|
Plagegeister aller Art und deren Bekämpfung: Habe mir den Bundespolizeivirus eingefangen!Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
03.02.2013, 20:38 | #1 |
| Habe mir den Bundespolizeivirus eingefangen! Hallo! Habe mir den Bundespolizeivirus eingefangen.Habe auch versucht in abgesicherten Modus ihn weg zu bekommen.Leider kommt die meldung da auch mit der BUndespolizei. Habe danach meine WINdows 7 CD rein gelegt und von win 7 cd aus Rechner gestartet.Bin dann auf Systemwiederherstellung geganegn und mein System wurde zum 03.02.2013 auf 14:00 uhr gesetzt.1 Stunde bevor ich den hatte. Danach habe ich erst einmal alle meine Datein auf ein externen laufwerk gebracht falls ich formatieren muß. Jetzt meine Frage? Ist der Virus jetzt endgültig weg oder immer noch vorhanden.DAs System befidnet sich jetzt bevor ich den virus bekommen habe. |
03.02.2013, 22:45 | #2 |
/// Helfer-Team | Habe mir den Bundespolizeivirus eingefangen!1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.2. Schritt Systemscan mit OTL (bebilderte Anleitung)
__________________ |
04.02.2013, 12:40 | #3 |
| Habe mir den Bundespolizeivirus eingefangen! Habe heute deine Schritte mal durchgeführt.Habe mit MAlewarebytes gesannt er hat tasächlich infizierte Dateien gefunden habe einen log erstellen lassen und danach alles was angekreuzt war gelöscht.Dann mußte ich den rechner neu starten.
__________________Hier ist der log von den OTL Weiß zwar nicht wofür das gut sein soll aber egal.OTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 04.02.2013 12:14:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\**********\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,40% Memory free 15,99 Gb Paging File | 13,02 Gb Available in Paging File | 81,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1431,22 Gb Free Space | 76,83% Space Free | Partition Type: NTFS Computer Name: SPIELE-PC | User Name: *********** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*********\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Steam\steam.exe (Valve Corporation) PRC - C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Users\**********\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.285\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Programme\Logitech\GamePanel Software\Applets\LCDMedia.exe (Logitech Inc.) PRC - C:\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) PRC - C:\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Steam\sdl.dll () MOD - C:\Steam\bin\libcef.dll () MOD - C:\Steam\bin\avcodec-53.dll () MOD - C:\Steam\bin\chromehtml.dll () MOD - C:\Steam\bin\avformat-53.dll () MOD - C:\Steam\bin\avutil-51.dll () MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.3.2\avgdttbx.dll () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\SiteSafety.dll () MOD - C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (vToolbarUpdater13.3.2) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe () SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (CodeMeter.exe) -- C:\Program Files (x86)\CodeMeter\Runtime\bin\CodeMeter.exe (WIBU-SYSTEMS AG) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.285\McCHSvc.exe (McAfee, Inc.) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (WajamUpdater) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe (Wajam) SRV - (AntiVirFirewallService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avfwsvc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (PMBDeviceInfoProvider) -- C:\Sony\PMB\PMBDeviceInfoProvider.exe (Sony Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (avfwot) -- C:\Windows\SysNative\drivers\avfwot.sys (Avira GmbH) DRV:64bit: - (avfwim) -- C:\Windows\SysNative\drivers\avfwim.sys (Avira GmbH) DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys () DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys () DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (USB28xxBGA) -- C:\Windows\SysNative\drivers\emBDA64.sys (eMPIA Technology, Inc.) DRV:64bit: - (USB28xxOEM) -- C:\Windows\SysNative\drivers\emOEM64.sys (eMPIA Technology, Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (ISODrive) -- C:\UltraISO\drivers\ISODrv64.sys (EZB Systems, Inc.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9211280443954483&q={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9211280443954483&q={searchTerms} IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchnu.com/406 IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\URLSearchHook: {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\URLSearchHook: {113342cd-3031-4ee9-9288-2c58857d3a3d} - No CLSID value found IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\URLSearchHook: {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes,DefaultScope = {C5245D35-B066-4E3E-AD57-2511ACD52B91} IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://isearch.claro-search.com/?q={searchTerms}&affID=116061&tt=3812_3&babsrc=SP_iclro&mntrId=f034acfb0000000000006cf049e3327a IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={25DA7BE5-D4F3-461C-9CFA-6039058E4738}&mid=241d989cdf9847d0b3eebdb90f07db89-9b97b36ac38cac35341478ecdcf949448eeaf8ff&lang=en&ds=ft011&pr=sa&d=2013-01-14 02:17:28&v=13.3.0.17&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&gct=ds&appid=422&systemid=406&apn_dtid=BND406&apn_ptnrs=AG6&o=APN10645&apn_uid=9211280443954483&q={searchTerms} IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms} IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{AEB4FE1B-0410-43DD-9009-AC6790397122}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\SearchScopes\{C5245D35-B066-4E3E-AD57-2511ACD52B91}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=937811&p={searchTerms} IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..CT2625848.browser.search.defaultthis.engineName: true FF - prefs.js..CT3201318.browser.search.defaultthis.engineName: true FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.order.1: "Search Results" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=937811" FF - prefs.js..browser.search.selectedEngine: "Yahoo" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.searchnu.com/406" FF - prefs.js..extensions.enabledAddons: plugin%40videofiledownload.com:1.5 FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9 FF - prefs.js..extensions.enabledAddons: artur.dubovoy%40gmail.com:3.8.2 FF - prefs.js..extensions.enabledAddons: %7BEB9394A3-4AD6-4918-9537-31A1FD8E8EDF%7D:2.0 FF - prefs.js..extensions.enabledAddons: %7B34712C68-7391-4c47-94F3-8F88D49AD632%7D:1.3.0 FF - prefs.js..extensions.enabledAddons: %7B3bbd3c14-4c16-4989-8366-95bc9179779d%7D:10.14.42.7 FF - prefs.js..extensions.enabledAddons: %7B78e516ef-11de-47a1-8364-a99b917ec5ee%7D:10.14.42.7 FF - prefs.js..extensions.enabledAddons: %7B0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff%7D:10.14.42.7 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT3241949&SearchSource=2&CUI=SB_CUI&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.129\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.8a: C:\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2012.07.31 15:17:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2012.07.31 15:17:49 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.3.0.17 [2013.01.14 02:17:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext [2013.01.15 23:50:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.01.15 23:50:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 23:41:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.01.18 23:41:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.01.22 14:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Extensions [2013.01.28 00:43:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions [2013.01.28 00:43:07 | 000,000,000 | ---D | M] (DVDVideoSoftTB DE) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} [2013.01.28 00:43:01 | 000,000,000 | ---D | M] (FLV Runner) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{3bbd3c14-4c16-4989-8366-95bc9179779d} [2013.01.28 00:42:55 | 000,000,000 | ---D | M] (FileConverter 1.3) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} [2013.01.14 15:28:37 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2012.07.09 13:12:45 | 000,000,000 | ---D | M] (VideoFileDownload - Download YouTube Videos) -- C:\Users\*********\AppData\Roaming\mozilla\Firefox\Profiles\5w53n2a4.default\extensions\plugin@videofiledownload.com [2012.12.22 12:35:16 | 000,234,999 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\extensions\artur.dubovoy@gmail.com.xpi [2012.12.13 21:29:00 | 000,199,445 | ---- | M] () (No name found) -- C:\Users\***********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\extensions\movie2kdownloader@movie2kdownloader.com.xpi [2012.12.11 20:59:39 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2013.01.14 11:06:44 | 000,001,064 | ---- | M] () -- C:\Users\**********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\searchplugins\dvdvideosofttb-de-customized-web-search.xml [2013.01.19 19:57:56 | 000,001,064 | ---- | M] () -- C:\Users\********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\searchplugins\fileconverter-13-customized-web-search.xml [2013.01.20 18:50:26 | 000,002,687 | ---- | M] () -- C:\Users\********\AppData\Roaming\mozilla\firefox\profiles\5w53n2a4.default\searchplugins\Search_Results.xml [2013.01.22 14:34:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.15 23:50:32 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.01.18 23:41:04 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.14 02:17:45 | 000,003,580 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.19 17:34:11 | 000,006,531 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.08 14:23:19 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.20 18:50:26 | 000,002,687 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\Search_Results.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.searchnu.com/406 CHR - default_search_provider: () CHR - default_search_provider: search_url = CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.searchnu.com/406 CHR - Extension: No name found = C:\Users\********\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (VideoFileDownload) - {68DD98BF-9DE8-418C-89F0-E37AC61CC2D9} - C:\Program Files (x86)\OApps\bho_project.dll File not found O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll () O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Bing Bar BHO) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O2 - BHO: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB DE Toolbar) - {0027da2d-c9f2-4b0b-ae05-e2cd1bdb6cff} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O3 - HKLM\..\Toolbar: (@C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll,-100) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\MSN Toolbar\Platform\6.3.2291.0\npwinext.dll (Microsoft Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (YTD Toolbar) - {F3FEE66E-E034-436a-86E4-9690573BEE8A} - C:\Program Files (x86)\YTD Toolbar\IE\6.2\ytdToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found. O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\Toolbar\WebBrowser: (DVDVideoSoftTB DE Toolbar) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - C:\Program Files (x86)\DVDVideoSoftTB_DE\prxtbDVDV.dll (Conduit Ltd.) O3:64bit: - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll () O3 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001\..\Toolbar\WebBrowser: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar.dll () O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [Smart File Advisor] C:\Program Files (x86)\Smart File Advisor\sfa.exe (Filefacts.net) O4 - HKLM..\Run: [StartCCC] C:\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [TrayServer] C:\Program Files (x86)\MAGIX\Filme_auf_DVD_7_TerraTec_Edition\TrayServer.exe (MAGIX AG) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001..\Run: [Akamai NetSession Interface] C:\Users\********\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001..\Run: [DAEMON Tools Lite] C:\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-1047081900-3411316267-2860860215-1001..\Run: [Steam] C:\Steam\steam.exe (Valve Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***********\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\********\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*********\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{68080225-402F-4CA5-A89A-F67FE41544A6}: DhcpNameServer = 192.168.0.1 O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 01:46:08 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Malwarebytes [2013.02.04 01:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.04 01:46:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.04 01:45:59 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.04 01:45:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.04 01:45:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*********\Desktop\OTL.exe [2013.02.03 20:09:57 | 000,000,000 | ---D | C] -- C:\Documents\Egosoft [2013.02.03 15:47:49 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\{D46D4A9B-0EB5-49CE-A001-5BA88C1E312D} [2013.01.30 15:49:10 | 000,697,864 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.30 15:49:10 | 000,074,248 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.29 11:09:45 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\{A5FA337C-F9AB-4228-AC11-B365676973D4} [2013.01.28 14:59:39 | 000,000,000 | ---D | C] -- C:\Users\*******\Desktop\pymeshio-2.6.2 [2013.01.27 21:07:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Data Recovery [2013.01.27 21:07:47 | 000,000,000 | ---D | C] -- C:\Smart Data Recovery [2013.01.27 20:19:01 | 000,851,880 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysNative\WibuCm64.dll [2013.01.27 20:19:01 | 000,670,120 | ---- | C] (WIBU-SYSTEMS AG) -- C:\Windows\SysWow64\WibuCm32.dll [2013.01.27 20:19:01 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Recover My Files v5 [2013.01.27 20:19:00 | 000,000,000 | ---D | C] -- C:\Program Files\CodeMeter [2013.01.27 20:19:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CodeMeter [2013.01.27 20:18:57 | 000,000,000 | ---D | C] -- C:\Recover My Files v5 [2013.01.27 19:27:35 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\{2DD5C23D-FC21-4E88-922B-5F74DE000D7A} [2013.01.27 18:45:36 | 000,000,000 | ---D | C] -- C:\Documents\MAGIX Downloads [2013.01.27 12:57:42 | 000,000,000 | ---D | C] -- C:\Users\**********\Desktop\pymeshio-2.7.2 [2013.01.27 01:02:27 | 000,000,000 | ---D | C] -- C:\MikuMikuDAnce [2013.01.26 18:00:36 | 000,000,000 | ---D | C] -- C:\Documents\Guild Wars 2 [2013.01.23 01:16:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UltraISO [2013.01.23 01:16:49 | 000,000,000 | ---D | C] -- C:\UltraISO [2013.01.23 01:16:49 | 000,000,000 | ---D | C] -- C:\Documents\My ISO Files [2013.01.23 01:16:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\EZB Systems [2013.01.23 00:52:19 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\DeepBurner [2013.01.23 00:27:09 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Roaming\XnView [2013.01.23 00:17:29 | 000,000,000 | ---D | C] -- C:\Documents\PCSX2 [2013.01.23 00:17:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView [2013.01.23 00:17:08 | 000,000,000 | ---D | C] -- C:\XnView [2013.01.23 00:15:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PCSX2 [2013.01.23 00:14:15 | 000,000,000 | ---D | C] -- C:\PS2 Tools [2013.01.22 13:53:05 | 000,000,000 | R--D | C] -- C:\Documents [2013.01.22 13:25:49 | 000,000,000 | ---D | C] -- C:\Documents\Naruto Shippuden Karten [2013.01.22 13:07:45 | 000,000,000 | ---D | C] -- C:\Users\*********\Desktop\Youtube converter [2013.01.22 12:52:14 | 000,000,000 | ---D | C] -- C:\Phyton (Blender) installation [2013.01.22 12:46:14 | 000,000,000 | ---D | C] -- C:\Blender Programme [2013.01.20 21:19:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Browser Manager [2013.01.20 18:50:15 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\iLivid [2013.01.20 11:40:28 | 000,000,000 | ---D | C] -- C:\XPS_10.9.3 [2013.01.19 20:25:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Blender Foundation [2013.01.19 19:57:30 | 000,773,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcr100.dll [2013.01.19 19:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess [2013.01.18 23:41:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.17 00:30:04 | 000,000,000 | ---D | C] -- C:\Ino (Blender) dateien [2013.01.16 19:47:30 | 000,000,000 | ---D | C] -- C:\Blender 2.65 [2013.01.16 16:12:21 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\Logitech [2013.01.16 16:12:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2013.01.16 16:10:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2013.01.16 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2013.01.16 16:10:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013.01.15 23:50:59 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\RealNetworks [2013.01.15 23:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks [2013.01.15 23:50:30 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks [2013.01.15 23:50:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013.01.15 23:50:13 | 000,201,424 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013.01.15 23:50:04 | 000,006,656 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013.01.15 23:50:04 | 000,005,632 | ---- | C] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013.01.15 23:50:03 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.01.15 23:50:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks [2013.01.15 23:28:53 | 000,766,272 | ---- | C] (RealNetworks, Inc.) -- C:\Users\*********\Desktop\RealPlayer16_de.exe [2013.01.15 15:11:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.4 [2013.01.15 15:10:58 | 000,000,000 | ---D | C] -- C:\Python24 [2013.01.15 15:07:29 | 000,000,000 | ---D | C] -- C:\Blender 2.41 [2013.01.15 03:48:17 | 000,000,000 | ---D | C] -- C:\ogretools [2013.01.15 03:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2013.01.15 03:23:45 | 000,000,000 | ---D | C] -- C:\Blender1 [2013.01.15 03:09:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET [2013.01.15 01:07:08 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Wings3D [2013.01.14 23:31:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 2.5 [2013.01.14 23:30:43 | 000,000,000 | ---D | C] -- C:\Python25 [2013.01.14 23:21:15 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blender Foundation [2013.01.14 23:20:22 | 000,000,000 | ---D | C] -- C:\Blender 2.49 [2013.01.14 21:26:54 | 000,000,000 | ---D | C] -- C:\tmp [2013.01.14 20:19:53 | 000,000,000 | ---D | C] -- C:\TXD Workshop 4.5 [2013.01.14 19:30:11 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU [2013.01.14 19:30:10 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\AVS4YOU [2013.01.14 19:30:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVS4YOU [2013.01.14 19:29:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVSMedia [2013.01.14 19:29:24 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.01.14 19:29:24 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll [2013.01.14 15:28:56 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DealPly [2013.01.14 15:28:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DealPly [2013.01.14 14:54:58 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\Akamai [2013.01.14 13:11:39 | 000,000,000 | ---D | C] -- C:\gmax [2013.01.14 12:23:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.2 [2013.01.14 12:22:05 | 000,000,000 | ---D | C] -- C:\Python32 [2013.01.14 11:36:56 | 000,000,000 | ---D | C] -- C:\ZMODELER [2013.01.14 03:11:03 | 000,000,000 | ---D | C] -- C:\Users\*******\AppData\Roaming\PowerISO [2013.01.14 02:55:17 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images [2013.01.14 02:35:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Smart File Advisor [2013.01.14 02:35:08 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\Programs [2013.01.14 02:18:26 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\AVG Secure Search [2013.01.14 02:17:47 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search [2013.01.14 02:17:24 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.01.14 02:17:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2013.01.14 02:17:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2013.01.13 18:30:36 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\IsolatedStorage [2013.01.13 18:30:36 | 000,000,000 | ---D | C] -- C:\ProgramData\IsolatedStorage [2013.01.13 18:25:11 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\_ [2013.01.12 15:01:33 | 000,000,000 | ---D | C] -- C:\Users\********\AppData\Local\PhotoModeler [2013.01.12 15:01:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoModeler [2013.01.12 15:00:47 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PhotoModeler [2013.01.12 14:46:57 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Roaming\fltk.org [2013.01.12 14:46:57 | 000,000,000 | ---D | C] -- C:\ProgramData\fltk.org [2013.01.11 02:23:29 | 002,790,864 | ---- | C] (Adobe Systems, Inc.) -- C:\Users\*********\Desktop\install_flash_player.exe [2013.01.11 01:38:19 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Roaming\Blender Foundation [2013.01.11 00:41:30 | 000,000,000 | ---D | C] -- C:\XPS_10.8.7b [2013.01.11 00:07:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft XNA [2013.01.10 23:47:29 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Apps [2013.01.10 23:47:28 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\Deployment [2013.01.10 01:23:44 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{DE0A1E74-B43E-4213-970F-FB18241AA94C} [2013.01.09 10:31:46 | 000,751,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 10:31:46 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 10:31:24 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 10:31:22 | 000,801,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 10:31:13 | 002,745,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 10:31:13 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 10:31:13 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 10:31:13 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 10:31:13 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 10:31:13 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 10:31:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 10:31:13 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 10:31:13 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 10:31:13 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 10:31:13 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 10:31:13 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 10:31:13 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 10:31:13 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 10:31:13 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 10:31:13 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 10:31:13 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 10:31:13 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 10:31:13 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 10:31:13 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 10:31:13 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 10:31:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 10:31:12 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 10:31:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 10:31:12 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 10:31:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 10:31:12 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 10:31:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 10:31:12 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 10:30:50 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 10:30:49 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 10:30:49 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 10:30:49 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 10:30:49 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 10:30:49 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 10:30:49 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 10:30:49 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 10:30:49 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 10:30:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 10:30:49 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 10:30:49 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 10:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 10:30:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 10:30:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 10:30:48 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 10:30:48 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 10:30:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 10:30:48 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 10:30:48 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 10:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 10:30:48 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 10:30:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 10:30:48 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 10:30:48 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 10:30:48 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.08 14:49:37 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{B58A2DE6-CF34-4DE8-A2C2-169A33D1F3B7} [2013.01.07 15:40:46 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{00F1B43D-44B2-4259-8DAF-AF2D60013704} [2013.01.06 10:41:39 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\{5A5A51F0-5B58-49CF-9134-03B17B53F65F} [2013.01.05 22:28:10 | 000,000,000 | ---D | C] -- C:\Free Video to JPG Converter [2013.01.05 22:28:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2013.01.05 22:08:17 | 000,000,000 | ---D | C] -- C:\Users\*********\AppData\Local\{242581DA-9340-40E5-BE16-62A2846F1375} [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 12:16:40 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 12:16:40 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 12:14:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.04 12:09:26 | 000,001,960 | ---- | M] () -- C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Tintenwarnungen überwachen - HP Photosmart 5510d series.lnk [2013.02.04 12:09:10 | 000,000,000 | -H-- | M] () -- C:\ProgramData\cm-lock [2013.02.04 12:09:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.04 12:08:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 12:08:47 | 2143,936,511 | -HS- | M] () -- C:\hiberfil.sys [2013.02.04 12:01:00 | 000,000,270 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Messager.job [2013.02.04 01:46:00 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.04 01:45:29 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\**********\Desktop\OTL.exe [2013.02.03 21:34:00 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.03 21:34:00 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.03 21:34:00 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.03 21:34:00 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.03 21:34:00 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.03 18:03:49 | 1864,160,626 | ---- | M] () -- C:\Documents\Documents.rar [2013.02.03 17:37:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\slpcsrj.pad [2013.02.03 15:56:01 | 000,003,272 | ---- | M] () -- C:\ProgramData\slpcsrj.js [2013.02.03 15:56:01 | 000,000,153 | ---- | M] () -- C:\ProgramData\slpcsrj.reg [2013.02.03 15:56:01 | 000,000,082 | ---- | M] () -- C:\ProgramData\slpcsrj.bat [2013.02.02 20:23:17 | 000,015,126 | ---- | M] () -- C:\Documents\Yugioh Typen decks.odt [2013.01.30 15:49:10 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.30 15:49:10 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.27 22:10:21 | 000,022,848 | ---- | M] () -- C:\Documents\WM Qualifikation 2014.ods [2013.01.27 21:07:48 | 000,001,495 | ---- | M] () -- C:\Users\**********\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk [2013.01.27 21:07:48 | 000,000,728 | ---- | M] () -- C:\Users\**********\Desktop\Smart Data Recovery.lnk [2013.01.27 20:19:01 | 000,000,713 | ---- | M] () -- C:\Users\**********\Desktop\Recover My Files v5.lnk [2013.01.23 01:16:50 | 000,000,606 | ---- | M] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.01.23 01:04:38 | 000,000,041 | -HS- | M] () -- C:\ProgramData\.zreglib [2013.01.23 00:27:21 | 000,000,558 | ---- | M] () -- C:\Users\**********\Desktop\XnView.lnk [2013.01.23 00:15:55 | 000,001,711 | ---- | M] () -- C:\Users\Public\Desktop\PCSX2 1.0.0 (r5350).lnk [2013.01.20 18:51:03 | 000,001,257 | ---- | M] () -- C:\Users\**********\Desktop\Play Free Games.lnk [2013.01.20 18:51:03 | 000,001,052 | ---- | M] () -- C:\Users\**********\Desktop\iLivid.lnk [2013.01.19 20:25:26 | 000,002,108 | ---- | M] () -- C:\Users\**********\Desktop\Blender.lnk [2013.01.16 19:47:54 | 000,001,473 | ---- | M] () -- C:\Users\Public\Desktop\Blender.lnk [2013.01.16 16:12:20 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf [2013.01.16 16:12:16 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf [2013.01.15 23:50:40 | 000,001,358 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.01.15 23:50:13 | 000,201,424 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013.01.15 23:50:04 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013.01.15 23:50:04 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013.01.15 23:50:03 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.01.15 23:28:54 | 000,766,272 | ---- | M] (RealNetworks, Inc.) -- C:\Users\*********\Desktop\RealPlayer16_de.exe [2013.01.14 18:51:07 | 734,717,352 | ---- | M] () -- C:\Users\*********\Desktop\Autodesk_3ds_Max_2010_English_WIN_32_Trial.exe [2013.01.14 02:15:46 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.01.12 15:01:33 | 000,003,120 | ---- | M] () -- C:\Windows\swkalpmlic.lf [2013.01.10 10:13:24 | 000,323,248 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.05 22:28:16 | 000,001,742 | ---- | M] () -- C:\Users\**********\Desktop\Free Video to JPG Converter.lnk [2013.01.05 22:28:16 | 000,001,243 | ---- | M] () -- C:\Users\**********\Desktop\DVDVideoSoft Free Studio.lnk [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.04 12:09:10 | 000,000,000 | -H-- | C] () -- C:\ProgramData\cm-lock [2013.02.04 01:46:00 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.03 17:56:29 | 1864,160,626 | ---- | C] () -- C:\Documents\Documents.rar [2013.02.03 15:56:01 | 095,023,320 | ---- | C] () -- C:\ProgramData\slpcsrj.pad [2013.02.03 15:56:01 | 000,003,272 | ---- | C] () -- C:\ProgramData\slpcsrj.js [2013.02.03 15:56:01 | 000,000,153 | ---- | C] () -- C:\ProgramData\slpcsrj.reg [2013.02.03 15:56:01 | 000,000,082 | ---- | C] () -- C:\ProgramData\slpcsrj.bat [2013.02.02 18:57:30 | 000,015,126 | ---- | C] () -- C:\Documents\Yugioh Typen decks.odt [2013.01.27 22:10:19 | 000,022,848 | ---- | C] () -- C:\Documents\WM Qualifikation 2014.ods [2013.01.27 21:41:26 | 000,035,192 | ---- | C] () -- C:\Documents\handwerker.rtf [2013.01.27 21:07:48 | 000,001,495 | ---- | C] () -- C:\Users\***********\Desktop\Klicken Sie hier, um PC-Fehler zu finden und zu reparieren.lnk [2013.01.27 21:07:48 | 000,000,728 | ---- | C] () -- C:\Users\***********\Desktop\Smart Data Recovery.lnk [2013.01.27 20:19:01 | 000,000,713 | ---- | C] () -- C:\Users\***********\Desktop\Recover My Files v5.lnk [2013.01.27 10:50:40 | 000,299,415 | ---- | C] () -- C:\Users\***********\Desktop\Ino Yamanaka v.5.pmd [2013.01.23 01:16:50 | 000,000,606 | ---- | C] () -- C:\Users\Public\Desktop\UltraISO.lnk [2013.01.23 01:04:38 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2013.01.23 00:17:10 | 000,000,558 | ---- | C] () -- C:\Users\***********\Desktop\XnView.lnk [2013.01.23 00:15:55 | 000,001,711 | ---- | C] () -- C:\Users\Public\Desktop\PCSX2 1.0.0 (r5350).lnk [2013.01.20 18:51:03 | 000,001,257 | ---- | C] () -- C:\Users\***********\Desktop\Play Free Games.lnk [2013.01.20 18:51:03 | 000,001,060 | ---- | C] () -- C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk [2013.01.20 18:51:03 | 000,001,052 | ---- | C] () -- C:\Users\***********\Desktop\iLivid.lnk [2013.01.16 16:12:20 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSBW_01_00_00.Wdf [2013.01.16 16:12:16 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_lgSSQVGA_01_00_00.Wdf [2013.01.15 23:50:40 | 000,001,358 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.01.15 03:24:08 | 000,001,473 | ---- | C] () -- C:\Users\Public\Desktop\Blender.lnk [2013.01.14 23:21:15 | 000,002,108 | ---- | C] () -- C:\Users\***********\Desktop\Blender.lnk [2013.01.14 18:43:18 | 734,717,352 | ---- | C] () -- C:\Users\***********\Desktop\Autodesk_3ds_Max_2010_English_WIN_32_Trial.exe [2013.01.12 15:01:33 | 000,003,120 | ---- | C] () -- C:\Windows\swkalpmlic.lf [2013.01.05 22:28:16 | 000,001,742 | ---- | C] () -- C:\Users\***********\Desktop\Free Video to JPG Converter.lnk [2012.10.05 20:44:05 | 001,589,248 | ---- | C] () -- C:\Windows\SysWow64\libmysql_d.dll [2012.08.03 21:52:59 | 001,414,144 | ---- | C] () -- C:\Windows\SysWow64\spk.dll [2012.07.31 15:15:31 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.07.24 12:47:40 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.07.06 19:20:53 | 000,010,240 | ---- | C] () -- C:\Windows\SysWow64\vidx16.dll [2012.06.23 13:55:09 | 000,004,096 | ---- | C] () -- C:\Windows\d3dx.dat [2012.05.11 00:22:21 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.04.28 12:35:36 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2012.04.28 11:57:54 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.04.28 11:33:19 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.04.28 11:29:19 | 000,002,857 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.05.10 17:21:23 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Acreon [2012.08.19 00:24:52 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Babylon [2012.09.16 18:18:55 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Black Sea Studios [2013.01.11 01:38:19 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Blender Foundation [2012.11.24 18:48:36 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Code Force Limited [2013.01.14 02:30:42 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DAEMON Tools Lite [2013.01.23 00:52:42 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DeepBurner [2013.01.05 22:28:10 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DVDVideoSoft [2012.10.31 18:25:51 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\DVDVideoSoftIEHelpers [2012.09.19 17:32:15 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\ExpressFiles [2013.01.12 14:46:57 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\fltk.org [2012.09.19 17:34:19 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\IClaro [2013.01.13 18:30:36 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\IsolatedStorage [2013.01.18 00:36:20 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Might & Magic Heroes VI [2012.10.31 18:25:44 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\OpenCandy [2012.04.28 13:34:27 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\OpenOffice.org [2012.08.17 15:21:53 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Opera [2013.01.14 03:11:03 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\PowerISO [2012.11.13 22:12:15 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\ScummVM [2012.12.03 23:30:39 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Sytexis Software [2012.05.10 21:58:23 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\TS3Client [2012.10.02 00:05:54 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\TuneUp Software [2013.01.15 01:07:08 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\Wings3D [2013.01.23 23:19:51 | 000,000,000 | ---D | M] -- C:\Users\***********\AppData\Roaming\XnView ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 24 bytes -> C:\Windows:C7A7DE9264C648FF @Alternate Data Stream - 133 bytes -> C:\ProgramData\TEMP:05EE1EEF @Alternate Data Stream - 116 bytes -> C:\ProgramData\TEMP:A85D770C < End of report > --- --- --- Hier noch einerOTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.02.2013 12:14:04 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\********\Desktop 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,23 Gb Available Physical Memory | 65,40% Memory free 15,99 Gb Paging File | 13,02 Gb Available in Paging File | 81,43% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1862,92 Gb Total Space | 1431,22 Gb Free Space | 76,83% Space Free | Partition Type: NTFS Computer Name: SPIELE-PC | User Name: ********* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html[@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) .html [@ = Opera.HTML] -- C:\Program Files (x86)\Opera\Opera.exe (Opera Software) [HKEY_USERS\S-1-5-21-1047081900-3411316267-2860860215-1001\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net) Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. htmlfile [edit] -- Reg Error: Key error. http [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) https [open] -- "C:\Program Files (x86)\Opera\Opera.exe" "%1" (Opera Software) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- "C:\Program Files (x86)\Smart File Advisor\sfa.exe" /unknown "%1" (Filefacts.net) Directory [AddToPlaylistVLC] -- C:\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- C:\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00B673B8-B20D-44D2-B266-75BA83B642DA}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{0948D55D-DFEF-4C83-8BD0-78EBDA21C628}" = rport=139 | protocol=6 | dir=out | app=system | "{0CDAE02D-014C-4A2C-9877-2AE3EDC590A0}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{11679F17-D19E-4FF7-B032-0E8207094887}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{123A8CF5-3703-4CD3-8F67-78896CB979FC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{16803D55-D9E4-45ED-AAE2-C6C74C5C3556}" = lport=10243 | protocol=6 | dir=in | app=system | "{1A1E2A44-E78B-4A67-9DEC-9BD0221B16D3}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1A9DE177-8DE7-4C48-8CA0-678B7FE8CE38}" = lport=2869 | protocol=6 | dir=in | app=system | "{36145819-3049-4EA4-9D35-F11A7A26CFC1}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{3ADA1291-5E10-4A8D-9533-42F4168B7AEA}" = lport=139 | protocol=6 | dir=in | app=system | "{456EC708-1B9B-435B-A280-BAD2A96C8BD9}" = lport=138 | protocol=17 | dir=in | app=system | "{45E087CC-A57A-4614-A251-4A2A0ADE2334}" = rport=137 | protocol=17 | dir=out | app=system | "{49AE1483-756B-4E6C-AB3C-9A6F1364899B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{65E74793-154A-42AF-9947-A3C5582B3A6A}" = rport=445 | protocol=6 | dir=out | app=system | "{71DBD24A-60F9-4BD3-8A50-04CE9DEB3567}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{826E07A3-8548-469F-A0BB-DE073638C14B}" = rport=138 | protocol=17 | dir=out | app=system | "{836015DA-6FE1-401E-8CDF-B2C3F317C7E7}" = rport=10243 | protocol=6 | dir=out | app=system | "{972C024E-F330-41EF-AAED-3346E59C8BF3}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{99259A9C-6F8B-4239-A4E2-990CC865662E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A4D8684D-C1B3-4B35-ABA6-E488490692B3}" = lport=445 | protocol=6 | dir=in | app=system | "{BA774335-60C2-4D0B-AF09-F7E8655F20A4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{DACA5FD1-4D35-4E5A-924A-881666257F9A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{DF5C80FA-EECD-4C82-BA70-711AAA329ACD}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{F809325B-B3DA-4D92-9F46-8C2EDA9B321A}" = lport=137 | protocol=17 | dir=in | app=system | "{FFEA8A00-D2EB-4132-A5F5-3E91C07FB390}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{042AE85D-0CBF-445E-BF64-DEA347CC416D}" = protocol=17 | dir=in | app=c:\earth 2160\earth2160_no_sse.exe | "{06C6743B-14AC-4CFA-BDAB-E941232FB22F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{07B407CF-A23D-4728-AD51-1C3C7B077E6F}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{08FC8458-72C5-4B54-A315-3381E3E97147}" = protocol=17 | dir=in | app=c:\iron sky invasion\ironsky_launcher.exe | "{0ACC7901-E21A-4530-AA50-AD111C3821AD}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | "{1143F500-70BC-4D88-9434-3DD7780E04E3}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\hpnetworkcommunicator.exe | "{1C6FBCAC-7D0A-46A7-A887-C95A7203D06E}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3tc.exe | "{23B7DAB0-C23D-4F6A-97FC-DB05BCAC8340}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{241D61D0-5F7E-4A2E-AD1B-35220E24502D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{249BAEAD-214C-4E72-86BA-D6BFDC4E79F7}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{24E65427-FBBF-4E15-8023-4487E9E5D3CF}" = protocol=17 | dir=in | app=c:\iron sky invasion\game\isi_dx9.exe | "{26B3CC80-06F2-47BE-A25D-5E8275892E73}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3ap.exe | "{2830F8C2-CEFE-4A46-87AB-B43E912DD38D}" = protocol=6 | dir=in | app=c:\two worlds ii\twoworlds2.exe | "{285E5A34-5865-4857-88B9-3DAD5B68E28F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{292AD7C7-F81A-4F41-8208-0077DD090C7F}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{3536631E-176E-4B58-B7DC-7E12471D662D}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{35ACE155-913B-49F2-B9F5-E29547F67F75}" = protocol=6 | dir=in | app=c:\iron sky invasion\game\ironsky.exe | "{45A40FC5-9FC0-464F-8956-78AB7388F0ED}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{468B1567-A98A-4156-B97E-6D5841EC7030}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{48CDDC01-B4D9-4743-99F0-7FC99E086202}" = protocol=17 | dir=in | app=c:\iron sky invasion\game\isi_dx11.exe | "{4B05B2FB-1DFE-48B7-97D1-34F3CB0CF825}" = protocol=6 | dir=in | app=c:\iron sky invasion\game\isi_dx9.exe | "{4D5BB992-A449-4012-91F3-66C09F3ACE95}" = protocol=6 | dir=in | app=c:\iron sky invasion\game\isi_dx11.exe | "{52891FFD-8BAE-4D55-92B1-4F58E27A7B81}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{550E9150-EB3D-4E4E-97B4-ADE49F1C5203}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{59F372A4-4058-4736-B3E1-03DE6C2C5D2A}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{61F1CDE8-37DF-4F9E-B44D-565DF3E8A3C9}" = protocol=17 | dir=in | app=c:\program files (x86)\opera\opera.exe | "{62AFDE5F-6CCC-40D7-A2E4-E5C4694F4B94}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{67D0940B-71AF-4C67-8476-6DFF16238FC4}" = protocol=6 | dir=in | app=c:\earth 2160\earth2160_no_sse.exe | "{687AA798-547B-48F0-B254-8B59BF9CB516}" = protocol=6 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{6C36B508-762D-47CF-9C45-71FFF3676BAA}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | "{6F455E05-9665-4223-846C-3E18D2A60D8D}" = protocol=17 | dir=in | app=c:\users\********\downloads\sweetimsetup.exe | "{71FB6CD3-7F34-4972-AE65-43CD338F49E2}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{75E715B8-4C49-4BA2-A9A9-3A1384C03029}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressdl.exe | "{7633ED0A-882B-4464-B6F1-9D670587E183}" = protocol=17 | dir=in | app=c:\steam\steam.exe | "{8454CDD3-1D00-4E38-84B8-982B5D123EAE}" = protocol=6 | dir=in | app=c:\might & magic heroes vi\might & magic heroes vi.exe | "{8E2DC8D8-C016-447F-B1E4-EE1E600537A7}" = protocol=17 | dir=in | app=c:\iron sky invasion\game\ironsky.exe | "{9A98351F-B46A-4C17-9EE9-9C510142C86F}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{9B670403-346D-476C-B864-E2DC482B52F5}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | "{9C511158-EA04-4CE0-B6CF-23C36626490A}" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{A12EEE3D-A9C0-43E6-96AA-93A4FAD73183}" = protocol=6 | dir=in | app=c:\iron sky invasion\ironsky_launcher.exe | "{A15172B9-7133-433A-A832-91773DAB7A6D}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe | "{A588486D-7F3B-4E02-9BB2-20653DF04548}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{A5AB329F-4A6A-40C7-B075-891FD130ADCB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{AA9BB4CD-12EE-4A95-A217-50ED64C55CEC}" = protocol=6 | dir=in | app=c:\earth 2160\earth2160_sse.exe | "{ADAF1055-A684-491D-BD44-B838B438A474}" = dir=in | app=c:\program files\hp\hp photosmart 5510d series\bin\devicesetup.exe | "{B2265CD3-9B67-4040-87DD-1DC6778632F0}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\sid meier's civilization v\launcher.exe | "{BA02A378-B57E-45D5-BF39-462AA0877CFD}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{BD63CC63-9CF4-4F16-8D68-48E7ED6C3998}" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ubisoft game launcher\ubisoftgamelauncher.exe | "{BE9718B4-B606-412A-9C60-B6D9C80330C4}" = protocol=17 | dir=in | app=c:\might & magic heroes vi\might & magic heroes vi.exe | "{C45E539B-CC77-447F-83B0-EF904FFA7289}" = protocol=17 | dir=in | app=c:\program files (x86)\expressfiles\expressfiles.exe | "{CD94F62A-3FCF-4AA5-84AB-4F91832ECB25}" = protocol=6 | dir=in | app=c:\program files (x86)\opera\pluginwrapper\opera_plugin_wrapper.exe | "{CE014FA6-2608-47D2-818A-2EF4D393E68B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{D0BAA2E5-1F45-4EDF-9EA4-B638D2B08D03}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{D0FB189F-7032-4489-9D05-F030AB7464F7}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{D14F7031-D679-4605-97E5-B1A580E62767}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe | "{D5E09EA5-ECBF-4BC3-968D-6F2E3B66F0BC}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | "{D66ACF59-C1CB-4962-B8E2-DF4E8D158660}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{DCF656F8-C1B9-4411-B4DB-1ECB5CFE9D57}" = protocol=17 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{E8099ACC-4628-455B-95F3-575494A7F65C}" = protocol=17 | dir=in | app=c:\two worlds ii\twoworlds2.exe | "{E903F530-174E-46C1-80B6-45EA8E5ACBAD}" = protocol=6 | dir=in | app=c:\steam\steamapps\common\risen 2\system\risen2.exe | "{EFC9D6FE-CF96-406D-BCC2-83AD5AFC7456}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3ap.exe | "{F0D41E68-EF59-41BC-9B59-50861F129326}" = protocol=6 | dir=in | app=c:\users\********\downloads\sweetimsetup.exe | "{F20EE43D-F35A-4FB3-B27B-3630E31B98B2}" = protocol=6 | dir=in | app=c:\program files (x86)\codemeter\runtime\bin\codemeter.exe | "{F239AB21-2269-4545-82BD-ABCBF80EBDDA}" = protocol=6 | dir=out | app=system | "{F3365183-D7CE-4026-B83F-ACB5D8D1C06C}" = protocol=17 | dir=in | app=c:\earth 2160\earth2160_sse.exe | "{F87C8EB8-1C37-4F2F-8802-F01B7C1EF2E2}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\x3 terran conflict\x3tc.exe | "{F8927661-AC94-473F-81A6-ECD7FEE8F5FE}" = protocol=17 | dir=in | app=c:\steam\steamapps\common\risen 2\system\risen2.exe | "{FA482E6C-C0B9-40E5-8956-0A2B25C142EB}" = protocol=6 | dir=in | app=c:\steam\steam.exe | "{FBD5147B-F5CF-44F4-8E6D-549A2E404101}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant "{323E134C-707D-4017-9768-D916A4D8F82E}" = HP Photosmart 5510d series - Grundlegende Software für das Gerät "{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 "{4E594F8A-B042-B61D-DADC-08822B630781}" = ATI Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{698EDD46-FC0B-926F-54DF-23B6BB20EDFC}" = AMD Drag and Drop Transcoding "{852AFE33-BB5C-1A0A-586E-9402D9895992}" = ccc-utility64 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{B45B5123-C009-F8B4-FE93-45B42C8A786F}" = ATI AVIVO64 Codecs "{BF9FD124-1112-4C8D-8F79-779A11C6287D}" = Logitech GamePanel Software 3.05.151 "{F32470D7-B3F5-44CF-B11B-4C70EB640182}" = Studie zur Verbesserung von HP Photosmart 5510d series Produkten "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Blender" = Blender "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime "{155F4A0E-76ED-45A2-91FB-FF2A2133C31A}" = Risen "{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YTD Video Downloader 3.9 "{1C6BA2FA-05BB-F6C0-3BDF-2C2DD4E39275}" = CCC Help Italian "{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F57656E-310B-D5C1-8B38-CD8BF09ADC31}" = CCC Help Russian "{1F8CE8A5-2C35-B10C-9EE4-EB3A937EF192}" = CCC Help Thai "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A554D04-7541-46F2-936C-B16490045A4C}" = Armada 2526 Gold "{2BC12018-4A32-E375-FF94-4830A1A9BD17}" = Catalyst Control Center Graphics Previews Common "{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0 "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{34EB6245-C8D0-4D8A-B8D8-EEBFF7A91485}" = Firebird SQL Server - MAGIX Edition "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3898934B-05AE-41CD-96BE-70DA9BFBCE1F}" = Microsoft XNA Framework Redistributable 3.0 "{3A7CEF01-FB6E-B492-0B99-E8C48B80040A}" = CCC Help English "{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{48BB3836-2F6F-B8F5-D5B4-106903E92F2F}" = Catalyst Control Center Localization All "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B5CB1BC-6D47-B0DA-9C22-1546F98A954F}" = CCC Help German "{4CDE3168-D060-4b7c-BC74-4D8F9BB01AFD}" = Python 3.2.2 "{4FA7C6E9-21D7-CFE5-E111-0ADD6DE0D49E}" = CCC Help Swedish "{5B87B431-0A03-4602-66E5-D6E84AACF15D}" = ccc-core-static "{5D21244C-75F4-4204-8B60-5DE662A245F1}" = CCC Help Finnish "{623B8278-8CAD-45C1-B844-58B687C07805}" = Bing Bar Platform "{647FDE6A-C7D5-D8AD-BCB6-3A69FC95C264}" = CCC Help Japanese "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{6B976ADF-8AE8-434E-B282-A06C7F624D2F}" = Python 2.5.2 "{6F545E5E-4595-11E2-93B6-B8AC6F97B88E}" = Google Earth "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{7447DBD6-E712-B7FD-3E1B-C82929E3DC94}" = Catalyst Control Center InstallProxy "{744F505A-D627-E778-6724-EE7C70F49789}" = CCC Help Turkish "{745D37C2-26F4-4B65-BA13-F9840EBFA75B}" = Might & Magic Heroes VI "{74AF34F6-ACF4-438C-9C7E-FA0307B60E45}" = IClaroInstaller "{77117A63-E036-9CBC-88AA-EA11FFDE706C}" = CCC Help Danish "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{7911C404-9AFA-4BB2-B9B7-E47423D87528}" = Knights Of Honor "{82D9302E-F209-4805-B548-52087047483A}" = Python 2.4 "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90FD66ED-BF27-2513-2D4C-5FA5EEA239C6}" = CCC Help Hungarian "{9190F5FB-B316-10E8-56A9-695110CAB551}" = CCC Help Spanish "{928B06E4-DDAA-476A-926A-641620326327}" = Microsoft Search Enhancement Pack "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer "{969F1D08-6246-2BAA-A4F8-4C2B291078DF}" = CCC Help Greek "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D8142BB-8AD4-A3F3-4191-CE02A9E5BFAB}" = CCC Help French "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch "{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B42BC17B-B545-E379-96E4-8709AB86034A}" = CCC Help Dutch "{B6A98E5F-D6A7-46FB-9E9D-1F7BF443491C}" = PMB "{B80BE2E3-EA77-53D4-7A56-C53D452E6D50}" = HydraVision "{BCC315E7-2E8F-4EFD-8A0B-F8F276FE73F2}" = YTD Toolbar v6.2 "{BF5B8A54-EE1E-B221-4C1E-4D9E5E93D7A6}" = CCC Help Chinese Traditional "{C1548201-53B0-EB9E-B662-D3E48406AF50}" = CCC Help Czech "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C7D2B6FB-A766-DAFB-3536-8219ED98EF5F}" = CCC Help Norwegian "{CC71BB44-D345-7591-D61B-9233464D6326}" = CCC Help Portuguese "{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE) "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{D1D40FB8-4DF3-8AC7-DB80-5030D6BD7E5F}" = CCC Help Korean "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{D554EA85-E14F-A09E-BF72-360CDC8C73F5}" = CCC Help Chinese Standard "{D903B6D5-B5E7-261E-F5F7-8784A1EC43EF}" = CCC Help Polish "{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E59ADA18-03DB-44F5-9EF5-0FA25E4D4384}" = HP Photosmart 5510d series Hilfe "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FC73D9BE-30BC-1BBF-3E7F-57F37E96AFEB}" = Catalyst Control Center Graphics Previews Vista "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "1ClickDownload" = Movie2KDownloader "7-Zip" = 7-Zip 4.65 "Activision_CTP2UninstallKey" = Call To Power 2 "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "ArkCORE" = ArkCORE 7.0 "Armada 2526 Gold" = Armada 2526 Gold "AVG Secure Search" = AVG Security Toolbar "Avira AntiVir Desktop" = Avira Internet Security 2012 "bgbennyboyEMIReplacementSetup_is1" = Escape From Monkey Island "Blender" = Blender (remove only) "CamStudio" = CamStudio "DAEMON Tools Lite" = DAEMON Tools Lite "DAEMON Tools Toolbar" = DAEMON Tools Toolbar "DealPly" = DealPly "Diablo III" = Diablo III "Distant Worlds1.0.7.0" = Distant Worlds "Dunkle Magie" = Dunkle Magie "DVDVideoSoftTB_DE Toolbar" = DVDVideoSoftTB DE Toolbar "Earth 2160" = Earth 2160 "Exact Audio Copy" = Exact Audio Copy 0.99pb3 "FormatFactory" = FormatFactory 3.0.1 "Fraps" = Fraps (remove only) "Free Video Dub_is1" = Free Video Dub version 2.0.12.706 "Free Video to JPG Converter_is1" = Free Video to JPG Converter version 5.0.21.1212 "Free YouTube Download_is1" = Free YouTube Download version 3.1.37.918 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.34.1015 "Google Chrome" = Google Chrome "Gothic II" = Gothic II "Guild Wars 2" = Guild Wars 2 "HP Photo Creations" = HP Photo Creations "iLivid" = iLivid "Iron Sky Invasion" = Iron Sky Invasion "MAGIX Filme auf DVD TerraTec Edition D" = MAGIX Filme auf DVD TerraTec Edition 7.0.3.8 (D) "MAGIX Online Druck Service D" = MAGIX Online Druck Service "MAGIX Screenshare D" = MAGIX Screenshare "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100 "McAfee Security Scan" = McAfee Security Scan Plus "MegaTrainer eXperience_is1" = MegaTrainer eXperience V1.1.3.6 "Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Opera 12.13.1734" = Opera 12.13 "pcsx2-r5350" = PCSX2 - Playstation 2 Emulator "PremiumSoft Navicat Lite_is1" = PremiumSoft Navicat Lite 10.0 "RealPlayer 16.0" = RealPlayer "Recover My Files v5_is1" = Recover My Files "Red Alert 2" = Command & Conquer Alarmstufe Rot 2 "ScummVM_is1" = ScummVM 1.5.0 "Smart Data Recovery_is1" = Smart Data Recovery v4.3 "Smart File Advisor_is1" = Smart File Advisor 1.1.1 "Steam App 201310" = X3: Albion Prelude "Steam App 24400" = King Arthur - The Role-playing Wargame "Steam App 2820" = X3: Terran Conflict "Steam App 40390" = Risen 2 - Dark Waters "Steam App 8930" = Sid Meier's Civilization V "SUPER ©" = SUPER © Version 2010.bld.37 (Jan 2, 2010) "TeamSpeak 3 Client" = TeamSpeak 3 Client "TerraTec Grabby" = TerraTec Grabby V5.09.0813.00 "Tiberian Sun" = Command & Conquer Teil 3: Operation Tiberian Sun "Two Worlds II" = Two Worlds II "UltraISO_is1" = UltraISO Premium V9.53 "vfd-ob" = VideoFileDownload "Video Fixer 3.23_is1" = Video Fixer 3.23 "VLC media player" = VLC media player 0.9.8a "Wajam" = Wajam "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR "WOLAPI" = Gemeinsam genutzte Internet-Komponenten von Westwood "World of Warcraft" = World of Warcraft "World of Warcraft Public Test" = World of Warcraft Public Test "X Plugin Manager" = X Plugin Manager 2.12 "X3TerranConflict_is1" = X3 Terran Conflict v3.2 "Xadrian" = Xadrian "XnView_is1" = XnView 1.99.6 "X-Universe Plugin Manager_is1" = X-Universe Plugin Manager 1.47 "Yuri's Revenge" = Command && Conquer Alarmstufe Rot 2 - Yuris Rache ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-1047081900-3411316267-2860860215-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 30.01.2013 10:49:40 | Computer Name = Spiele-PC | Source = Application Hang | ID = 1002 Description = Programm firefox.exe, Version 18.0.1.4764 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 18d4 Startzeit: 01cdfef8c8588564 Endzeit: 38 Anwendungspfad: C:\Program Files (x86)\Mozilla Firefox\firefox.exe Berichts-ID: 443e887c-6aec-11e2-a3eb-6cf049e3327a Error - 30.01.2013 21:17:08 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 31.01.2013 09:45:57 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 31.01.2013 09:45:57 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 31.01.2013 16:22:26 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 01.02.2013 06:53:14 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 01.02.2013 11:14:57 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 01.02.2013 20:38:34 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 02.02.2013 07:41:24 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 02.02.2013 21:32:01 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". Error - 03.02.2013 06:22:24 | Computer Name = Spiele-PC | Source = Customer Experience Improvement Program | ID = 1008 Description = Error - 03.02.2013 11:01:40 | Computer Name = Spiele-PC | Source = VSS | ID = 8194 Description = Error - 03.02.2013 11:23:55 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\*************i\Downloads\SoftonicDownloader_fuer_filerecovery.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 03.02.2013 12:16:59 | Computer Name = Spiele-PC | Source = Application Error | ID = 1000 Description = Name der fehlerhaften Anwendung: iexplore.exe, Version: 9.0.8112.16457, Zeitstempel: 0x50a2f9e3 Name des fehlerhaften Moduls: PriceGongIE.dll, Version: 3.5.3.0, Zeitstempel: 0x4e8d7e1a Ausnahmecode: 0xc0000005 Fehleroffset: 0x00008e14 ID des fehlerhaften Prozesses: 0xe18 Startzeit der fehlerhaften Anwendung: 0x01ce0229cc2d26ff Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Internet Explorer\iexplore.exe Pfad des fehlerhaften Moduls: C:\Users\*********\AppData\LocalLow\DVDVideoSoftTB_DE\plugins\{5E1360DC-8FA8-40df-A8CD-FC3831B3634B}\3.5.3\bin\PriceGongIE.dll Berichtskennung: 229a027c-6e1d-11e2-a817-6cf049e3327a Error - 03.02.2013 13:15:25 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842832 Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\**********\Downloads\SoftonicDownloader_fuer_filerecovery.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_420fe3fa2b8113bd.manifest. Komponente 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16661_none_fa62ad231704eab7.manifest. Error - 03.02.2013 14:10:50 | Computer Name = Spiele-PC | Source = Application Hang | ID = 1002 Description = Programm Gw2.exe, Version 1.0.0.1 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 1b7c Startzeit: 01ce0239925d1e58 Endzeit: 24502 Anwendungspfad: C:\Program Files (x86)\Guild Wars 2\Gw2.exe Berichts-ID: f987aaea-6e2c-11e2-9c67-6cf049e3327a Error - 03.02.2013 19:44:16 | Computer Name = Spiele-PC | Source = SideBySide | ID = 16842785 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe". Die abhängige Assemblierung "rpshellextension.1.0,language="*",type="win32",version="1.0.0.0"" konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm "sxstrace.exe". [ System Events ] Error - 03.02.2013 14:50:53 | Computer Name = Spiele-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolume4" den Befehl "chkdsk" aus. Error - 03.02.2013 15:23:40 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.02.2013 15:24:10 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.02.2013 16:53:55 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.02.2013 16:54:21 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.02.2013 17:59:46 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 03.02.2013 17:59:50 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.02.2013 05:31:51 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.02.2013 05:31:55 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SVKP" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 04.02.2013 07:08:57 | Computer Name = Spiele-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "MySQL501" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > Geändert von Irgendwer200 (04.02.2013 um 12:52 Uhr) |
04.02.2013, 14:58 | #4 |
/// Helfer-Team | Habe mir den Bundespolizeivirus eingefangen! Bitte das Malwarebytes Logfile posten! (Reiter Logdateien) Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Ersetze die *** Sternchen wieder in den Benutzernamen zurück! Code:
ATTFilter :OTL SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) [2013.01.19 19:56:55 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess @Alternate Data Stream - 24 bytes -> C:\Windows:C7A7DE9264C648FF @Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:05EE1EEF @Alternate Data Stream - 116 bytes -> C:\ProgramData\Temp:A85D770C [2013.01.20 18:50:15 | 000,000,000 | ---D | C] -- C:\Users\**********\AppData\Local\iLivid [2013.01.20 18:51:03 | 000,001,052 | ---- | M] () -- C:\Users\**********\Desktop\iLivid.lnk [2013.01.20 18:51:03 | 000,001,060 | ---- | C] () -- C:\Users\***********\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iLivid.lnk [2013.01.20 18:51:03 | 000,001,052 | ---- | C] () -- C:\Users\***********\Desktop\iLivid.lnk [2013.02.03 17:37:47 | 095,023,320 | ---- | M] () -- C:\ProgramData\slpcsrj.pad [2013.02.03 15:56:01 | 000,003,272 | ---- | M] () -- C:\ProgramData\slpcsrj.js [2013.02.03 15:56:01 | 000,000,153 | ---- | M] () -- C:\ProgramData\slpcsrj.reg [2013.02.03 15:56:01 | 000,000,082 | ---- | M] () -- C:\ProgramData\slpcsrj.bat :Files C:\ProgramData\*.exe C:\ProgramData\*.dll C:\ProgramData\*.tmp C:\ProgramData\TEMP C:\Users\***********\*.tmp C:\Users\***********\AppData\Local\Temp\*.exe C:\Users\***********\AppData\LocalLow\Sun\Java\Deployment\cache %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup unctf.lnk ipconfig /flushdns /c :Commands [emptytemp]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen! 2. Schritt Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers danach: 3. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
06.04.2013, 13:18 | #5 |
/// Helfer-Team | Habe mir den Bundespolizeivirus eingefangen! Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
Themen zu Habe mir den Bundespolizeivirus eingefangen! |
abgesicherte, abgesicherten, datei, datein, eingefangen, endgültig, externe, externen, formatiere, formatieren, frage, gefangen, gelegt, gen, laufwerk, meldung, modus, rechner, stunde, systemwiederherstellung, versuch, versucht, win 7, windows, windows 7 |