|
Plagegeister aller Art und deren Bekämpfung: PC langsam nach österreichischem Bundespolizei-VirusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.01.2013, 19:19 | #1 |
| PC langsam nach österreichischem Bundespolizei-Virus Begrüße! ich habe mir zu weihnachten diesen bundespolizeivirus eingefangen(österreichische version falls das was zur sache tut). dann habe ich mal Malwarebytes' Anti-Malware und avg free antivirus scannen lassen - beide haben was gefunden (malwarebytes 14 funde und avg 4). die viren wurden in quarantäne verschoben bzw gelöscht. danach konnte ich wieder normal booten und bei weiteren scans wurde nichts gefunden, jedoch fällt mir auf das der pc bei manchen programmen länger zum starten braucht zB. mit steam um black ops 2 zu spieln. das windows sicherheitscenter lässt sich auch nicht starten da sich der dienst Windows-Verwaltungsinstrumentation nicht starten lässt, es kommt der fehler: dienst Windows-Verwaltungsinstrumentation konnte auf lokaler computer nicht gestartet werden! Fehler 126: Das angegebene Modul wurde nicht gefunden. und meine minianwendung fir mit die ram auslastung zeig spinnt auch herum. sie schreibt mehrere zeilen übereinander und ist somit unlesbar. danke im vorraus |
03.01.2013, 19:23 | #2 |
/// TB-Ausbilder | PC langsam nach österreichischem Bundespolizei-VirusIch habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen. Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst. Ich bedanke mich für deine Geduld.
__________________ |
03.01.2013, 19:52 | #3 |
| PC langsam nach österreichischem Bundespolizei-Virus oke vielen dank (:
__________________ |
03.01.2013, 20:43 | #4 | |
/// TB-Ausbilder | PC langsam nach österreichischem Bundespolizei-Virus Hallo troololol und Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten. Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich. Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist. Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist. Bevor wir loslegen - Hinweise zum Ablauf:
Bevor wir was rumfixen, brauchen wir noch ein paar mehr Informationen. Zitat:
Wichtig: Führe keinen neuen Scan durch, sondern poste nur die schon bestehenden Logs. Schritt 1 Lade Dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
Bitte poste in deiner nächsten Antwort:
__________________ cheers, Leo |
04.01.2013, 15:54 | #5 |
| PC langsam nach österreichischem Bundespolizei-Virus hey leo aber dabei werden eh keine daten von mir gelöscht oder ? auser eventuell infizierte. wie man die logdateien von avg postet weis ich net ^^ hat aber mit denen denk ich nix zu tun weil ich die 2 dateien schon lange am pc hab und diese probleme vorher nicht hatte . Geändert von troololol (04.01.2013 um 16:02 Uhr) |
04.01.2013, 15:59 | #6 |
| PC langsam nach österreichischem Bundespolizei-Virus OTL.txt:OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.01.2013 15:43:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,60% Memory free 5,98 Gb Paging File | 4,03 Gb Available in Paging File | 67,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 273,24 Gb Free Space | 30,35% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.04 15:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.12.13 15:19:39 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012.12.06 21:37:54 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.11.28 16:28:22 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe PRC - [2012.11.28 16:28:16 | 006,655,912 | ---- | M] (Splashtop Inc.) -- C:\Programme\Splashtop\Splashtop Remote\Server\SRFeature.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe PRC - [2012.10.17 02:22:28 | 000,386,920 | ---- | M] (Splashtop Inc.) -- C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.02.10 09:04:44 | 000,676,520 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwmon.exe PRC - [2009.10.16 15:08:52 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdwcoms.exe PRC - [2009.07.21 09:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint II\SetPointII.exe PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NlsSrv32.exe PRC - [2009.03.30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2008.01.18 14:01:02 | 000,307,200 | ---- | M] (FOMINE SOFTWARE) -- C:\Users\*****\New Folder\Window Hide Tool.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2012.12.13 15:19:39 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012.12.06 21:37:54 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.11.15 15:00:05 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c57e9cc78527b9a7bbe4ab8dbf93cff2\WindowsFormsIntegration.ni.dll MOD - [2012.11.15 14:58:16 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\bc9a67c8782211bc4282369952711a0b\UIAutomationProvider.ni.dll MOD - [2012.11.15 14:53:38 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\23de8d00755205c37aa6795b0ce8a42d\System.Xaml.ni.dll MOD - [2012.11.15 14:53:36 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\35cdab6d487e1b650487541f95f4e261\System.Web.ni.dll MOD - [2012.11.15 14:53:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9ef13b66141c6071d45ab738875cb2b4\System.Runtime.Remoting.ni.dll MOD - [2012.11.15 14:48:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll MOD - [2012.11.15 14:42:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll MOD - [2012.11.15 14:41:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll MOD - [2012.11.14 17:24:39 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c22857dbcce7e0320350436e80ec8ab1\PresentationFramework.ni.dll MOD - [2012.11.14 17:24:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\78a485faba9584cfb1a5052a4cbe71e8\PresentationCore.ni.dll MOD - [2012.11.14 17:24:23 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\df5142941549ff71737438c85e565ab3\WindowsBase.ni.dll MOD - [2012.11.14 17:24:22 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\53121a27f94f7335e585384377fc538a\PresentationFramework.Aero.ni.dll MOD - [2012.11.14 17:23:12 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll MOD - [2012.11.14 17:23:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll MOD - [2012.11.14 17:23:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll MOD - [2012.11.14 17:23:05 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll MOD - [2012.11.14 17:23:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c15c94b675becb485d940f8f0068dc5d\System.Configuration.ni.dll MOD - [2012.11.14 17:23:04 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll MOD - [2012.11.14 17:23:00 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll MOD - [2010.02.10 09:04:44 | 000,676,520 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwmon.exe MOD - [2010.02.10 08:51:53 | 000,081,920 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwcaps.dll MOD - [2010.02.10 08:51:37 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwscw.dll MOD - [2010.02.10 08:51:34 | 001,036,288 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwdrs.dll MOD - [2010.02.10 08:25:20 | 000,188,416 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwdatr.dll MOD - [2010.02.10 08:25:11 | 000,069,632 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwcnv4.dll MOD - [2008.12.12 10:15:00 | 000,040,960 | ---- | M] () -- C:\Programme\LG Soft India\forteManager\bin\ContextMenu.dll ========== Services (SafeList) ========== SRV - File not found [Auto | Stopped] -- C:\Users\*****\wgsdgsdgdsgsd.dll -- (Winmgmt) SRV - [2012.12.22 15:20:06 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.12.13 15:19:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.06 21:37:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.28 16:28:22 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.17 02:22:28 | 000,386,920 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService) SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service) SRV - [2012.09.07 15:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc) SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.01.09 04:20:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.10.16 15:08:52 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdwcoms.exe -- (lxdw_device) SRV - [2009.10.16 15:08:40 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService) SRV - [2009.07.21 03:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NlsSrv32.exe -- (nlsX86cc) SRV - [2009.03.30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SRV - [2009.03.30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2009.03.30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SRV - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - [2013.01.04 15:41:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy) DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver) DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX) DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86) DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86) DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix) DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx) DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim) DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86) DRV - [2012.09.11 15:23:09 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2012.08.20 13:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio) DRV - [2012.08.20 13:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio) DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012.03.01 20:00:24 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2012.03.01 20:00:24 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB) DRV - [2010.10.09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator) DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev) DRV - [2010.03.09 11:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService) DRV - [2010.03.02 13:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV - [2010.03.02 13:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV - [2010.03.02 13:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter) DRV - [2010.02.04 11:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap) DRV - [2010.01.19 15:10:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/06/04 09:59:23] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD}) DRV - [2009.10.26 15:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32) DRV - [2009.10.26 15:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb) DRV - [2009.09.22 14:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2009.08.05 20:37:04 | 000,039,112 | ---- | M] (GBM Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GRemoteJoy.sys -- (GRemoteJoy) DRV - [2009.08.05 20:37:04 | 000,023,368 | ---- | M] (GBM Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GRemoteBus.sys -- (GRemoteBus) DRV - [2009.06.17 09:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt) DRV - [2009.06.17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt) DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid) DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103) DRV - [2008.12.12 14:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice) DRV - [2008.12.12 14:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice) DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=hp&babsrc=lnkry_nt IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{615AC341-BABA-4E1B-BC5A-549E9BC45EB9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultthis.engineName: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=hp&babsrc=lnkry" FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0 FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems) FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.22 18:28:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 21:37:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 21:37:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 21:37:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 21:37:50 | 000,000,000 | ---D | M] [2011.01.08 21:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2012.12.30 21:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions [2012.12.30 21:52:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.09.02 19:59:54 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions\battlefieldheroespatcher@ea.com [2011.03.26 11:42:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions\engine@conduit.com [2012.12.12 15:16:53 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.11.06 14:52:43 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2011.03.17 15:37:00 | 000,000,873 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\searchplugins\conduit.xml [2011.11.13 01:31:04 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\searchplugins\sweetim.xml [2012.10.22 16:42:13 | 000,002,455 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\searchplugins\Web Search.xml [2012.12.06 21:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.12.06 21:37:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.12.22 18:28:43 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX [2012.12.06 21:37:54 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.21 12:06:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.31 14:23:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.21 12:06:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.21 12:06:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.21 12:06:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.21 12:06:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe () O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O13 - gopher Prefix: missing O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BFA5C9D-5DE7-45E6-9B41-61CB6291BB4C}: DhcpNameServer = 10.0.0.138 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{0202d57f-4e6c-11e1-aedc-6c626d500048}\Shell - "" = AutoRun O33 - MountPoints2\{0202d57f-4e6c-11e1-aedc-6c626d500048}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{15860db1-24b2-11e0-9bfa-6c626d500048}\Shell - "" = AutoRun O33 - MountPoints2\{15860db1-24b2-11e0-9bfa-6c626d500048}\Shell\AutoRun\command - "" = H:\autorun.exe O33 - MountPoints2\{15ed90ff-fc1c-11e1-a56c-6c626d500048}\Shell - "" = AutoRun O33 - MountPoints2\{15ed90ff-fc1c-11e1-a56c-6c626d500048}\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe O33 - MountPoints2\{16e872aa-4f17-11e1-9c1a-6c626d500048}\Shell - "" = AutoRun O33 - MountPoints2\{16e872aa-4f17-11e1-9c1a-6c626d500048}\Shell\AutoRun\command - "" = G:\Autorun.exe O33 - MountPoints2\{5c951d64-57ec-11e1-ae51-6c626d500048}\Shell - "" = AutoRun O33 - MountPoints2\{5c951d64-57ec-11e1-ae51-6c626d500048}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{f85f3c70-60ba-11e1-ae47-6c626d500048}\Shell - "" = AutoRun O33 - MountPoints2\{f85f3c70-60ba-11e1-ae47-6c626d500048}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.04 15:41:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.04 15:40:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2012.12.29 13:02:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{1CFA8D0B-13FF-4FF7-AC44-993746136380} [2012.12.29 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs [2012.12.27 22:57:45 | 282,427,301 | ---- | C] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\*****\Desktop\UBCD4WinV360[1].exe [2012.12.27 22:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\burnatonce [2012.12.27 22:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\burnatonce [2012.12.27 22:32:44 | 282,427,301 | ---- | C] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\*****\Desktop\UBCD4WinV360.exe [2012.12.25 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AVG [2012.12.25 12:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG [2012.12.25 12:18:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F} [2012.12.25 12:18:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2012.12.25 12:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.25 12:17:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.25 12:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.12.25 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.25 00:24:27 | 010,559,672 | ---- | C] (McAfee Inc.) -- C:\Users\*****\stinger.exe [2012.12.24 23:39:49 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.24 23:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\stinger [2012.12.24 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AVG2013 [2012.12.24 21:53:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TuneUp Software [2012.12.24 21:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.24 21:52:15 | 000,000,000 | -H-D | C] -- C:\$AVG [2012.12.24 21:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013 [2012.12.24 21:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG [2012.12.24 21:50:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files [2012.12.24 21:50:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\MFAData [2012.12.24 21:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2012.12.24 21:50:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Avg2013 [2012.12.24 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\GBM Software [2012.12.24 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Splashtop [2012.12.24 20:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop [2012.12.24 20:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote [2012.12.24 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Splashtop [2012.12.24 20:44:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AB7CBD6B-0741-4997-8430-950DB17CC940} [2012.12.24 20:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\vmote [2012.12.24 20:18:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Geckofx [2012.12.24 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Firefly Studios [2012.12.24 20:18:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Stronghold Kingdoms [2012.12.24 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam [2012.12.22 18:46:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.22 18:46:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.12 23:34:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.12.12 23:34:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.12.12 23:34:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.12.12 23:34:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.12.12 23:34:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.12.12 23:34:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.12.12 23:34:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.12.12 23:34:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.12.12 15:09:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.12.12 15:09:18 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe [2012.12.12 15:09:18 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2012.12.12 15:09:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll [2012.12.12 15:09:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll [2012.12.12 15:09:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll [2012.12.12 15:09:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.12.10 18:53:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ [2012.12.10 18:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ [2012.12.10 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\VirtualDJ [2012.12.10 18:52:15 | 042,010,432 | ---- | C] (Microsoft Corporation) -- C:\Users\*****\Desktop\install_virtualdj_home_v7-3.exe [2012.12.07 20:33:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PC_Drivers_Headquarters [2012.12.07 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web [2012.12.07 19:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 7600 Series [2012.12.07 19:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint [2012.12.07 19:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar [2012.12.07 19:32:41 | 000,352,256 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXDWwupd.dll [2012.12.07 19:32:41 | 000,017,064 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXDWwupd.exe [2012.12.07 19:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 7600 Series [2012.12.07 19:32:12 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdwjswr.dll [2012.12.07 19:32:12 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdwinsr.dll [2012.12.07 19:32:12 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdwcur.dll [2012.12.07 19:32:10 | 000,000,000 | ---D | C] -- C:\drivers [2012.12.07 18:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats [2012.12.07 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 7600 Series [2012.12.07 18:34:35 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdwcfg.dll [2012.12.06 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.04 15:41:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.01.04 15:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.01.04 15:30:14 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 15:30:14 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.04 15:23:02 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2013.01.04 15:23:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.04 15:22:59 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2013.01.03 20:03:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.03 15:01:57 | 000,001,021 | ---- | M] () -- C:\Users\*****\Desktop\Dropbox.lnk [2012.12.29 12:41:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.28 14:36:29 | 003,845,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.27 23:00:22 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\*****\Desktop\UBCD4WinV360[1].exe [2012.12.27 22:56:46 | 000,000,989 | ---- | M] () -- C:\Users\*****\Desktop\burnatonce.lnk [2012.12.27 22:35:26 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows ) -- C:\Users\*****\Desktop\UBCD4WinV360.exe [2012.12.26 18:30:20 | 000,002,671 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Excel 2010.lnk [2012.12.26 18:30:20 | 000,002,665 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Word 2010.lnk [2012.12.25 00:24:26 | 010,559,672 | ---- | M] (McAfee Inc.) -- C:\Users\*****\stinger.exe [2012.12.24 23:53:03 | 000,000,031 | RH-- | M] () -- C:\Users\*****\stinger.opt [2012.12.24 23:39:49 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys [2012.12.24 21:53:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.24 21:02:31 | 000,762,384 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.12.24 21:02:31 | 000,717,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.12.24 21:02:31 | 000,172,512 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.12.24 21:02:31 | 000,145,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.12.24 20:28:24 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.24 13:39:53 | 000,139,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2012.12.24 13:39:45 | 000,281,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr [2012.12.24 13:39:19 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0 [2012.12.22 18:41:37 | 020,062,208 | ---- | M] () -- C:\Users\*****\OBJECTS.DATA [2012.12.22 18:41:37 | 005,079,040 | ---- | M] () -- C:\Users\*****\INDEX.BTR [2012.12.22 18:41:37 | 000,064,848 | ---- | M] () -- C:\Users\*****\MAPPING3.MAP [2012.12.22 18:31:37 | 000,064,852 | ---- | M] () -- C:\Users\*****\MAPPING2.MAP [2012.12.22 18:28:44 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2012.12.22 18:21:37 | 000,064,848 | ---- | M] () -- C:\Users\*****\MAPPING1.MAP [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.12.13 15:19:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.12.13 15:19:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.12.10 18:53:53 | 000,001,004 | ---- | M] () -- C:\Users\*****\Desktop\VirtualDJ Home FREE.lnk [2012.12.10 18:52:39 | 042,010,432 | ---- | M] (Microsoft Corporation) -- C:\Users\*****\Desktop\install_virtualdj_home_v7-3.exe [2012.12.07 20:51:18 | 000,097,659 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf [2012.12.07 19:30:12 | 000,000,382 | ---- | M] () -- C:\Users\Public\Desktop\Complete Installation of Lexmark 7600 Series.LNK [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 22:56:46 | 000,000,989 | ---- | C] () -- C:\Users\*****\Desktop\burnatonce.lnk [2012.12.26 18:30:20 | 000,002,671 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Excel 2010.lnk [2012.12.26 18:30:20 | 000,002,665 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Word 2010.lnk [2012.12.25 12:17:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.24 23:53:03 | 000,000,031 | RH-- | C] () -- C:\Users\*****\stinger.opt [2012.12.24 21:53:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2012.12.24 20:28:24 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2012.12.10 18:53:53 | 000,001,004 | ---- | C] () -- C:\Users\*****\Desktop\VirtualDJ Home FREE.lnk [2012.12.07 19:32:35 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDWhcp.dll [2012.12.07 19:32:35 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDWinst.dll [2012.12.07 19:32:13 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdwcoin.dll [2012.12.07 19:30:12 | 000,000,382 | ---- | C] () -- C:\Users\Public\Desktop\Complete Installation of Lexmark 7600 Series.LNK [2012.12.07 18:36:43 | 000,097,659 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf [2012.12.07 18:35:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdwgrd.dll [2012.12.07 18:35:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdwvs.dll [2012.12.07 18:35:37 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdwserv.dll [2012.12.07 18:35:37 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdwpmui.dll [2012.12.07 18:35:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdwlmpm.dll [2012.12.07 18:35:32 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomm.dll [2012.12.07 18:35:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdwinpa.dll [2012.12.07 18:35:31 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomc.dll [2012.12.07 18:35:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdwiesc.dll [2012.12.07 18:35:30 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdwusb1.dll [2012.12.07 18:35:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdwhbn3.dll [2012.12.07 18:34:35 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdwdrs.dll [2012.12.07 18:34:35 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdwcaps.dll [2012.12.07 18:34:35 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdwcnv4.dll [2012.12.02 19:30:31 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.09.06 19:23:34 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe [2012.09.06 19:23:34 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys [2012.09.06 19:23:34 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys [2012.09.05 15:39:00 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI [2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll [2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat [2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat [2012.03.31 03:05:47 | 000,000,868 | ---- | C] () -- C:\Windows\System32\SP7302.INI [2012.03.01 20:00:24 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys [2012.03.01 20:00:24 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys [2012.01.18 18:07:23 | 000,138,056 | ---- | C] () -- C:\Users\*****\AppData\Roaming\PnkBstrK.sys [2011.11.12 11:26:57 | 000,000,400 | ---- | C] () -- C:\Windows\g_pjspur712.ini [2011.11.12 11:26:57 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bjvtwin167.dat [2011.10.26 12:40:12 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe [2011.08.31 21:19:20 | 000,007,607 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg [2011.06.04 13:27:16 | 000,019,456 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.03.21 12:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll [2011.01.20 21:40:04 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.01.20 21:39:58 | 000,139,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.01.20 21:39:51 | 000,281,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.01.12 20:13:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.12 18:27:42 | 000,175,104 | ---- | C] () -- C:\Users\*****\AppData\Roaming\*****3SQLite3.dll [2009.07.14 03:03:41 | 020,062,208 | ---- | C] () -- C:\Users\*****\OBJECTS.DATA [2009.07.14 03:03:41 | 005,079,040 | ---- | C] () -- C:\Users\*****\INDEX.BTR [2009.07.14 03:03:41 | 000,064,852 | ---- | C] () -- C:\Users\*****\MAPPING2.MAP [2009.07.14 03:03:41 | 000,064,848 | ---- | C] () -- C:\Users\*****\MAPPING3.MAP [2009.07.14 03:03:41 | 000,064,848 | ---- | C] () -- C:\Users\*****\MAPPING1.MAP [2006.07.18 04:55:28 | 000,037,329 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\*****log.dat ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > |
04.01.2013, 16:00 | #7 |
| PC langsam nach österreichischem Bundespolizei-Virus Extra.txt:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.01.2013 15:43:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,60% Memory free 5,98 Gb Paging File | 4,03 Gb Available in Paging File | 67,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 900,41 Gb Total Space | 273,24 Gb Free Space | 30,35% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.) Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03E18075-4E50-44F2-BABD-DC1BE2DCA444}" = lport=139 | protocol=6 | dir=in | app=system | "{0A15A311-0FD6-45CC-AE22-48E9A6883E36}" = rport=138 | protocol=17 | dir=out | app=system | "{11DB207D-94D6-45D1-BB0E-71963C474BDC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{1F4B813A-7972-4FC1-9CF7-117E1ACB694C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2276DBF3-357E-4701-97E7-E6954813B56A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{2B199794-BD2A-4F97-8417-9E96DF15C12A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | "{438C20CA-79A0-442F-BB16-A983B65C3A7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{4CAE1D7A-3ACF-47A1-B5F2-1928347B70B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{636FC6DB-BF2F-44D0-8F1C-3F930C91D428}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{79748EA2-86B3-4312-90C0-C787DBE62BC1}" = lport=138 | protocol=17 | dir=in | app=system | "{7D9BB002-08D4-4596-8CE9-7444851CF975}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | "{82E5F7C3-4664-4E36-9DF4-A5807461EDE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{880BF78B-925A-42A7-B929-0A2BE8020D66}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{88DDDFE0-9694-4B9C-AED5-1339235E299F}" = lport=2869 | protocol=6 | dir=in | app=system | "{92CE3FFC-3B71-4CD7-AA45-B336AA2C5A44}" = lport=137 | protocol=17 | dir=in | app=system | "{94085EFD-DBAA-4D62-BDDB-5A0BB313FA7E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{968FB743-01C9-45C8-A929-ED77F20A1F9C}" = rport=445 | protocol=6 | dir=out | app=system | "{A56715DE-06D9-4DD9-BF9B-C2B803096AE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{A82CA52C-51C6-4CDB-87E8-C114CB9DB38A}" = rport=137 | protocol=17 | dir=out | app=system | "{BA9A915D-ED3E-4ECC-95CD-1795BEFE1DF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{BE3492BE-B988-402A-A95F-51A3324E1106}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{C00E1383-9CFA-46D5-820F-EE13412629FE}" = lport=445 | protocol=6 | dir=in | app=system | "{CA3BCFE9-1224-436D-BC0D-0292FAF0BDB3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | "{CD246ECD-5412-4A0D-9FBD-34479CFB9C4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E5922B95-3C32-416A-B9ED-B447946F7B8E}" = rport=139 | protocol=6 | dir=out | app=system | "{E670917F-2DE7-4BCD-85BA-0120F09E7615}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{EB10304D-1455-40F9-82CC-341C71B15A79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{FA983F90-8B3E-438D-BB36-5596B8AFF973}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{06F64912-C5D8-47F1-91E8-BB0B96B35272}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{0860E0FA-5E89-43F6-BF84-47EF804C0941}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{090FFB51-7449-4E65-83B9-5019ECDA9FA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{0BB4AE7F-FFE8-461D-BD4A-9AD2A4298464}" = protocol=6 | dir=in | app=c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe | "{0E8B83A8-9878-452B-AB40-E870729D27A1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | "{0EF81B80-A833-4256-9B99-09C1956B95B2}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwtime.exe | "{13132FFE-E929-4DDA-B653-8731DFE111BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | "{144D3336-EB9F-43E2-BE75-212581A0F432}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | "{14C06EE7-4C82-4C0B-AA14-A551A9CD8007}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{15C6BEB4-3FC1-4195-98AF-7202C8EF8C1D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{16FB719C-2966-4E1E-9DBB-560CB2E6D672}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{179472DB-052E-4FA4-876C-0EB70444E50F}" = protocol=6 | dir=in | app=c:\users\*****\downloads\sweetimsetup.exe | "{233D0DA9-7458-407F-B294-5EDB43918556}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | "{242A4988-3B7A-44E7-A5FE-7E8660514E96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{29A5B2F9-4BA9-4F16-8781-5253DE35E77A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{2C86A81C-7741-4242-A536-8F5C836469F6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | "{30A656D5-7B29-4335-ADF7-584CDE851C02}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{327D99EC-8F28-43C5-BA98-AB434803CE88}" = protocol=6 | dir=in | app=c:\program files\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{328AEA4E-7FED-4BEB-BC46-FD4C268A0849}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | "{33DFF1E5-BC41-42EF-A1DD-502AA053E50B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{3483A662-0B69-43B5-90CC-34F6A7E620FA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{37C6E38A-6846-4104-936B-DBDA80B5DDDC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | "{3C7A7567-4022-44FD-9A94-698C3FDF0EDE}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe | "{3D2D4C3C-7475-46D9-8A47-83C39CDAA1F3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe | "{3D8CD67F-2F15-4ECD-AA17-FB8125F102B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{413BB3C3-3BC6-48B2-8AC7-F62F93FBAD60}" = dir=in | app=c:\windows\system32\lxdwcoms.exe | "{428D82DD-C1C1-4575-9991-B657ABA967A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{42C08945-2BDA-4F86-B97A-146035214A86}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | "{43329554-8331-4C0A-846E-99AE048DFF79}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | "{44D8F8D1-6308-43F7-B0B3-3B6C7E3A1950}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{44E859EE-980B-477D-9984-E17186933B3E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{47A62926-97A9-474F-8980-27E3CBB4E2C3}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | "{4AC70205-E353-4320-9D86-1AAD38EFA90B}" = protocol=6 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe | "{4E8C1ED8-48C0-481C-91FF-57620A35F82E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{50EEC9AE-374D-4C77-9384-ED1AC627704E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{5681FFF5-46A9-43E7-A473-2E775F8E9319}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{5DB9E7FE-0A55-4672-821B-2EFBCFBA8795}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{5FA77C84-CBF8-4869-B903-FC56438980F2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{6138002C-5A25-451E-9404-995BBB6240EE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{615A2523-D191-46CC-8661-F744ABD10ABA}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{67091BF9-E681-44AB-98CE-C60D07180DF3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{6D040C50-EEBE-49A4-A6E0-D408EC39C026}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | "{6EC26C93-7F5D-4B2E-9AE8-4434D8850F6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{6F9DDB19-C9D1-494F-8230-0FFD1E945DA0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{6FEFC024-64A5-465F-A18E-B56F8ABD66D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{7ABF3443-CB88-402B-B6B0-0B0A826A86B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | "{7D5EC715-7DFE-4F41-BB68-EDDB16F2CC6F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{832C4FA9-C62B-4CBC-867A-303B9DCEFE1F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{84A2104B-3CCF-4CED-9FF2-9FC8F28C910E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | "{89C137AB-D9C3-434D-850B-6663B7FCE490}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{89C63AD4-7C52-4E45-9B38-7D17DB416E18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | "{8B124AD7-D1E2-4105-BFC9-D6E786BEBBC7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{8B7346FE-CB43-40C4-835B-2F77F61FA77F}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | "{8C5F72EB-45E6-4DB1-B83D-7C964F1C9A7F}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | "{8EA65F17-95BB-4BC6-BA58-89D9F4793325}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{8F33C93A-DAF3-4BB3-9BA1-D35FE714F1CA}" = protocol=17 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe | "{8F82F0BA-7EBF-40CD-B31D-BC23316324BE}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | "{95931E48-804C-4BBD-8DF0-75562992DA9E}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | "{95B97314-FB8B-4A2D-9854-71D9ED2EB27C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | "{96D44FB3-D13B-43B0-878D-C2A7EAC022FB}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe | "{96FA3003-3E44-4C53-80FC-671391A88673}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{981F419A-2527-421C-88AE-A0ABB5F42322}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | "{9C99DEEE-364D-4D12-B495-4C84C8DB26F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{9D5AED2C-56DC-4AFF-B3B3-36B9032A3B4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{A0F5CC20-6B3D-4656-A635-7201ED581A53}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | "{A12D8258-B70B-493F-902C-EBC1730EA559}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "{A5D5CC1A-223F-4D6B-BA61-3D230E6A25C1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{A8BE6C1C-CBF2-4D39-BAD7-D01BE67436BD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | "{AC94C341-8A49-4B93-9F70-BFEDBFECF2DB}" = protocol=17 | dir=in | app=c:\users\*****\downloads\sweetimsetup.exe | "{AF17C59A-540E-42AE-B3BB-4EE2C0D9D9BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "{B2A79C0E-FD57-4F67-815D-4108F20518EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{B67DD559-58F9-4824-AF6B-B7AA0148D452}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | "{BDC48D99-B8F2-4FA6-922D-3DDFBF8D329F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | "{BE79C8AC-51E3-4BA9-B8B0-8D528E042625}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{BED3EF00-1013-4FD4-9F70-287B1929299B}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | "{BF96D113-89F9-42B1-B74A-07D51864D235}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | "{C0282488-DCBA-4B45-A133-1B6C2A840655}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{C4C08756-1BF9-4FD1-A498-6911A1DFBA1E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{CBA00D93-65F4-462D-938A-9045AA21AD01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | "{D52D6208-124F-47AE-B2D0-891F125A5241}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | "{D7D1B70E-DC3D-460A-A0C3-F88B00921A3B}" = protocol=17 | dir=in | app=c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe | "{D99EAC46-E915-42C6-BB35-134409562837}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | "{D9D2B0C5-1478-4B2B-885C-AF1F81EA703D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | "{D9DD5462-8040-4B1B-8C39-7A389573C917}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "{DB4E0714-FB99-4E16-BC2B-232BB74AE6A9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | "{E084B143-5418-4470-B1BF-513350CBB1AF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "{E089C357-819E-458F-AE10-5195BEDEE476}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe | "{E0BA13D3-8198-4773-B390-3205953F0049}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | "{E31E4308-0879-438C-B970-1FD91EB9B094}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "{EC1F1027-6CB2-4D99-85D5-9A2EDE03FE15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | "{ED80FA16-138E-49F1-B964-BF7B1A012718}" = protocol=17 | dir=in | app=c:\program files\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | "{F077B68A-B939-4553-9C62-900C0195F947}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | "{F88FFF40-025F-46D3-8E8E-E2F418011B8A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe | "{F9A0F6B3-B21C-41A1-99E4-A922F841CEDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | "{FACE758A-A571-47BF-AFD0-239862E47C13}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{FAFDC45C-74D8-43EE-9D6B-EF4B53A7EFC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{FBF81A48-E593-4B36-90C2-2C5ED3C2FB14}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | "{FFE7433B-A489-4D36-9E72-040048D6D95C}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | "TCP Query User{00A5CD65-5C84-454D-938E-F3DAEE9F9D44}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "TCP Query User{09948CC5-5069-41A9-BCC9-7DA0A60DEA40}C:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "TCP Query User{11DFDFB2-3F59-4E89-8F84-5D374BC38DE0}C:\program files\origin games\deadspace\dead space.exe" = protocol=6 | dir=in | app=c:\program files\origin games\deadspace\dead space.exe | "TCP Query User{1FB0A606-73B1-44E3-B47E-52274C548B17}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | "TCP Query User{28E13115-E051-42F5-B0E1-987B4BF357B0}C:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "TCP Query User{2D3C563B-3222-4BCD-A0F7-2172AD889987}C:\program files\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\backgrounddownloader.exe | "TCP Query User{2E1F84AF-5EB2-4D7D-B51F-38BF2E3CD9DA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "TCP Query User{2EBEE5DF-DDD4-4C46-9B7C-42A7AD0FEC9A}C:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe | "TCP Query User{30816FE3-5167-4E66-A2A4-93A97A93F2C9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "TCP Query User{411540A0-E16D-4BF9-885C-261EC877FAB6}C:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe | "TCP Query User{58FC9FD9-622D-48EA-900F-8A1BA6042AC9}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "TCP Query User{5E90FDE0-8764-471B-81E8-ED2B85F4B0B3}C:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe | "TCP Query User{641AE6E8-6FEA-4B2B-AD7D-9D5836FB0502}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe | "TCP Query User{687A3B5D-AC3C-46A7-AC82-2B464DDBA5D1}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | "TCP Query User{6A6AD719-85DF-45C9-A8C0-7021ECC89850}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "TCP Query User{6B7343E3-BA87-4943-89FD-5A5D2F96C5AD}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "TCP Query User{77D2924C-17BD-4C6E-82BD-E59E4945775C}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | "TCP Query User{8070B404-0FE8-47E1-8B6B-BABE040EF471}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "TCP Query User{86C42DCE-9585-4627-B31A-295D488AA427}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "TCP Query User{89939F4C-1C31-4F6F-8EC7-B44964A008DE}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | "TCP Query User{8E1BD740-1821-41E3-8802-B99749104FE0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "TCP Query User{98EBB641-6089-45D3-A2A8-301BA3D3B09A}C:\program files\gbm\gremote pro\gremoteserver.exe" = protocol=6 | dir=in | app=c:\program files\gbm\gremote pro\gremoteserver.exe | "TCP Query User{AC87A77C-6A02-45EB-98A1-7F3498A1F247}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "TCP Query User{B091C26A-BADC-490F-AEB5-C36381BABE82}C:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | "TCP Query User{B6E54B23-6C7F-4FB2-8E94-19ED6738963F}C:\users\*****\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-setup-dede.exe | "TCP Query User{C02C7023-D2E3-4847-A5B9-3BB9D168B110}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | "TCP Query User{C0BAFE4F-C269-4566-AD5F-65ECE92BD53D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "TCP Query User{C778AFB5-4355-4C70-B65E-E73C969CA958}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "TCP Query User{CEA4CE51-4182-4704-80BA-69D48372725F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "TCP Query User{D15C8494-ED35-4DA2-9331-7E6F07534155}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe | "TCP Query User{DABF3635-32B7-41D2-A9F7-B985551F5031}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | "TCP Query User{DD1EA450-D511-46DE-8935-CD85CB9AAD83}C:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | "TCP Query User{DF860D8D-6FC2-44E0-BE9B-DE1F0982B68C}C:\users\*****\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de.exe | "TCP Query User{F7F69FBA-289E-4284-A500-4FF931513A31}C:\program files\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | "UDP Query User{0C7CB37E-D5D7-46C3-AC4C-2029F533CBB2}C:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | "UDP Query User{189A8A92-8240-4A57-B1A3-1840511A1780}C:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe | "UDP Query User{1A03A0F9-2F77-401D-BBED-DED13E495A19}C:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe | "UDP Query User{1A9C3FBA-8816-49B6-A5A3-38CDE981809E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | "UDP Query User{1B5AFB31-E3DE-47D3-8E39-0D93CB5A22EB}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | "UDP Query User{259203DD-ACA7-4198-9E4D-43B052679799}C:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe | "UDP Query User{2DAD0E3C-9117-418F-A3F9-14F212A36FE0}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | "UDP Query User{33F2B3E1-FE8E-4ADF-8CE5-A11553DC509C}C:\users\*****\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-setup-dede.exe | "UDP Query User{3DAD60A2-9539-4160-8EC1-C72061141660}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | "UDP Query User{42BBB857-4380-43DE-A1C0-024C3FDE4FAB}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | "UDP Query User{4AB2988D-B258-43C9-BAF9-FE0F9F318DBC}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | "UDP Query User{5C49DEB6-83F6-44D3-A1DA-D2A4A7302658}C:\program files\gbm\gremote pro\gremoteserver.exe" = protocol=17 | dir=in | app=c:\program files\gbm\gremote pro\gremoteserver.exe | "UDP Query User{66CB9F93-615B-4054-89CD-F9866E1477ED}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | "UDP Query User{6C568BAC-AAE9-4097-ADDA-6340951EC9F3}C:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | "UDP Query User{6F5E8764-ADE5-4866-B9EB-3410A2A7732D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | "UDP Query User{7BA500AF-274B-4D12-AE89-78A8DBA79EF3}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe | "UDP Query User{7CF5372F-7CCD-42F1-B4B3-A100C89D8F43}C:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | "UDP Query User{831522A7-29C5-46BE-B0B7-2750D23BE4D6}C:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | "UDP Query User{8DDE049E-A80D-4245-91D2-0957DD6C4665}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | "UDP Query User{915AFFC7-0612-4A54-A934-167F65FE4B52}C:\users\*****\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de.exe | "UDP Query User{958326AC-6414-49B6-8244-74FBA7ED92C5}C:\program files\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\backgrounddownloader.exe | "UDP Query User{9CABAD27-EE9B-4EE9-8DEA-9CC98F104853}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | "UDP Query User{9D371FA9-39CB-4AC9-AF27-9AB10ACCE579}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | "UDP Query User{A524F2F9-9D2D-4262-B085-71474E6ECDC8}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | "UDP Query User{A772B5A5-12EB-4BD7-9802-E8BA803A3B8E}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe | "UDP Query User{B3342F92-AF24-4A98-B7D2-21BEB945DEBB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | "UDP Query User{C51DB7CE-6AB3-4FFA-9463-4388B50D6B81}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | "UDP Query User{C72992E7-6BD8-485D-945F-017C3A878D06}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | "UDP Query User{C94DA467-FAB3-4936-A26D-30E942B357B0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | "UDP Query User{D2FA3595-3D10-4F3D-9C19-36E1F528DDC6}C:\program files\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | "UDP Query User{E90C1C58-873E-461C-89D0-5E57B24C54F9}C:\program files\origin games\deadspace\dead space.exe" = protocol=17 | dir=in | app=c:\program files\origin games\deadspace\dead space.exe | "UDP Query User{EB4A9FAA-A29E-41EC-89D7-3C3FEDAE39C0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | "UDP Query User{F60A509F-CE4C-4907-B653-174C6CCDF5DE}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | "UDP Query User{FD94B862-73A1-43D1-999D-D70027F58965}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi "{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11 "{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) "{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11 "{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32 "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86 "{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool "{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11 "{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR "{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU "{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2 "{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common "{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9 "{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek "{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU "{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013 "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver "{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding "{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy "{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files "{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1 "{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser "{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™ "{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12 "{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project "{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders "{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM) "{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU "{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync "{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable "{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types "{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services "{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013 "{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2 "{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools "{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English "{64E87E22-A6E5-4EA4-A14F-089BA2470D1D}" = Solid Edge ST5 "{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update "{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319 "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools "{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime "{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German "{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6 "{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility "{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™ "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar "{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World "{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools "{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center "{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010 "{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010 "{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010 "{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch "{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch "{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU "{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86 "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010 "{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech "{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish "{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3 "{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish "{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch "{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects "{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager "{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9 "{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4 "{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11 "{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides "{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services "{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE "{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11 "{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6 "{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework "{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant "{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack "{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program "{CAB81583-0310-43E1-8E33-0864985EDD67}" = trakAxPC "{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU "{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM) "{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer "{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai "{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark "{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20 "{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM) "{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de "{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding "{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager "{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU "{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 Testversion "{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover "{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de "{EB32EEAE-974F-34A3-80ED-704D509078D2}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU "{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish "{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional "{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files "A1 Dashboard" = A1 Dashboard "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "AVG" = AVG 2013 "Battlelog Web Plugins" = Battlelog Web Plugins "burnatonce_is1" = burnatonce "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "ESN Sonar-0.70.4" = ESN Sonar "Fraps" = Fraps (remove only) "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7 "Free YouTube Download_is1" = Free YouTube Download version 2.10.30 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923 "Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1 "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9 "InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "Lexmark 7600 Series" = Lexmark 7600 Series "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "MatlabR2011a" = MATLAB R2011a "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended "Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft SQL Server 10" = Microsoft SQL Server 2008 "Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 "Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU "Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU "Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU "Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU "Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) "Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU "Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools "Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack "Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "Office14.PROPLUS" = Microsoft Office Professional Plus 2010 "Origin" = Origin "PunkBusterSvc" = PunkBuster Services "Steam App 12910" = Audiosurf Demo "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 212910" = Call of Duty: Black Ops II - Zombies "Steam App 47410" = Stronghold Kingdoms "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 7" = TeamViewer 7 "Uninstall_is1" = Uninstall 1.0.0.1 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "World of Warcraft" = World of Warcraft "World of Warcraft Beta" = World of Warcraft Beta "World of Warcraft Public Test" = World of Warcraft Public Test "X10Hardware" = X10 Hardware(TM) ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "101a9f93b8f0bb6f" = Curse Client "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 03.03.2012 07:38:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 04.03.2012 09:30:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 09.03.2012 14:19:26 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel: 0x4f26de8a Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel: 0x4f26de8a Ausnahmecode: 0xc0000005 Fehleroffset: 0x002a99d3 ID des fehlerhaften Prozesses: 0x15ac Startzeit der fehlerhaften Anwendung: 0x01ccfe178911b8dd Pfad der fehlerhaften Anwendung: C:\Program Files\Origin Games\Battlefield 3\bf3.exe Pfad des fehlerhaften Moduls: C:\Program Files\Origin Games\Battlefield 3\bf3.exe Berichtskennung: 66df80fd-6a14-11e1-982b-6c626d500048 Error - 09.03.2012 15:51:04 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.03.2012 08:27:06 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 11.03.2012 14:18:31 | Computer Name = *****-PC | Source = Windows Backup | ID = 4104 Description = Error - 16.03.2012 13:30:39 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 18.03.2012 15:32:28 | Computer Name = *****-PC | Source = Windows Backup | ID = 4104 Description = Error - 19.03.2012 05:56:27 | Computer Name = *****-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version: 6.1.7600.16385, Zeitstempel: 0x4a5bc100 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel: 0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x00000000 ID des fehlerhaften Prozesses: 0x3f8 Startzeit der fehlerhaften Anwendung: 0x01cd05b682c1b636 Pfad der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe Pfad des fehlerhaften Moduls: unknown Berichtskennung: cb0e0993-71a9-11e1-aa20-6c626d500048 Error - 19.03.2012 07:33:32 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe". Die abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ Media Center Events ] Error - 30.08.2012 09:20:02 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 15:20:02 - Fehler beim Herstellen der Internetverbindung. 15:20:02 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 09:20:14 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 15:20:08 - Fehler beim Herstellen der Internetverbindung. 15:20:08 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 10:20:20 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 16:20:20 - Fehler beim Herstellen der Internetverbindung. 16:20:20 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 10:20:30 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 16:20:25 - Fehler beim Herstellen der Internetverbindung. 16:20:25 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 11:20:35 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 17:20:35 - Fehler beim Herstellen der Internetverbindung. 17:20:35 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 11:20:43 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 17:20:40 - Fehler beim Herstellen der Internetverbindung. 17:20:40 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 12:20:48 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 18:20:48 - Fehler beim Herstellen der Internetverbindung. 18:20:48 - Serververbindung konnte nicht hergestellt werden.. Error - 30.08.2012 12:20:56 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 18:20:53 - Fehler beim Herstellen der Internetverbindung. 18:20:53 - Serververbindung konnte nicht hergestellt werden.. Error - 07.10.2012 05:57:24 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 11:57:24 - Fehler beim Herstellen der Internetverbindung. 11:57:24 - Serververbindung konnte nicht hergestellt werden.. Error - 07.10.2012 05:58:05 | Computer Name = *****-PC | Source = MCUpdate | ID = 0 Description = 11:57:29 - Fehler beim Herstellen der Internetverbindung. 11:57:29 - Serververbindung konnte nicht hergestellt werden.. [ System Events ] Error - 04.01.2013 10:47:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:47:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:48:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:48:43 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 04.01.2013 10:48:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:49:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:49:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:50:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 Error - 04.01.2013 10:50:42 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866300 Description = Error - 04.01.2013 10:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem Fehler beendet: %%126 < End of report > |
04.01.2013, 16:46 | #8 | |
/// TB-Ausbilder | PC langsam nach österreichischem Bundespolizei-Virus Das hier Zitat:
Gemäss den Board-Regeln kann ich dir deshalb keinen weiteren Support zur Bereinigung des Rechners geben: Dateien wie Crack.exe, Keygen.exe oder Patch.exe sind oder beinhalten sehr oft gefährliche Schädlinge, mit denen man nicht spassen sollte. Setz die Kiste neu auf, der Bundespolizeitrojaner hat dir einen Systemdienst zerschossen und zusätzlich hattest du dir auch noch einen unschönen Backdoor eingefangen.
__________________ cheers, Leo |
04.01.2013, 19:57 | #9 |
| PC langsam nach österreichischem Bundespolizei-Virus oke O: das hab ich net gewusst. habe den pc nämlich nicht neu gekauft sondern gebraucht von nem bekannten und der sagte ms offic ist auch installiert. -.- wusste ich nicht das das ne illegale version ist :/ und das spiel hab ich noch nie gespielt war wahrscheinlich auch drauf naja schade ): und wenn ich win7 neu installiere muss ich ja ne neue lizenz kaufen oder wie funktioniert das |
04.01.2013, 21:52 | #10 | ||
/// TB-Ausbilder | PC langsam nach österreichischem Bundespolizei-VirusZitat:
Ich würd dir dringend anraten, das System neu aufzusetzen, das ist in keinem guten Zustand. Eine Anleitung dazu hab ich dir oben gegeben. Dann ist es sicher wieder sauber und du bist die Altlasten deines Vorgängers los. Zitat:
__________________ cheers, Leo |
05.01.2013, 01:25 | #11 |
| PC langsam nach österreichischem Bundespolizei-Virus Okey werd ich machen danke Letzte frage: was wenn ich den virus mit zb meiner musik auf das neue system kopiere? wie kann ich das verhindern ? als erstes werd ich sowieso kaspersky securiti und antivir installieren aber kann ja trotzdem sein. |
05.01.2013, 18:02 | #12 | |||
/// TB-Ausbilder | PC langsam nach österreichischem Bundespolizei-VirusZitat:
Zitat:
Zitat:
Keine Programme (z.B. Spiele) auf das neue System zu kopieren versuchen, sondern alles neu installieren. Keine exe-Dateien oder sonstige heruntergeladene ausführbare Dateien mitnehmen (schon gar nicht die Cracks!). Beim neugemachten System aufpassen, dass du dich nicht gleich wieder über einen allfällig verseuchten externen Datenträger infizierst. Ich hänge dir unten eine Anleitung dazu an. Externe Medien nach Infektion und Neuinstallation checken (by Petra) Der wesentliche Trick bei der Desinfizierung der externen Laufwerke und Sticks besteht darin, dass sie richtig angeschlossen werden müssen. Auf ihnen ist (falls infiziert) eine Datei autorun.inf gespeichert, in der ein Befehl steht, der beim Anschluss ausgeführt wird. Der startet normalerweise eine Datei von dem externen Laufwerk. Dieser Autorun-Mechanismus wird unterdrückt, wenn Du beim Anschliessen des Laufwerks die Shift-Taste (auf Deutsch: die Umschalttaste für die Grossbuchstaben) gedrückt hältst. Ich empfehle, das zur Gewohnheit zu machen. Funktioniert auch beim Einlegen von CDs/DVDs und kann dort schon mal die Installation eines Rootkitkopierschutzes verhindern. Autorun lässt sich in Windows auch deaktivieren: Schau mal hier. Dann brauchst Du nicht ans Tastedrücken denken. Jedes externe Laufwerk nacheinander anschliessen (mit Shift). Wenn infiziert gibt es dort im Hauptverzeichnis eine autorun.inf. Ist eventuell versteckt, kann aber mit den Exploreroptionen von hier sichtbar gemacht werden. Die autorun.inf im Editor öffnen. Da steht drin, was ausgeführt werden soll. Diese ausführbare Datei (meist mit den Endungen .vbs oder .exe) auf dem Laufwerk suchen und löschen, danach die autorun.inf ebenfalls löschen. Anleitungen: XP Pro - XP Home - Vista (deutsch) - Vista (english). Anschliessend die externen Medien mit mindestens zwei Online-Scannern aus dieser Anleitung durchchecken lassen.
__________________ cheers, Leo |
07.01.2013, 00:24 | #13 |
/// TB-Ausbilder | PC langsam nach österreichischem Bundespolizei-Virus Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten. Solltest du das Thema erneut brauchen, schick mir bitte eine PM und wir machen hier weiter. Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________ cheers, Leo |
Themen zu PC langsam nach österreichischem Bundespolizei-Virus |
anti-malware, antivirus, auslastung, avg, backdoor.spynet, black, bundespolizei-virus, computer, dienst, exploit.drop.gsa, langsam, malwarebytes, pc langsam, programme, pup.offerbundler.st, quarantäne, ram auslastung, riskware.keygen, scannen, sicherheitscenter, spinnt, starten, steam, trojan.agent.ck, trojan.fakealert, trojan.fakems, trojan.ransom.sugen, windows |