09DA65-939B-4606-8A99-7B7F56CA9492}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{DFF33FFE-44C6-4E9F-B838-2B2627002141}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{E3E17309-557F-4F51-A9A8-9AC9F73FFDFA}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{E4E33B15-F3A8-4DB5-B5E9-EB036ED26850}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{E5D41A44-CD4A-44F1-B3E6-72040D90AA1E}" = protocol=6 | dir=in | app=c:\users\christian\appdata\local\temp\cf_downloader.exe |
"{E6D7B623-F797-49AB-905E-C09D66E38F90}" = protocol=17 | dir=in | app=c:\program files (x86)\utorrent\utorrent.exe |
"{EC9E2000-0759-4073-A671-FF67C5017CCF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{EE8F9B87-8DBA-4163-B21D-72230B5AE4FE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dungeondefenders.exe |
"{F17A15C6-A181-4FA1-A7A4-1217335A3551}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{F289D2C2-7891-4F65-97F2-1AFD25A975CA}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{F41DBF81-1BC7-4223-89CD-5261652F73BE}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F4922CBF-796E-4F58-A783-D1AEB969BDDD}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F58E1356-2637-42B9-A6B1-C969340F8B4C}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.6\icq.exe |
"{F5C4644B-1233-439E-92E0-10E00D79CC96}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F72ED72E-A47B-4E93-B5C9-A6C29CDB4449}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F910FC6B-8130-4021-945A-1CD324B11D28}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{FF74FC5C-41DA-4067-A740-55BCDCB9A234}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"TCP Query User{0F619DB8-9134-481D-923D-202B61C19D7A}C:\program files (x86)\microsoft games\age of mythology\aomx.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"TCP Query User{2964CD9E-1CD1-42AD-8AA5-DB6CDC11C9C8}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{3B7FDC33-DE2A-433D-BB44-8844F5426822}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{57FD2361-CAE4-463D-BA90-2850EFF692F5}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{5BA9E732-8AED-4266-88B2-F163983B3D3E}C:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe |
"TCP Query User{697DC0ED-860E-4AF6-A47B-D7AF7EC150BE}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"TCP Query User{75857125-C3C3-4268-8DA8-9AE40B7FC105}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"TCP Query User{75AA7E82-6BBF-42A6-9646-778A48223954}C:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe |
"TCP Query User{8093E777-B5FA-4FF8-8039-DCFFB6B141FB}C:\users\nikita\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=6 | dir=in | app=c:\users\nikita\appdata\roaming\gameranger\gameranger\gameranger.exe |
"TCP Query User{85C92EB8-8E6F-4343-B80C-7E5A34CCD9F3}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe |
"TCP Query User{9DE97C89-5E03-46D0-AC5B-237FC69CA03F}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"TCP Query User{9EE7BB26-56E6-46CB-8595-5F589AE0B094}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"TCP Query User{A7F928E8-F06E-4251-B55E-FB5FA5DCB907}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"TCP Query User{C72F9254-4925-4A14-924B-4E6EB4FFA885}C:\program files (x86)\lord of the rings online\game\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\lord of the rings online\game\lotroclient.exe |
"TCP Query User{E7121C0F-E9BA-429B-9B7C-07E9D299F811}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"TCP Query User{F141B913-15BA-406F-8F1E-88E1A81F5CC8}C:\windows\syswow64\javaw.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{00460339-1D4E-4161-9711-359E83D6B811}C:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\dungeon defenders\binaries\win32\dundefgame.exe |
"UDP Query User{0E907B55-F5B2-465C-9ED0-D006138789D8}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{0F2FFFDA-06BA-4596-BCDB-4EB664639FC3}C:\program files (x86)\ea games\battlefield heroes\bfheroes.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield heroes\bfheroes.exe |
"UDP Query User{1A41FBA7-3DCD-4F59-947E-51D35283BDA1}C:\program files (x86)\microsoft games\age of mythology\aom.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aom.exe |
"UDP Query User{1C92E062-E5B3-4DD4-89C9-B801CD66F8A5}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe |
"UDP Query User{2D9CF510-2C6F-41B1-8E37-B241C036AD24}C:\users\nikita\appdata\roaming\gameranger\gameranger\gameranger.exe" = protocol=17 | dir=in | app=c:\users\nikita\appdata\roaming\gameranger\gameranger\gameranger.exe |
"UDP Query User{3A710697-D346-4312-9167-FD6DC0183A15}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{3D777EAC-2396-4CC9-86BF-9410056BA018}C:\program files (x86)\lord of the rings online\game\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\lord of the rings online\game\lotroclient.exe |
"UDP Query User{920FC3BA-427F-420D-A4C6-485B46A2C832}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe |
"UDP Query User{9282F31C-196F-4401-AA7F-FFF11983262E}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{A15134C0-C103-474C-9A73-1B38545E32E2}C:\windows\syswow64\javaw.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\javaw.exe |
"UDP Query User{D3B83014-812D-4661-92ED-B97BE8523EB3}C:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe |
"UDP Query User{DA49B8CC-9967-4C05-B70E-ADB8274BD3F2}C:\program files (x86)\xlink kai\kaiengine.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xlink kai\kaiengine.exe |
"UDP Query User{E3A4DCD0-2B33-47C0-8C69-E5F874905DFE}C:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\jikklas\team fortress 2\hl2.exe |
"UDP Query User{E3F950A2-A75D-4649-AF20-57C1D63A6CB4}C:\program files (x86)\microsoft games\age of mythology\aomx.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\age of mythology\aomx.exe |
"UDP Query User{F4B4F5B2-1DF4-4F40-A0F8-4E884F13F519}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417009FF}" = Java 7 Update 9 (64-bit)
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5635224E-675C-B94C-43EE-70BCD39BF30B}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8924153C-F29D-3F27-3AAB-389F3B661AD4}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"Broadcom 802.11 Network Adapter" = Broadcom 802.11 Network Adapter
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Sandboxie" = Sandboxie 3.70 (64-bit)
"SynTPDeinstKey" = Synaptics Pointing Device Driver

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"{02F3B756-11B3-8077-7FA7-709DDDBAEFD3}" = CCC Help French
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{0620AFAE-46B1-AECB-0D8D-DC6884F72BF5}" = Catalyst Control Center Localization All
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0DFD17F6-0EFB-3CBA-0692-ED193A6F847A}" = CCC Help Norwegian
"{11060D31-08ED-8F55-BB38-0F194E0FE68E}" = CCC Help German
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21F22617-30EA-55D0-C023-574DEFA72935}" = CCC Help English
"{24691EC2-44CA-88CE-D7D8-673C9C21DABB}" = CCC Help Czech
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{28006915-2739-4EBE-B5E8-49B25D32EB33}" = Atheros Client Installation Program
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2ABC63E9-8E74-F261-4937-C49438279633}" = ccc-core-static
"{2DDC70C1-C77A-4D08-89D2-9AB648504533}" = Easy Content Share
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{41EB4D8C-797B-88DA-9CFD-C265BDEF3BE7}" = CCC Help Greek
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A331D24-A9E8-484F-835E-1BA7B139689C}" = EasyBatteryManager
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{559D1FDB-6D5C-4EF3-8F63-5E1E93A0A244}" = Easy Network Manager
"{56FD9B91-F0EE-A2AE-7289-28E3110C0D08}" = CCC Help Swedish
"{57BC1FEB-421D-469C-B07B-C8095596A224}" = XLink Kai
"{58240652-2AC8-80E3-B980-7E6F58D64CB3}" = CCC Help Japanese
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5AE3D9F1-9E9E-4015-8787-E22705AA32C5}" = msxml4
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{690E2911-8512-65D8-1237-A0E43865F226}" = Catalyst Control Center Graphics Previews Common
"{6C7CF28E-535B-D453-E935-524116E5D8F3}" = CCC Help Portuguese
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72263053-50D1-4598-9502-51ED64E54C51}" = Borland Delphi 7
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7644E42D-B096-457F-8B5B-901238FC81AE}" = ICQ7.6
"{765DB2B0-943A-1F96-AA98-0DE4BD5ECF98}" = Catalyst Control Center InstallProxy
"{77AA84F1-4A5F-34F6-E9FB-75B234E36748}" = CCC Help Korean
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110109903}" = Flip Words
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110160733}" = Slingo
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110245793}" = Insaniquarium Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110521483}" = Gem Shop
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111307457}" = Galapago
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111768557}" = Bonbon Quest
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113128447}" = Daycare Nightmare
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{976A7F36-3904-3444-588F-A4A47DA7DAAA}" = CCC Help Hungarian
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E77CE91-C520-6284-5340-2FED3E34537F}" = CCC Help Chinese Standard
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A4A3BD6D-F267-199A-F402-AC9D8C6A5A1F}" = CCC Help Thai
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC0E0FA6-B945-4F48-BC36-055FCB0DB42B}" = Overwolf
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B4E5E04E-3738-2736-4925-267AB9A313B0}" = CCC Help Spanish
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B6D8DC8C-F077-4631-A221-4D5E1D8E87E7}" = Catalyst Control Center - Branding
"{B7DB6FC7-631D-8767-A3DF-4B1467611D3C}" = CCC Help Turkish
"{B8ABD8C7-991E-4A70-B5A3-20C6FC680680}" = LogMeIn Hamachi
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2011.build.49 (July 1st, 2011) Version v2011.build.49
"{BAE68339-B0F6-4D33-9554-5A3DB2DFF5DA}" = User Guide
"{BCE95123-10EF-BF71-EFCC-27413278630B}" = CCC Help Italian
"{BD2E478F-C249-FF8B-F544-E22061BA03C5}" = CCC Help Russian
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C4582EED-A3FB-4358-8F3F-8C994460DF28}" = EasyFileShare
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C96BDE6D-EA35-1445-1E08-634171AE3C82}" = CCC Help Chinese Traditional
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D1434266-0486-4469-B338-A60082CC04E1}" = Atheros Client Installation Program
"{D1F6FBBB-B204-459A-9BF8-D06FFAB96CCC}_is1" = Game Pack
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D3F2FAA5-FEC4-42AA-9ABA-1F763919A2B5}" = Samsung Update Plus
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D6C630BF-8DBB-4042-8562-DC9A52CB6E7E}" = Intel(R) Turbo Boost Technology Driver
"{DD048DE6-3FD4-F4C2-A98D-A185CA4D94BA}" = CCC Help Danish
"{DD953122-ECF9-E725-AF9C-BA4C08AAC1B1}" = Catalyst Control Center Graphics Previews Vista
"{DEA314C4-0929-4250-BC92-98E4C105F28D}" = NVIDIA PhysX
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E308B555-8434-4AF8-B66F-729897C75F93}" = BatteryLifeExtender
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E912365F-9F51-C5A0-8153-FEFCFF276608}" = CCC Help Polish
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F687E657-F636-44DF-8125-9FEEA2C362F5}" = Samsung Support Center
"{F6AD00BA-3229-D390-84CA-685BFF2F6C21}" = CCC Help Dutch
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE163F11-1919-4257-A280-FF5AF8DAEECB}" = ICQ Sparberater
"{FEF8EFCC-F745-9EB2-B313-9902D03A4C5D}" = CCC Help Finnish
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.05.01.8027
"7-Zip" = 7-Zip 9.20
"8458-4195-6614-3708" = Vektoris3D 2.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Age of Mythology 1.0" = Age of Mythology
"Age of Mythology Expansion Pack 1.0" = Age of Mythology - The Titans Expansion
"AstrumNival Allods" = Allods Online 3.0.04.41
"Avira AntiVir Desktop" = Avira Free Antivirus
"Brick-Force" = Brick-Force
"DAEMON Tools Lite" = DAEMON Tools Lite
"FLV Player" = FLV Player 2.0 (build 25)
"GamersFirst LIVE!" = GamersFirst LIVE!
"GeoGebra" = GeoGebra
"ICQToolbar" = ICQ Toolbar
"Icy Tower v1.5_is1" = Icy Tower v1.5
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink Blu-ray Disc Suite
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"LogMeIn Hamachi" = LogMeIn Hamachi
"Marvell Miniport Driver" = Marvell Miniport Driver
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"MozBackup" = MozBackup 1.4.10
"Mozilla Firefox 4.0 (x86 de)" = Mozilla Firefox 4.0 (x86 de)
"Mozilla Thunderbird (3.1.20)" = Mozilla Thunderbird (3.1.20)
"NirSoft ShellExView" = NirSoft ShellExView
"NosTale(DE)_is1" = Nostale(DE)
"OpenLibraries" = OpenLibraries
"PlayChess" = PlayChess
"PunkBusterSvc" = PunkBuster Services
"ST6UNST #1" = LMNOpc Bitmap Font Builder
"Steam App 13140" = America's Army 3
"Steam App 440" = Team Fortress 2
"Steam App 65800" = Dungeon Defenders
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UltraISO_is1" = UltraISO Premium V9.53
"uTorrent" = µTorrent
"WinGimp-2.0_is1" = GIMP 2.6.11
"WinLiveSuite" = Windows Live Essentials
"Winload Toolbar" = Winload Toolbar
"Xfire" = Xfire (remove only)

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/2/2012 11:18:27 AM | Computer Name = NC-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 11/4/2012 5:50:14 PM | Computer Name = NC-PC | Source = EventSystem | ID = 4622
Description =

Error - 11/6/2012 1:04:18 PM | Computer Name = NC-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 11/8/2012 8:12:49 AM | Computer Name = NC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3508.1109,
Zeitstempel: 0x4cda7240 Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
2.0.10175.3910, Zeitstempel: 0x4b9715b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9d8
ID
des fehlerhaften Prozesses: 0xc38 Startzeit der fehlerhaften Anwendung: 0x01cdbdaa2dbaf282
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
9c1c817e-299d-11e2-9264-8f6873efb2b0

Error - 11/10/2012 7:32:32 AM | Computer Name = NC-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: msnmsgr.exe, Version: 15.4.3508.1109,
Zeitstempel: 0x4cda7240 Name des fehlerhaften Moduls: YCWebCameraSource.ax, Version:
2.0.10175.3910, Zeitstempel: 0x4b9715b8 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0000c9d8
ID
des fehlerhaften Prozesses: 0xc28 Startzeit der fehlerhaften Anwendung: 0x01cdbf3700fe37bc
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\CyberLink\YouCam\YCWebCameraSource.ax
Berichtskennung:
5079ca0a-2b2a-11e2-ad83-e7bb5a51b2b8

Error - 11/10/2012 10:46:08 PM | Computer Name = NC-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/11/2012 6:06:00 AM | Computer Name = NC-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

Error - 11/11/2012 5:42:00 PM | Computer Name = NC-PC | Source = EventSystem | ID = 4621
Description =

Error - 11/12/2012 7:49:50 PM | Computer Name = NC-PC | Source = EventSystem | ID = 4622
Description =

Error - 11/13/2012 12:55:16 PM | Computer Name = NC-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\mozbackup\dll\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files (x86)\mozbackup\dll\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.

[ System Events ]
Error - 11/18/2012 2:38:28 PM | Computer Name = NC-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 11/18/2012 2:38:28 PM | Computer Name = NC-PC | Source = WMPNetworkSvc | ID = 866333
Description =

Error - 11/19/2012 2:48:57 AM | Computer Name = NC-PC | Source = DCOM | ID = 10016
Description =

Error - 11/26/2012 9:41:35 AM | Computer Name = NC-PC | Source = DCOM | ID = 10016
Description =

Error - 11/27/2012 1:43:25 PM | Computer Name = NC-PC | Source = DCOM | ID = 10016
Description =

Error - 11/28/2012 1:46:19 AM | Computer Name = NC-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.

Error - 11/28/2012 1:47:18 AM | Computer Name = NC-PC | Source = DCOM | ID = 10016
Description =

Error - 11/29/2012 2:22:46 AM | Computer Name = NC-PC | Source = DCOM | ID = 10016
Description =

Error - 11/29/2012 2:26:31 AM | Computer Name = NC-PC | Source = DCOM | ID = 10016
Description =

Error - 11/29/2012 8:16:37 PM | Computer Name = NC-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet: %%1062


< End of report >



Danke schonmal im Voraus.

Alt 30.11.2012, 22:09   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Bundespolizei Virus (PC gesperrt)/ wpbt0.dll - Standard

Bundespolizei Virus (PC gesperrt)/ wpbt0.dll



Hallo und

Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
__________________

__________________

Antwort

Themen zu Bundespolizei Virus (PC gesperrt)/ wpbt0.dll
7-zip, antivir, avira, bho, bildschirm, computer, error, fehler, firefox, flash player, home, install.exe, installation, logfile, mozilla, object, plug-in, problem, realtek, registry, richtlinie, scan, security, software, super, svchost.exe, teamspeak, tower, user agent, virus, windows, winload toolbar




Ähnliche Themen: Bundespolizei Virus (PC gesperrt)/ wpbt0.dll


  1. Trojaner/Virus, Firefoxfenster lässt sich nicht Schliessen "Ihr Browser hat gesperrt", Bundespolizei, Paysafe Card
    Log-Analyse und Auswertung - 07.01.2014 (10)
  2. von Bundespolizei gesperrt
    Plagegeister aller Art und deren Bekämpfung - 10.12.2013 (7)
  3. Bundespolizei-Virus Pc ist gesperrt
    Plagegeister aller Art und deren Bekämpfung - 26.11.2013 (6)
  4. "Firefox gesperrt" Bundespolizei virus - Win7
    Log-Analyse und Auswertung - 17.11.2013 (19)
  5. Bundespolizei Browser gesperrt - Virus
    Plagegeister aller Art und deren Bekämpfung - 22.10.2013 (10)
  6. C:\Users\Helmut\AppData\Local\Temp\wpbt0.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Reveton.N.370' [trojan].
    Log-Analyse und Auswertung - 25.09.2013 (11)
  7. Bundespolizei Virus pc gesperrt
    Log-Analyse und Auswertung - 13.12.2012 (1)
  8. Bundespolizei - Virus, Computer account gesperrt
    Log-Analyse und Auswertung - 26.11.2012 (17)
  9. Gvu Bundespolizei Virus Pc gesperrt
    Plagegeister aller Art und deren Bekämpfung - 19.11.2012 (15)
  10. Bundespolizei Virus - Computer gesperrt
    Plagegeister aller Art und deren Bekämpfung - 08.11.2012 (29)
  11. GVU - Virus und seine Bekämpfung (wpbt0.dll)
    Plagegeister aller Art und deren Bekämpfung - 26.10.2012 (13)
  12. Bundespolizei Virus:Ihr Computer wurde gesperrt
    Plagegeister aller Art und deren Bekämpfung - 23.10.2012 (13)
  13. Bundespolizei Virus Pc Gesperrt.!
    Log-Analyse und Auswertung - 12.10.2012 (3)
  14. Bundespolizei Virus, PC ist gesperrt
    Log-Analyse und Auswertung - 28.09.2012 (26)
  15. Bundespolizei XP gesperrt
    Log-Analyse und Auswertung - 05.04.2012 (1)
  16. Bundespolizei Virus, wpbt0.dll Fenster
    Log-Analyse und Auswertung - 29.11.2011 (25)
  17. Bundespolizei Virus/wpbt0.dll
    Log-Analyse und Auswertung - 31.10.2011 (36)

Zum Thema Bundespolizei Virus (PC gesperrt)/ wpbt0.dll - Hallo, beim surfen hab ich mir gestern wohl diesen Bundespolizei Virus eingefangen. Auf dem Bildschirm stand, dass mein Computer gesperrt sei. Habe daraufhin den Rechner sofort ausgeschaltet und beim Neustart - Bundespolizei Virus (PC gesperrt)/ wpbt0.dll...
Archiv
Du betrachtest: Bundespolizei Virus (PC gesperrt)/ wpbt0.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.