Habe mir den Bundespolizeivirus eingefangen!

Irgendwer200 · 03.02.2013, 20:38

Hallo!

Habe mir den Bundespolizeivirus eingefangen.Habe auch versucht in abgesicherten Modus ihn weg zu bekommen.Leider kommt die meldung da auch mit der BUndespolizei.

Habe danach meine WINdows 7 CD rein gelegt und von win 7 cd aus Rechner gestartet.Bin dann auf Systemwiederherstellung geganegn und mein System wurde zum 03.02.2013 auf 14:00 uhr gesetzt.1 Stunde bevor ich den hatte.
Danach habe ich erst einmal alle meine Datein auf ein externen laufwerk gebracht falls ich formatieren muß.
Jetzt meine Frage?
Ist der Virus jetzt endgültig weg oder immer noch vorhanden.DAs System befidnet sich jetzt bevor ich den virus bekommen habe.

t'john · 03.02.2013, 22:45

1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

2. Schritt

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen

Wähle Scanne Alle Benuzer

Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe

Unter Extra Registrierung, wähle bitte Benutze SafeList

Klicke nun auf Scan links oben

Wenn der Scan beendet wurde werden 2 Logfiles erstellt

Poste die Logfiles hier in den Thread.

Irgendwer200 · 04.02.2013, 12:40

Habe heute deine Schritte mal durchgeführt.Habe mit MAlewarebytes gesannt er hat tasächlich infizierte Dateien gefunden habe einen log erstellen lassen und danach alles was angekreuzt war gelöscht.Dann mußte ich den rechner neu starten.

Hier ist der log von den OTL
Weiß zwar nicht wofür das gut sein soll aber egal.OTL Logfile:
OTL EXTRAS Logfile:

Code:

ATTFilter

OTL logfile created on: 04.02.2013 12:14:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\**********\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,40% Memory free
15,99 Gb Paging File | 13,02 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1431,22 Gb Free Space | 76,83% Space Free | Partition Type: NTFS
 
Computer Name: SPIELE-PC | User Name: *********** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\*********\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Steam\steam.exe (Valve Corporation)
PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
PRC - C:\Users\**********\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation)
PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.)
PRC - C:\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
PRC - C:\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Steam\sdl.dll ()
MOD - C:\Steam\bin\libcef.dll ()
MOD - C:\Steam\bin\avcodec-53.dll ()
MOD - C:\Steam\bin\chromehtml.dll ()
MOD - C:\Steam\bin\avformat-53.dll ()
MOD - C:\Steam\bin\avutil-51.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.3.2\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\SiteSafety.dll ()
MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe ()
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG)
SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe ()
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.)
SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.)
SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam)
SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG)
SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PMBDeviceInfoProvider) -- C:\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH)
DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.)
DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.)
DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.)
DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation                                            )
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (ISODrive) -- C:\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9211280443954483&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9211280443954483&q={searchTerms}
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\URLSearchHook: {113342cd-3031-4ee9-9288-2c58857d3a3d} - No CLSID value found
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes,DefaultScope = {C5245D35-B066-4E3E-AD57-2511ACD52B91}
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=116061&tt=3812_3&babsrc=SP_iclro&mntrId=f034acfb0000000000006cf049e3327a
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={25DA7BE5-D4F3-461C-9CFA-6039058E4738}&mid=241d989cdf9847d0b3eebdb90f07db89-9b97b36ac38cac35341478ecdcf949448eeaf8ff&lang=en&ds=ft011&pr=sa&d=2013-01-14 02:17:28&v=13.3.0.17&sap=dsp&q={searchTerms}
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9211280443954483&q={searchTerms}
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{AEB4FE1B-0410-43DD-9009-AC6790397122}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{C5245D35-B066-4E3E-AD57-2511ACD52B91}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms}
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3201318.browser.search.defaultthis.engineName: true
FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.order.1: "Search Results"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406"
FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2
FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0
FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0
FF - prefs.js..extensions.enabledAddons: %7B3bbd3c14-4c16-4989-8366-95bc9179779d%7D:10.14.42.7
FF - prefs.js..extensions.enabledAddons: %7B78e516ef-11de-47a1-8364-a99b917ec5ee%7D:10.14.42.7
FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.14.42.7
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&CUI=SB_CUI&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.07.31 15:17:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.07.31 15:17:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.17 [2013.01.14 02:17:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.15 23:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.15 23:50:32 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 23:41:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 23:41:04 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2013.01.22 14:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions
[2013.01.28 00:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions
[2013.01.28 00:43:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff}
[2013.01.28 00:43:01 | 000,000,000 | ---D | M] (FLV Runner) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d}
[2013.01.28 00:42:55 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
[2013.01.14 15:28:37 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF}
[2012.07.09 13:12:45 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\plugin@videofiledownload.com
[2012.12.22 12:35:16 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\extensions\artur.dubovoy@gmail.com.xpi
[2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\***********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi
[2012.12.11 20:59:39 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.01.14 11:06:44 | 000,001,064 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml
[2013.01.19 19:57:56 | 000,001,064 | ---- | M] () -- C:\Users\********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\searchplugins\fileconverter-13-customized-web-search.xml
[2013.01.20 18:50:26 | 000,002,687 | ---- | M] () -- C:\Users\********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\searchplugins\Search_Results.xml
[2013.01.22 14:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.01.15 23:50:32 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT
[2013.01.18 23:41:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.14 02:17:45 | 000,003,580 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.09.19 17:34:11 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.08 14:23:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.20 18:50:26 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml
[2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.searchnu.com/406
CHR - default_search_provider:  ()
CHR - default_search_provider: search_url = 
CHR - default_search_provider: suggest_url = 
CHR - homepage: hxxp://www.searchnu.com/406
CHR - Extension: No name found = C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (VideoFileDownload) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - C:\Program Files (x86)\OApps\bho_project.dll File not found
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam)
O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.)
O3:64bit: - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll ()
O3 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll ()
O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net)
O4 - HKLM..\Run: [StartCCC] C:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe (MAGIX AG)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001..\Run: [Akamai NetSession Interface] C:\Users\********\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001..\Run: [DAEMON Tools Lite] C:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001..\Run: [Steam] C:\Steam\steam.exe (Valve Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***********\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68080225-402F-4CA5-A89A-F67FE41544A6}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll ()
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.04 01:46:08 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Malwarebytes
[2013.02.04 01:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.04 01:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.04 01:45:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.04 01:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.04 01:45:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe
[2013.02.03 20:09:57 | 000,000,000 | ---D | C] -- C:\Documents\Egosoft
[2013.02.03 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\{D46D4A9B-0EB5-49CE-A001-5BA88C1E312D}
[2013.01.30 15:49:10 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.30 15:49:10 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.29 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\{A5FA337C-F9AB-4228-AC11-B365676973D4}
[2013.01.28 14:59:39 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\pymeshio-2.6.2
[2013.01.27 21:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery
[2013.01.27 21:07:47 | 000,000,000 | ---D | C] -- C:\Smart Data Recovery
[2013.01.27 20:19:01 | 000,851,880 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysNative\WibuCm64.dll
[2013.01.27 20:19:01 | 000,670,120 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WibuCm32.dll
[2013.01.27 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v5
[2013.01.27 20:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\CodeMeter
[2013.01.27 20:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeMeter
[2013.01.27 20:18:57 | 000,000,000 | ---D | C] -- C:\Recover My Files v5
[2013.01.27 19:27:35 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\{2DD5C23D-FC21-4E88-922B-5F74DE000D7A}
[2013.01.27 18:45:36 | 000,000,000 | ---D | C] -- C:\Documents\MAGIX Downloads
[2013.01.27 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\**********\Desktop\pymeshio-2.7.2
[2013.01.27 01:02:27 | 000,000,000 | ---D | C] -- C:\MikuMikuDAnce
[2013.01.26 18:00:36 | 000,000,000 | ---D | C] -- C:\Documents\Guild Wars 2
[2013.01.23 01:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO
[2013.01.23 01:16:49 | 000,000,000 | ---D | C] -- C:\UltraISO
[2013.01.23 01:16:49 | 000,000,000 | ---D | C] -- C:\Documents\My ISO Files
[2013.01.23 01:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems
[2013.01.23 00:52:19 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\DeepBurner
[2013.01.23 00:27:09 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\XnView
[2013.01.23 00:17:29 | 000,000,000 | ---D | C] -- C:\Documents\PCSX2
[2013.01.23 00:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2013.01.23 00:17:08 | 000,000,000 | ---D | C] -- C:\XnView
[2013.01.23 00:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2
[2013.01.23 00:14:15 | 000,000,000 | ---D | C] -- C:\PS2  Tools
[2013.01.22 13:53:05 | 000,000,000 | R--D | C] -- C:\Documents
[2013.01.22 13:25:49 | 000,000,000 | ---D | C] -- C:\Documents\Naruto Shippuden Karten
[2013.01.22 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Youtube converter
[2013.01.22 12:52:14 | 000,000,000 | ---D | C] -- C:\Phyton (Blender) installation
[2013.01.22 12:46:14 | 000,000,000 | ---D | C] -- C:\Blender Programme
[2013.01.20 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager
[2013.01.20 18:50:15 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\iLivid
[2013.01.20 11:40:28 | 000,000,000 | ---D | C] -- C:\XPS_10.9.3
[2013.01.19 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blender Foundation
[2013.01.19 19:57:30 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll
[2013.01.19 19:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.01.18 23:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.01.17 00:30:04 | 000,000,000 | ---D | C] -- C:\Ino (Blender) dateien
[2013.01.16 19:47:30 | 000,000,000 | ---D | C] -- C:\Blender 2.65
[2013.01.16 16:12:21 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\Logitech
[2013.01.16 16:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech
[2013.01.16 16:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech
[2013.01.16 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech
[2013.01.16 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech
[2013.01.15 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\RealNetworks
[2013.01.15 23:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013.01.15 23:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.01.15 23:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013.01.15 23:50:13 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013.01.15 23:50:04 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013.01.15 23:50:04 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013.01.15 23:50:03 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013.01.15 23:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.01.15 23:28:53 | 000,766,272 | ---- | C] (RealNetworks, Inc.) -- C:\Users\*********\Desktop\RealPlayer16_de.exe
[2013.01.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.4
[2013.01.15 15:10:58 | 000,000,000 | ---D | C] -- C:\Python24
[2013.01.15 15:07:29 | 000,000,000 | ---D | C] -- C:\Blender 2.41
[2013.01.15 03:48:17 | 000,000,000 | ---D | C] -- C:\ogretools
[2013.01.15 03:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013.01.15 03:23:45 | 000,000,000 | ---D | C] -- C:\Blender1
[2013.01.15 03:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.01.15 01:07:08 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Wings3D
[2013.01.14 23:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.5
[2013.01.14 23:30:43 | 000,000,000 | ---D | C] -- C:\Python25
[2013.01.14 23:21:15 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender Foundation
[2013.01.14 23:20:22 | 000,000,000 | ---D | C] -- C:\Blender 2.49
[2013.01.14 21:26:54 | 000,000,000 | ---D | C] -- C:\tmp
[2013.01.14 20:19:53 | 000,000,000 | ---D | C] -- C:\TXD Workshop 4.5
[2013.01.14 19:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2013.01.14 19:30:10 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\AVS4YOU
[2013.01.14 19:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU
[2013.01.14 19:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia
[2013.01.14 19:29:24 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll
[2013.01.14 19:29:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2013.01.14 15:28:56 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly
[2013.01.14 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly
[2013.01.14 14:54:58 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\Akamai
[2013.01.14 13:11:39 | 000,000,000 | ---D | C] -- C:\gmax
[2013.01.14 12:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.2
[2013.01.14 12:22:05 | 000,000,000 | ---D | C] -- C:\Python32
[2013.01.14 11:36:56 | 000,000,000 | ---D | C] -- C:\ZMODELER
[2013.01.14 03:11:03 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\PowerISO
[2013.01.14 02:55:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2013.01.14 02:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor
[2013.01.14 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Programs
[2013.01.14 02:18:26 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\AVG Secure Search
[2013.01.14 02:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2013.01.14 02:17:24 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.01.14 02:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2013.01.14 02:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2013.01.13 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\IsolatedStorage
[2013.01.13 18:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage
[2013.01.13 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\_
[2013.01.12 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\PhotoModeler
[2013.01.12 15:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoModeler
[2013.01.12 15:00:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PhotoModeler
[2013.01.12 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\fltk.org
[2013.01.12 14:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org
[2013.01.11 02:23:29 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\*********\Desktop\install_flash_player.exe
[2013.01.11 01:38:19 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Blender Foundation
[2013.01.11 00:41:30 | 000,000,000 | ---D | C] -- C:\XPS_10.8.7b
[2013.01.11 00:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA
[2013.01.10 23:47:29 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Apps
[2013.01.10 23:47:28 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Deployment
[2013.01.10 01:23:44 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{DE0A1E74-B43E-4213-970F-FB18241AA94C}
[2013.01.09 10:31:46 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 10:31:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 10:31:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 10:31:22 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 10:31:13 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 10:31:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 10:31:13 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 10:31:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 10:31:13 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 10:31:13 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 10:31:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 10:31:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 10:31:13 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 10:31:13 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 10:31:13 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 10:31:13 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 10:31:13 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 10:31:13 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 10:31:13 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 10:31:13 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 10:31:13 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 10:31:13 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 10:31:13 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 10:31:13 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 10:31:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 10:31:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 10:31:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 10:31:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 10:31:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 10:31:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 10:31:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 10:31:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 10:30:50 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 10:30:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 10:30:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 10:30:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 10:30:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 10:30:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 10:30:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 10:30:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 10:30:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 10:30:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 10:30:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 10:30:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 10:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 10:30:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 10:30:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 10:30:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 10:30:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 10:30:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 10:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 10:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 10:30:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 10:30:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 10:30:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.08 14:49:37 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{B58A2DE6-CF34-4DE8-A2C2-169A33D1F3B7}
[2013.01.07 15:40:46 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{00F1B43D-44B2-4259-8DAF-AF2D60013704}
[2013.01.06 10:41:39 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{5A5A51F0-5B58-49CF-9134-03B17B53F65F}
[2013.01.05 22:28:10 | 000,000,000 | ---D | C] -- C:\Free Video to JPG Converter
[2013.01.05 22:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2013.01.05 22:08:17 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\{242581DA-9340-40E5-BE16-62A2846F1375}
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.04 12:16:40 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 12:16:40 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.04 12:14:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.04 12:09:26 | 000,001,960 | ---- | M] () -- C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510d series.lnk
[2013.02.04 12:09:10 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock
[2013.02.04 12:09:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.04 12:08:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.04 12:08:47 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.04 12:01:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job
[2013.02.04 01:46:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.04 01:45:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe
[2013.02.03 21:34:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.03 21:34:00 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.03 21:34:00 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.03 21:34:00 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.03 21:34:00 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.03 18:03:49 | 1864,160,626 | ---- | M] () -- C:\Documents\Documents.rar
[2013.02.03 17:37:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\slpcsrj.pad
[2013.02.03 15:56:01 | 000,003,272 | ---- | M] () -- C:\ProgramData\slpcsrj.js
[2013.02.03 15:56:01 | 000,000,153 | ---- | M] () -- C:\ProgramData\slpcsrj.reg
[2013.02.03 15:56:01 | 000,000,082 | ---- | M] () -- C:\ProgramData\slpcsrj.bat
[2013.02.02 20:23:17 | 000,015,126 | ---- | M] () -- C:\Documents\Yugioh Typen decks.odt
[2013.01.30 15:49:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.01.30 15:49:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.01.27 22:10:21 | 000,022,848 | ---- | M] () -- C:\Documents\WM Qualifikation 2014.ods
[2013.01.27 21:07:48 | 000,001,495 | ---- | M] () -- C:\Users\**********\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
[2013.01.27 21:07:48 | 000,000,728 | ---- | M] () -- C:\Users\**********\Desktop\Smart Data Recovery.lnk
[2013.01.27 20:19:01 | 000,000,713 | ---- | M] () -- C:\Users\**********\Desktop\Recover My Files v5.lnk
[2013.01.23 01:16:50 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.01.23 01:04:38 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib
[2013.01.23 00:27:21 | 000,000,558 | ---- | M] () -- C:\Users\**********\Desktop\XnView.lnk
[2013.01.23 00:15:55 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 1.0.0 (r5350).lnk
[2013.01.20 18:51:03 | 000,001,257 | ---- | M] () -- C:\Users\**********\Desktop\Play Free Games.lnk
[2013.01.20 18:51:03 | 000,001,052 | ---- | M] () -- C:\Users\**********\Desktop\iLivid.lnk
[2013.01.19 20:25:26 | 000,002,108 | ---- | M] () -- C:\Users\**********\Desktop\Blender.lnk
[2013.01.16 19:47:54 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk
[2013.01.16 16:12:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2013.01.16 16:12:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2013.01.15 23:50:40 | 000,001,358 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.01.15 23:50:13 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll
[2013.01.15 23:50:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll
[2013.01.15 23:50:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll
[2013.01.15 23:50:03 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013.01.15 23:28:54 | 000,766,272 | ---- | M] (RealNetworks, Inc.) -- C:\Users\*********\Desktop\RealPlayer16_de.exe
[2013.01.14 18:51:07 | 734,717,352 | ---- | M] () -- C:\Users\*********\Desktop\Autodesk_3ds_Max_2010_English_WIN_32_Trial.exe
[2013.01.14 02:15:46 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.01.12 15:01:33 | 000,003,120 | ---- | M] () -- C:\Windows\swkalpmlic.lf
[2013.01.10 10:13:24 | 000,323,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.05 22:28:16 | 000,001,742 | ---- | M] () -- C:\Users\**********\Desktop\Free Video to JPG Converter.lnk
[2013.01.05 22:28:16 | 000,001,243 | ---- | M] () -- C:\Users\**********\Desktop\DVDVideoSoft Free Studio.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.04 12:09:10 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock
[2013.02.04 01:46:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.03 17:56:29 | 1864,160,626 | ---- | C] () -- C:\Documents\Documents.rar
[2013.02.03 15:56:01 | 095,023,320 | ---- | C] () -- C:\ProgramData\slpcsrj.pad
[2013.02.03 15:56:01 | 000,003,272 | ---- | C] () -- C:\ProgramData\slpcsrj.js
[2013.02.03 15:56:01 | 000,000,153 | ---- | C] () -- C:\ProgramData\slpcsrj.reg
[2013.02.03 15:56:01 | 000,000,082 | ---- | C] () -- C:\ProgramData\slpcsrj.bat
[2013.02.02 18:57:30 | 000,015,126 | ---- | C] () -- C:\Documents\Yugioh Typen decks.odt
[2013.01.27 22:10:19 | 000,022,848 | ---- | C] () -- C:\Documents\WM Qualifikation 2014.ods
[2013.01.27 21:41:26 | 000,035,192 | ---- | C] () -- C:\Documents\handwerker.rtf
[2013.01.27 21:07:48 | 000,001,495 | ---- | C] () -- C:\Users\***********\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk
[2013.01.27 21:07:48 | 000,000,728 | ---- | C] () -- C:\Users\***********\Desktop\Smart Data Recovery.lnk
[2013.01.27 20:19:01 | 000,000,713 | ---- | C] () -- C:\Users\***********\Desktop\Recover My Files v5.lnk
[2013.01.27 10:50:40 | 000,299,415 | ---- | C] () -- C:\Users\***********\Desktop\Ino Yamanaka v.5.pmd
[2013.01.23 01:16:50 | 000,000,606 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk
[2013.01.23 01:04:38 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib
[2013.01.23 00:17:10 | 000,000,558 | ---- | C] () -- C:\Users\***********\Desktop\XnView.lnk
[2013.01.23 00:15:55 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 1.0.0 (r5350).lnk
[2013.01.20 18:51:03 | 000,001,257 | ---- | C] () -- C:\Users\***********\Desktop\Play Free Games.lnk
[2013.01.20 18:51:03 | 000,001,060 | ---- | C] () -- C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk
[2013.01.20 18:51:03 | 000,001,052 | ---- | C] () -- C:\Users\***********\Desktop\iLivid.lnk
[2013.01.16 16:12:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf
[2013.01.16 16:12:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf
[2013.01.15 23:50:40 | 000,001,358 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.01.15 03:24:08 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk
[2013.01.14 23:21:15 | 000,002,108 | ---- | C] () -- C:\Users\***********\Desktop\Blender.lnk
[2013.01.14 18:43:18 | 734,717,352 | ---- | C] () -- C:\Users\***********\Desktop\Autodesk_3ds_Max_2010_English_WIN_32_Trial.exe
[2013.01.12 15:01:33 | 000,003,120 | ---- | C] () -- C:\Windows\swkalpmlic.lf
[2013.01.05 22:28:16 | 000,001,742 | ---- | C] () -- C:\Users\***********\Desktop\Free Video to JPG Converter.lnk
[2012.10.05 20:44:05 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll
[2012.08.03 21:52:59 | 001,414,144 | ---- | C] () -- C:\Windows\SysWow64\spk.dll
[2012.07.31 15:15:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.07.24 12:47:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.07.06 19:20:53 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll
[2012.06.23 13:55:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat
[2012.05.11 00:22:21 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.04.28 12:35:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2012.04.28 11:57:54 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.04.28 11:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.04.28 11:29:19 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.05.10 17:21:23 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Acreon
[2012.08.19 00:24:52 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Babylon
[2012.09.16 18:18:55 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Black Sea Studios
[2013.01.11 01:38:19 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Blender Foundation
[2012.11.24 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Code Force Limited
[2013.01.14 02:30:42 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DAEMON Tools Lite
[2013.01.23 00:52:42 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DeepBurner
[2013.01.05 22:28:10 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DVDVideoSoft
[2012.10.31 18:25:51 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.19 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\ExpressFiles
[2013.01.12 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\fltk.org
[2012.09.19 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\IClaro
[2013.01.13 18:30:36 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\IsolatedStorage
[2013.01.18 00:36:20 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Might & Magic Heroes VI
[2012.10.31 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\OpenCandy
[2012.04.28 13:34:27 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\OpenOffice.org
[2012.08.17 15:21:53 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Opera
[2013.01.14 03:11:03 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\PowerISO
[2012.11.13 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\ScummVM
[2012.12.03 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Sytexis Software
[2012.05.10 21:58:23 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\TS3Client
[2012.10.02 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\TuneUp Software
[2013.01.15 01:07:08 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Wings3D
[2013.01.23 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\XnView
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 24 bytes -> C:\Windows:C7A7DE9264C648FF
@Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF
@Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A85D770C

< End of report >

--- --- ---

--- --- ---

Hier noch einerOTL EXTRAS Logfile:

Code:

ATTFilter

OTL Extras logfile created on: 04.02.2013 12:14:04 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\********\Desktop
64bit- Home Premium Edition  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,40% Memory free
15,99 Gb Paging File | 13,02 Gb Available in Paging File | 81,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1862,92 Gb Total Space | 1431,22 Gb Free Space | 76,83% Space Free | Partition Type: NTFS
 
Computer Name: SPIELE-PC | User Name: ********* | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software)
 
[HKEY_USERS\S-1-5-21-1047081900-3411316267-2860860215-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net)
Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00B673B8-B20D-44D2-B266-75BA83B642DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{0948D55D-DFEF-4C83-8BD0-78EBDA21C628}" = rport=139 | protocol=6 | dir=out | app=system | 
"{0CDAE02D-014C-4A2C-9877-2AE3EDC590A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{11679F17-D19E-4FF7-B032-0E8207094887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{123A8CF5-3703-4CD3-8F67-78896CB979FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{16803D55-D9E4-45ED-AAE2-C6C74C5C3556}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{1A1E2A44-E78B-4A67-9DEC-9BD0221B16D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{1A9DE177-8DE7-4C48-8CA0-678B7FE8CE38}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{36145819-3049-4EA4-9D35-F11A7A26CFC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3ADA1291-5E10-4A8D-9533-42F4168B7AEA}" = lport=139 | protocol=6 | dir=in | app=system | 
"{456EC708-1B9B-435B-A280-BAD2A96C8BD9}" = lport=138 | protocol=17 | dir=in | app=system | 
"{45E087CC-A57A-4614-A251-4A2A0ADE2334}" = rport=137 | protocol=17 | dir=out | app=system | 
"{49AE1483-756B-4E6C-AB3C-9A6F1364899B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{65E74793-154A-42AF-9947-A3C5582B3A6A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{71DBD24A-60F9-4BD3-8A50-04CE9DEB3567}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{826E07A3-8548-469F-A0BB-DE073638C14B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{836015DA-6FE1-401E-8CDF-B2C3F317C7E7}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{972C024E-F330-41EF-AAED-3346E59C8BF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{99259A9C-6F8B-4239-A4E2-990CC865662E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A4D8684D-C1B3-4B35-ABA6-E488490692B3}" = lport=445 | protocol=6 | dir=in | app=system | 
"{BA774335-60C2-4D0B-AF09-F7E8655F20A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{DACA5FD1-4D35-4E5A-924A-881666257F9A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{DF5C80FA-EECD-4C82-BA70-711AAA329ACD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{F809325B-B3DA-4D92-9F46-8C2EDA9B321A}" = lport=137 | protocol=17 | dir=in | app=system | 
"{FFEA8A00-D2EB-4132-A5F5-3E91C07FB390}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{042AE85D-0CBF-445E-BF64-DEA347CC416D}" = protocol=17 | dir=in | app=c:\earth 2160\earth2160_no_sse.exe | 
"{06C6743B-14AC-4CFA-BDAB-E941232FB22F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{07B407CF-A23D-4728-AD51-1C3C7B077E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{08FC8458-72C5-4B54-A315-3381E3E97147}" = protocol=17 | dir=in | app=c:\iron sky invasion\ironsky_launcher.exe | 
"{0ACC7901-E21A-4530-AA50-AD111C3821AD}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | 
"{1143F500-70BC-4D88-9434-3DD7780E04E3}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | 
"{1C6FBCAC-7D0A-46A7-A887-C95A7203D06E}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3tc.exe | 
"{23B7DAB0-C23D-4F6A-97FC-DB05BCAC8340}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{241D61D0-5F7E-4A2E-AD1B-35220E24502D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{249BAEAD-214C-4E72-86BA-D6BFDC4E79F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{24E65427-FBBF-4E15-8023-4487E9E5D3CF}" = protocol=17 | dir=in | app=c:\iron sky invasion\game\isi_dx9.exe | 
"{26B3CC80-06F2-47BE-A25D-5E8275892E73}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3ap.exe | 
"{2830F8C2-CEFE-4A46-87AB-B43E912DD38D}" = protocol=6 | dir=in | app=c:\two worlds ii\twoworlds2.exe | 
"{285E5A34-5865-4857-88B9-3DAD5B68E28F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{292AD7C7-F81A-4F41-8208-0077DD090C7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{3536631E-176E-4B58-B7DC-7E12471D662D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{35ACE155-913B-49F2-B9F5-E29547F67F75}" = protocol=6 | dir=in | app=c:\iron sky invasion\game\ironsky.exe | 
"{45A40FC5-9FC0-464F-8956-78AB7388F0ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{468B1567-A98A-4156-B97E-6D5841EC7030}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{48CDDC01-B4D9-4743-99F0-7FC99E086202}" = protocol=17 | dir=in | app=c:\iron sky invasion\game\isi_dx11.exe | 
"{4B05B2FB-1DFE-48B7-97D1-34F3CB0CF825}" = protocol=6 | dir=in | app=c:\iron sky invasion\game\isi_dx9.exe | 
"{4D5BB992-A449-4012-91F3-66C09F3ACE95}" = protocol=6 | dir=in | app=c:\iron sky invasion\game\isi_dx11.exe | 
"{52891FFD-8BAE-4D55-92B1-4F58E27A7B81}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{550E9150-EB3D-4E4E-97B4-ADE49F1C5203}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{59F372A4-4058-4736-B3E1-03DE6C2C5D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{61F1CDE8-37DF-4F9E-B44D-565DF3E8A3C9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | 
"{62AFDE5F-6CCC-40D7-A2E4-E5C4694F4B94}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{67D0940B-71AF-4C67-8476-6DFF16238FC4}" = protocol=6 | dir=in | app=c:\earth 2160\earth2160_no_sse.exe | 
"{687AA798-547B-48F0-B254-8B59BF9CB516}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{6C36B508-762D-47CF-9C45-71FFF3676BAA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | 
"{6F455E05-9665-4223-846C-3E18D2A60D8D}" = protocol=17 | dir=in | app=c:\users\********\downloads\sweetimsetup.exe | 
"{71FB6CD3-7F34-4972-AE65-43CD338F49E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{75E715B8-4C49-4BA2-A9A9-3A1384C03029}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | 
"{7633ED0A-882B-4464-B6F1-9D670587E183}" = protocol=17 | dir=in | app=c:\steam\steam.exe | 
"{8454CDD3-1D00-4E38-84B8-982B5D123EAE}" = protocol=6 | dir=in | app=c:\might & magic heroes vi\might & magic heroes vi.exe | 
"{8E2DC8D8-C016-447F-B1E4-EE1E600537A7}" = protocol=17 | dir=in | app=c:\iron sky invasion\game\ironsky.exe | 
"{9A98351F-B46A-4C17-9EE9-9C510142C86F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{9B670403-346D-476C-B864-E2DC482B52F5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{9C511158-EA04-4CE0-B6CF-23C36626490A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{A12EEE3D-A9C0-43E6-96AA-93A4FAD73183}" = protocol=6 | dir=in | app=c:\iron sky invasion\ironsky_launcher.exe | 
"{A15172B9-7133-433A-A832-91773DAB7A6D}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | 
"{A588486D-7F3B-4E02-9BB2-20653DF04548}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{A5AB329F-4A6A-40C7-B075-891FD130ADCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{AA9BB4CD-12EE-4A95-A217-50ED64C55CEC}" = protocol=6 | dir=in | app=c:\earth 2160\earth2160_sse.exe | 
"{ADAF1055-A684-491D-BD44-B838B438A474}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe | 
"{B2265CD3-9B67-4040-87DD-1DC6778632F0}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\sid meier's civilization v\launcher.exe | 
"{BA02A378-B57E-45D5-BF39-462AA0877CFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{BD63CC63-9CF4-4F16-8D68-48E7ED6C3998}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | 
"{BE9718B4-B606-412A-9C60-B6D9C80330C4}" = protocol=17 | dir=in | app=c:\might & magic heroes vi\might & magic heroes vi.exe | 
"{C45E539B-CC77-447F-83B0-EF904FFA7289}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | 
"{CD94F62A-3FCF-4AA5-84AB-4F91832ECB25}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | 
"{CE014FA6-2608-47D2-818A-2EF4D393E68B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D0BAA2E5-1F45-4EDF-9EA4-B638D2B08D03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{D0FB189F-7032-4489-9D05-F030AB7464F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{D14F7031-D679-4605-97E5-B1A580E62767}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | 
"{D5E09EA5-ECBF-4BC3-968D-6F2E3B66F0BC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{D66ACF59-C1CB-4962-B8E2-DF4E8D158660}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{DCF656F8-C1B9-4411-B4DB-1ECB5CFE9D57}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{E8099ACC-4628-455B-95F3-575494A7F65C}" = protocol=17 | dir=in | app=c:\two worlds ii\twoworlds2.exe | 
"{E903F530-174E-46C1-80B6-45EA8E5ACBAD}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\risen 2\system\risen2.exe | 
"{EFC9D6FE-CF96-406D-BCC2-83AD5AFC7456}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3ap.exe | 
"{F0D41E68-EF59-41BC-9B59-50861F129326}" = protocol=6 | dir=in | app=c:\users\********\downloads\sweetimsetup.exe | 
"{F20EE43D-F35A-4FB3-B27B-3630E31B98B2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | 
"{F239AB21-2269-4545-82BD-ABCBF80EBDDA}" = protocol=6 | dir=out | app=system | 
"{F3365183-D7CE-4026-B83F-ACB5D8D1C06C}" = protocol=17 | dir=in | app=c:\earth 2160\earth2160_sse.exe | 
"{F87C8EB8-1C37-4F2F-8802-F01B7C1EF2E2}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3tc.exe | 
"{F8927661-AC94-473F-81A6-ECD7FEE8F5FE}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\risen 2\system\risen2.exe | 
"{FA482E6C-C0B9-40E5-8956-0A2B25C142EB}" = protocol=6 | dir=in | app=c:\steam\steam.exe | 
"{FBD5147B-F5CF-44F4-8E6D-549A2E404101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{323E134C-707D-4017-9768-D916A4D8F82E}" = HP Photosmart 5510d series - Grundlegende Software für das Gerät
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4E594F8A-B042-B61D-DADC-08822B630781}" = ATI Catalyst Install Manager
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding
"{852AFE33-BB5C-1A0A-586E-9402D9895992}" = ccc-utility64
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs
"{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151
"{F32470D7-B3F5-44CF-B11B-4C70EB640182}" = Studie zur Verbesserung von HP Photosmart 5510d series Produkten
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9
"{1C6BA2FA-05BB-F6C0-3BDF-2C2DD4E39275}" = CCC Help Italian
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F57656E-310B-D5C1-8B38-CD8BF09ADC31}" = CCC Help Russian
"{1F8CE8A5-2C35-B10C-9EE4-EB3A937EF192}" = CCC Help Thai
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2A554D04-7541-46F2-936C-B16490045A4C}" = Armada 2526 Gold
"{2BC12018-4A32-E375-FF94-4830A1A9BD17}" = Catalyst Control Center Graphics Previews Common
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0
"{3A7CEF01-FB6E-B492-0B99-E8C48B80040A}" = CCC Help English
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{48BB3836-2F6F-B8F5-D5B4-106903E92F2F}" = Catalyst Control Center Localization All
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B5CB1BC-6D47-B0DA-9C22-1546F98A954F}" = CCC Help German
"{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}" = Python 3.2.2
"{4FA7C6E9-21D7-CFE5-E111-0ADD6DE0D49E}" = CCC Help Swedish
"{5B87B431-0A03-4602-66E5-D6E84AACF15D}" = ccc-core-static
"{5D21244C-75F4-4204-8B60-5DE662A245F1}" = CCC Help Finnish
"{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform
"{647FDE6A-C7D5-D8AD-BCB6-3A69FC95C264}" = CCC Help Japanese
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2
"{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7447DBD6-E712-B7FD-3E1B-C82929E3DC94}" = Catalyst Control Center InstallProxy
"{744F505A-D627-E778-6724-EE7C70F49789}" = CCC Help Turkish
"{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI
"{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller
"{77117A63-E036-9CBC-88AA-EA11FFDE706C}" = CCC Help Danish
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor
"{82D9302E-F209-4805-B548-52087047483A}" = Python 2.4
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90FD66ED-BF27-2513-2D4C-5FA5EEA239C6}" = CCC Help Hungarian
"{9190F5FB-B316-10E8-56A9-695110CAB551}" = CCC Help Spanish
"{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{969F1D08-6246-2BAA-A4F8-4C2B291078DF}" = CCC Help Greek
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D8142BB-8AD4-A3F3-4191-CE02A9E5BFAB}" = CCC Help French
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B42BC17B-B545-E379-96E4-8709AB86034A}" = CCC Help Dutch
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB
"{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision
"{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2
"{BF5B8A54-EE1E-B221-4C1E-4D9E5E93D7A6}" = CCC Help Chinese Traditional
"{C1548201-53B0-EB9E-B662-D3E48406AF50}" = CCC Help Czech
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C7D2B6FB-A766-DAFB-3536-8219ED98EF5F}" = CCC Help Norwegian
"{CC71BB44-D345-7591-D61B-9233464D6326}" = CCC Help Portuguese
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D1D40FB8-4DF3-8AC7-DB80-5030D6BD7E5F}" = CCC Help Korean
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D554EA85-E14F-A09E-BF72-360CDC8C73F5}" = CCC Help Chinese Standard
"{D903B6D5-B5E7-261E-F5F7-8784A1EC43EF}" = CCC Help Polish
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Hilfe
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC73D9BE-30BC-1BBF-3E7F-57F37E96AFEB}" = Catalyst Control Center Graphics Previews Vista
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1ClickDownload" = Movie2KDownloader
"7-Zip" = 7-Zip 4.65
"Activision_CTP2UninstallKey" = Call To Power 2
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ArkCORE" = ArkCORE 7.0
"Armada 2526 Gold" = Armada 2526 Gold
"AVG Secure Search" = AVG Security Toolbar
"Avira AntiVir Desktop" = Avira Internet Security 2012
"bgbennyboyEMIReplacementSetup_is1" = Escape From Monkey Island
"Blender" = Blender (remove only)
"CamStudio" = CamStudio
"DAEMON Tools Lite" = DAEMON Tools Lite
"DAEMON Tools Toolbar" = DAEMON Tools Toolbar
"DealPly" = DealPly
"Diablo III" = Diablo III
"Distant Worlds1.0.7.0" = Distant Worlds
"Dunkle Magie" = Dunkle Magie
"DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar
"Earth 2160" = Earth 2160
"Exact Audio Copy" = Exact Audio Copy 0.99pb3
"FormatFactory" = FormatFactory 3.0.1
"Fraps" = Fraps (remove only)
"Free Video Dub_is1" = Free Video Dub version 2.0.12.706
"Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.21.1212
"Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015
"Google Chrome" = Google Chrome
"Gothic II" = Gothic II
"Guild Wars 2" = Guild Wars 2
"HP Photo Creations" = HP Photo Creations
"iLivid" = iLivid
"Iron Sky Invasion" = Iron Sky Invasion
"MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D)
"MAGIX Online Druck Service D" = MAGIX Online Druck Service
"MAGIX Screenshare D" = MAGIX Screenshare
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.3.6
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Opera 12.13.1734" = Opera 12.13
"pcsx2-r5350" = PCSX2 - Playstation 2 Emulator
"PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0
"RealPlayer 16.0" = RealPlayer
"Recover My Files v5_is1" = Recover My Files
"Red Alert 2" = Command & Conquer Alarmstufe Rot 2
"ScummVM_is1" = ScummVM 1.5.0
"Smart Data Recovery_is1" = Smart Data Recovery v4.3
"Smart File Advisor_is1" = Smart File Advisor 1.1.1
"Steam App 201310" = X3: Albion Prelude
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 2820" = X3: Terran Conflict
"Steam App 40390" = Risen 2 - Dark Waters
"Steam App 8930" = Sid Meier's Civilization V
"SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010)
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TerraTec Grabby" = TerraTec Grabby V5.09.0813.00
"Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun
"Two Worlds II" = Two Worlds II
"UltraISO_is1" = UltraISO Premium V9.53
"vfd-ob" = VideoFileDownload
"Video Fixer 3.23_is1" = Video Fixer 3.23
"VLC media player" = VLC media player 0.9.8a
"Wajam" = Wajam
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood
"World of Warcraft" = World of Warcraft
"World of Warcraft Public Test" = World of Warcraft Public Test
"X Plugin Manager" = X Plugin Manager 2.12
"X3TerranConflict_is1" = X3 Terran Conflict v3.2
"Xadrian" = Xadrian
"XnView_is1" = XnView 1.99.6
"X-Universe Plugin Manager_is1" = X-Universe Plugin Manager 1.47
"Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-1047081900-3411316267-2860860215-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.01.2013 10:49:40 | Computer Name = Spiele-PC | Source = Application Hang | ID = 1002
Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 18d4    Startzeit:
 01cdfef8c8588564    Endzeit: 38    Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Berichts-ID:
 443e887c-6aec-11e2-a3eb-6cf049e3327a  
 
Error - 30.01.2013 21:17:08 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 31.01.2013 09:45:57 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2013 09:45:57 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 31.01.2013 16:22:26 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.02.2013 06:53:14 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 01.02.2013 11:14:57 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 01.02.2013 20:38:34 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.02.2013 07:41:24 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 02.02.2013 21:32:01 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 03.02.2013 06:22:24 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008
Description = 
 
Error - 03.02.2013 11:01:40 | Computer Name = Spiele-PC | Source = VSS | ID = 8194
Description = 
 
Error - 03.02.2013 11:23:55 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*************i\Downloads\SoftonicDownloader_fuer_filerecovery.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 03.02.2013 12:16:59 | Computer Name = Spiele-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457,
 Zeitstempel: 0x50a2f9e3  Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 
3.5.3.0, Zeitstempel: 0x4e8d7e1a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00008e14
ID
 des fehlerhaften Prozesses: 0xe18  Startzeit der fehlerhaften Anwendung: 0x01ce0229cc2d26ff
Pfad
 der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe
Pfad
 des fehlerhaften Moduls: C:\Users\*********\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll
Berichtskennung:
 229a027c-6e1d-11e2-a817-6cf049e3327a
 
Error - 03.02.2013 13:15:25 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\**********\Downloads\SoftonicDownloader_fuer_filerecovery.exe". Fehler in  Manifest-
 oder Richtliniendatei "" in Zeile .  Eine für die Anwendung erforderliche Komponentenversion
 steht in Konflikt mit  einer anderen, bereits aktiven Komponentenversion.  In Konflikt
 stehende Komponenten:.  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest.
 
Error - 03.02.2013 14:10:50 | Computer Name = Spiele-PC | Source = Application Hang | ID = 1002
Description = Programm Gw2.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt
 werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1b7c    Startzeit:
 01ce0239925d1e58    Endzeit: 24502    Anwendungspfad: C:\Program Files (x86)\Guild Wars
 2\Gw2.exe    Berichts-ID: f987aaea-6e2c-11e2-9c67-6cf049e3327a  
 
Error - 03.02.2013 19:44:16 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ System Events ]
Error - 03.02.2013 14:50:53 | Computer Name = Spiele-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
 Sie auf dem Volume "\Device\HarddiskVolume4" den Befehl "chkdsk" aus.
 
Error - 03.02.2013 15:23:40 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.02.2013 15:24:10 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.02.2013 16:53:55 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.02.2013 16:54:21 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.02.2013 17:59:46 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 03.02.2013 17:59:50 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 04.02.2013 05:31:51 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 04.02.2013 05:31:55 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
Error - 04.02.2013 07:08:57 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet:
   %%2
 
 
< End of report >

--- --- ---

t'john · 04.02.2013, 14:58

Bitte das Malwarebytes Logfile posten!
(Reiter Logdateien)

Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen.
Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen.

Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte.

1. Schritt

Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
Starte die OTL.exe.
Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.

Ersetze die *** Sternchen wieder in den Benutzernamen zurück!

Code:

ATTFilter

:OTL

SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) 
[2013.01.19 19:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess 
@Alternate Data Stream - 24 bytes -> C:\Windows:C7A7DE9264C648FF 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF 
@Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A85D770C 
[2013.01.20 18:50:15 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\iLivid 
[2013.01.20 18:51:03 | 000,001,052 | ---- | M] () -- C:\Users\**********\Desktop\iLivid.lnk 
[2013.01.20 18:51:03 | 000,001,060 | ---- | C] () -- C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk 
[2013.01.20 18:51:03 | 000,001,052 | ---- | C] () -- C:\Users\***********\Desktop\iLivid.lnk 
[2013.02.03 17:37:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\slpcsrj.pad 
[2013.02.03 15:56:01 | 000,003,272 | ---- | M] () -- C:\ProgramData\slpcsrj.js 
[2013.02.03 15:56:01 | 000,000,153 | ---- | M] () -- C:\ProgramData\slpcsrj.reg 
[2013.02.03 15:56:01 | 000,000,082 | ---- | M] () -- C:\ProgramData\slpcsrj.bat 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\***********\*.tmp
C:\Users\***********\AppData\Local\Temp\*.exe
C:\Users\***********\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk
ipconfig /flushdns /c
:Commands
[emptytemp]

Schließe alle Programme.
Klicke auf den Fix Button.
Wenn OTL einen Neustart verlangt, bitte zulassen.
Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!

2. Schritt
Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.

Entpacke das Archiv auf deinem Desktop.
Im neu erstellten Ordner starte bitte die mbar.exe.
Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
Klicke auf den CleanUp Button und erlaube den Neustart.
Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
Nach dem Neustart starte die mbar.exe erneut.
Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.

Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

danach:

3. Schritt
Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

t'john · 06.04.2013, 13:18

Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.

Habe mir den Bundespolizeivirus eingefangen!

Plagegeister aller Art und deren Bekämpfung: Habe mir den Bundespolizeivirus eingefangen!