|
Log-Analyse und Auswertung: Tcbhn wurde beendet und geschlossenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
03.05.2013, 11:09 | #1 |
| Tcbhn wurde beendet und geschlossen Hallo Trojaner Board ! Erstmal zu meinem Problem. Ich bin ja ein leidenschaftlicher "Zocker" und mein Spiel minimiert sich IMMER nach 30 minuten und dann erscheint eine Meldung: "Tcbhn wurde beendet und geschlossen". Ich hab es schon mit Adwcleaner versucht weil ich dies in einem anderen Beitrag gelesen habe. Aber ich komm einfach nicht klar was ich machen soll. Vielleicht muss ich was anderes bei meinen Ergebnissen downloaden.. Naja jedenfalls brauche ich Hilfe und eine ausführliche Anleitung wie ich diesen Virus weg kriege ... Ich bedanke mich schon mal sehr bei euch für die Hilfe ! Desweiteren wünsche ich euch einen schönen Tag noch ! Grüße Finlayx3 |
03.05.2013, 11:46 | #2 |
/// Helfer-Team | Tcbhn wurde beendet und geschlossenDownloade Dir bitte Malwarebytes Anti-Malware
dann: Systemscan mit OTL (bebilderte Anleitung) Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe
__________________ |
03.05.2013, 12:35 | #3 |
| Tcbhn wurde beendet und geschlossen Hallo und Danke für die schnelle antwort. Einmal die Log Datein von OTL
__________________Code:
ATTFilter OTL logfile created on: 03.05.2013 13:06:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mama\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,58% Memory free 6,22 Gb Paging File | 4,29 Gb Available in Paging File | 69,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 243,55 Gb Free Space | 42,27% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 9,66 Gb Free Space | 48,29% Space Free | Partition Type: FAT32 Computer Name: FINLAY | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Mama\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation) PRC - C:\Programme\Steam\Steam.exe (Valve Corporation) PRC - C:\Users\Mama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.) PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Users\Mama\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation) PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software) PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) PRC - C:\Programme\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) PRC - C:\Programme\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) PRC - C:\Programme\Logitech\Logitech Vid\Vid.exe (Logitech Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\Steam\bin\chromehtml.dll () MOD - C:\Programme\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll () MOD - C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll () MOD - C:\Programme\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll () MOD - C:\Programme\Steam\bin\libcef.dll () MOD - C:\Programme\Steam\SDL2.dll () MOD - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\chromeNPAPI.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\49fb1905333f84fce2906ea3d2571084\WindowsFormsIntegration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a40abd2f2caf5cb5c4509dd5fb552eda\UIAutomationProvider.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll () MOD - C:\Programme\Steam\bin\avcodec-53.dll () MOD - C:\Programme\Steam\bin\avformat-53.dll () MOD - C:\Programme\Steam\bin\avutil-51.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll () MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Programme\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll () MOD - C:\Programme\Logitech\Logitech Vid\plugins\imageformats\qico4.dll () MOD - C:\Programme\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll () MOD - C:\Programme\Logitech\Logitech Vid\SDL.dll () MOD - C:\Programme\Logitech\Logitech Vid\qtxml4.dll () MOD - C:\Programme\Logitech\Logitech Vid\QtWebKit4.dll () MOD - C:\Programme\Logitech\Logitech Vid\qtsql4.dll () MOD - C:\Programme\Logitech\Logitech Vid\QtOpenGL4.dll () MOD - C:\Programme\Logitech\Logitech Vid\QtNetwork4.dll () MOD - C:\Programme\Logitech\Logitech Vid\QtGui4.dll () MOD - C:\Programme\Logitech\Logitech Vid\QtCore4.dll () MOD - C:\Programme\Logitech\Logitech Vid\phonon4.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll () ========== Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ca0e279.dll () SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.) SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation) SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found DRV - (XDva392) -- C:\Windows\system32\XDva392.sys File not found DRV - (WinRing0_1_2_0) -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (apf003) -- C:\Windows\System32\apf003.sys () DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc) DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices) DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software) DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software) DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software) DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software) DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software) DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software) DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.) DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC) DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices) DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys () DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.) DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.) DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.) DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc) DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation) DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices) DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation) DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation) DRV - (Xponaut_WBD) -- C:\Windows\System32\drivers\xpntwbd.sys (Xponaut) DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.g-hacks.com/ IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.g-hacks.com/ IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\URLSearchHook: - No CLSID value found IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{0D432877-63B3-415B-9577-D3FC5DA32390}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms} IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{B4161FEA-551B-4473-A787-7988B75981D7}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050 IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local> IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1005\..\SearchScopes,DefaultScope = ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.selectedEngine: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.01.31 FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0 FF - prefs.js..extensions.enabledAddons: bbrs_003%40blabbers.com:1.0.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mama\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mama\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.30 15:08:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 19:00:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 19:00:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.20 20:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Extensions [2013.04.29 15:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\uv1rw8f8.default\extensions [2013.04.29 15:10:14 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\uv1rw8f8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670} [2013.04.09 14:05:56 | 000,000,000 | ---D | M] (Ginyas Browser Companions) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com [2013.02.03 22:05:53 | 000,021,561 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\leethax@leethax.net.xpi [2013.03.14 16:41:52 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2013.04.14 21:47:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire [2013.04.14 21:50:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire [2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\266efba29a8dc2649e413548c9af865c_expire [2013.04.02 18:29:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire [2013.04.14 21:50:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire [2013.04.02 18:29:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\4b11d64dc5896effc80eff8c4ad28411_expire [2013.02.03 22:05:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire [2013.04.14 21:47:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\4e6cace4f315fec36500e6b8d99cc694_expire [2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\559d3b97ddd036cd43981f82bb643a6b_expire [2013.04.14 21:50:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire [2013.04.14 21:50:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire [2013.04.14 21:50:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire [2013.03.21 20:26:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire [2013.04.14 21:50:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire [2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\bc417bfcd62af75b6bf321501f63d514_expire [2013.03.21 20:26:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire [2013.05.01 14:32:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\c93f2aa3f7ed8c08097d4d5c3c2c61e1_expire [2013.02.06 18:49:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire [2013.02.03 22:05:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire [2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire [2012.09.21 19:28:11 | 000,002,089 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\searchplugins\Startpins.xml [2013.04.28 19:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.28 19:00:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.01.17 02:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 02:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.01.17 02:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.01.17 02:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 02:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 02:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://search.privitize.com/?aff=7 CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\ CHR - Extension: YouTube = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Ginyas Browser Companions = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\ CHR - Extension: Google-Suche = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Stylish = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\ CHR - Extension: avast! WebRep = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\ CHR - Extension: Skype Click to Call = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\ CHR - Extension: Google Mail = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Programme\GinyasBrowserCompanions\jsloader.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found. O3 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found. O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Akamai NetSession Interface] C:\Users\Mama\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.) O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.) O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Spotify] C:\Users\Mama\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Spotify Web Helper] C:\Users\Mama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd) O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B6E2F78-D6B6-4DE4-9759-F4065F0AF8A4}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF66AEF1-032F-4555-A953-B9FB3CE89EB7}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.05.10 12:18:32 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ] O33 - MountPoints2\{7a9f60a6-e132-11e1-8be2-8c89a56d33df}\Shell - "" = AutoRun O33 - MountPoints2\{7a9f60a6-e132-11e1-8be2-8c89a56d33df}\Shell\AutoRun\command - "" = I:\autorun\autorun.exe O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.05.03 13:04:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe [2013.05.03 12:25:22 | 000,408,576 | ---- | C] (xdcrossmang GmbH) -- C:\Users\Mama\Desktop\XDC Public Hack Loader v.6.exe [2013.05.02 18:53:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\MFAData [2013.05.02 18:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData [2013.05.02 18:53:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\Avg2013 [2013.05.02 09:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2013.05.02 09:24:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.05.02 09:24:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.05.02 09:24:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.30 11:00:06 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\GNHacks [2013.04.28 19:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.28 18:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\iMacros [2013.04.28 18:11:42 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Neuer Ordner [2013.04.28 14:23:12 | 015,453,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll [2013.04.28 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs [2013.04.28 13:54:49 | 000,017,344 | ---- | C] (Dll-Files.com) -- C:\Windows\System32\roboot.exe [2013.04.27 17:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011 [2013.04.27 17:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Landwirtschafts Simulator 2011 [2013.04.26 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\DeinHode Bunny Hop Hack 1.0 [2013.04.25 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\Microsoft Corporation [2013.04.25 13:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor [2013.04.24 19:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3 [2013.04.24 19:19:35 | 000,000,000 | ---D | C] -- C:\Python33 [2013.04.12 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate [2013.04.12 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate [2013.04.12 18:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue [2013.04.12 18:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue [2013.04.10 21:50:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 21:50:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 21:50:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 21:50:53 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 21:50:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.10 21:50:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 21:50:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.10 21:50:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.10 16:35:27 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 16:35:27 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 16:35:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.10 16:35:23 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll [2013.04.10 16:35:21 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.09 13:32:39 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\MSDCSC [2013.04.06 20:28:08 | 000,094,208 | ---- | C] (Python Software Foundation) -- C:\Windows\pyw.exe [2013.04.06 20:25:14 | 002,653,184 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python33.dll [2013.04.06 20:24:36 | 000,093,696 | ---- | C] (Python Software Foundation) -- C:\Windows\py.exe [2013.04.04 12:56:31 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Epvp INTROS [2013.04.03 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.04.03 19:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.03 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.03 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update [2013.04.03 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.03 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Sony Creative Software Inc [2013.04.03 17:30:11 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Hacken1 [2013.04.03 14:23:26 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Beleidigungen etc [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.03 13:18:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job [2013.05.03 13:04:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe [2013.05.03 13:03:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2809430191-2561511874-1137215038-1000UA.job [2013.05.03 13:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job [2013.05.03 12:58:29 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job [2013.05.03 12:58:28 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job [2013.05.03 12:49:04 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 12:49:02 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.03 12:43:47 | 000,014,264 | ---- | M] () -- C:\Windows\System32\Dir.dll [2013.05.03 12:43:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.03 12:29:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.03 12:25:09 | 000,168,381 | ---- | M] () -- C:\Users\Mama\Desktop\XDC+Public+Hack+Loader+v.6.rar [2013.05.03 11:09:33 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job [2013.05.03 10:49:39 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.03 10:48:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.03 10:48:48 | 3218,661,376 | -HS- | M] () -- C:\hiberfil.sys [2013.05.02 19:00:35 | 000,628,743 | ---- | M] () -- C:\Users\Mama\Desktop\AdwCleaner.exe [2013.05.02 17:01:35 | 000,408,576 | ---- | M] (xdcrossmang GmbH) -- C:\Users\Mama\Desktop\XDC Public Hack Loader v.6.exe [2013.05.02 16:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2809430191-2561511874-1137215038-1000Core.job [2013.05.02 11:58:42 | 000,121,856 | ---- | M] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2013.05.01 10:34:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.30 11:29:06 | 000,040,960 | ---- | M] () -- C:\aim1 [2013.04.30 11:29:06 | 000,000,256 | ---- | M] () -- C:\aim [2013.04.28 14:27:51 | 000,009,188 | ---- | M] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat [2013.04.27 18:01:43 | 352,149,294 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.04.27 17:58:35 | 000,001,084 | ---- | M] () -- C:\Users\Mama\Desktop\Landwirtschafts Simulator 2011 Platin-Edition.lnk [2013.04.27 17:46:05 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol [2013.04.25 15:34:05 | 004,439,073 | ---- | M] () -- C:\Users\Mama\Desktop\Rob & Chris - Superheld [SPEED UP ] By GleichFinlay.mp3 [2013.04.23 17:45:47 | 066,420,326 | ---- | M] () -- C:\Users\Mama\Documents\IRON MAN 3 - Trailer D.mp4 [2013.04.23 14:54:44 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk [2013.04.15 18:48:11 | 000,685,292 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.15 18:48:11 | 000,641,416 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.15 18:48:11 | 000,151,090 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.15 18:48:11 | 000,122,666 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.14 11:57:40 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.04.14 11:57:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.04.12 19:42:15 | 000,000,963 | ---- | M] () -- C:\Users\Mama\Desktop\Elsword.lnk [2013.04.11 17:30:06 | 035,777,954 | ---- | M] () -- C:\Users\Mama\Documents\Lights by Ellie Goulding [Lyric Video].mp4 [2013.04.11 17:26:02 | 027,210,270 | ---- | M] () -- C:\Users\Mama\Documents\Tomorrowland 2012 - Million Voices In My Mind.mp4 [2013.04.11 16:12:00 | 000,017,344 | ---- | M] (Dll-Files.com) -- C:\Windows\System32\roboot.exe [2013.04.11 12:35:28 | 000,380,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.09 19:36:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.04.06 20:28:08 | 000,094,208 | ---- | M] (Python Software Foundation) -- C:\Windows\pyw.exe [2013.04.06 20:25:14 | 002,653,184 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python33.dll [2013.04.06 20:24:36 | 000,093,696 | ---- | M] (Python Software Foundation) -- C:\Windows\py.exe [2013.04.06 19:57:02 | 005,976,981 | ---- | M] () -- C:\Users\Mama\Documents\Linkin Park - Numb [Lyrics].mp3 [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2013.04.03 19:36:41 | 000,000,947 | ---- | M] () -- C:\Users\Mama\Desktop\vegas110.exe - Verknüpfung.lnk [1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.03 12:43:43 | 000,014,264 | ---- | C] () -- C:\Windows\System32\Dir.dll [2013.05.03 12:25:07 | 000,168,381 | ---- | C] () -- C:\Users\Mama\Desktop\XDC+Public+Hack+Loader+v.6.rar [2013.05.02 19:00:29 | 000,628,743 | ---- | C] () -- C:\Users\Mama\Desktop\AdwCleaner.exe [2013.05.01 10:34:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.28 16:07:42 | 000,040,960 | ---- | C] () -- C:\aim1 [2013.04.27 18:01:43 | 352,149,294 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.04.27 17:58:35 | 000,001,084 | ---- | C] () -- C:\Users\Mama\Desktop\Landwirtschafts Simulator 2011 Platin-Edition.lnk [2013.04.25 15:33:58 | 004,439,073 | ---- | C] () -- C:\Users\Mama\Desktop\Rob & Chris - Superheld [SPEED UP ] By GleichFinlay.mp3 [2013.04.25 13:24:28 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk [2013.04.23 17:40:31 | 066,420,326 | ---- | C] () -- C:\Users\Mama\Documents\IRON MAN 3 - Trailer D.mp4 [2013.04.18 11:44:11 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2013.04.12 19:42:15 | 000,000,963 | ---- | C] () -- C:\Users\Mama\Desktop\Elsword.lnk [2013.04.11 17:27:32 | 035,777,954 | ---- | C] () -- C:\Users\Mama\Documents\Lights by Ellie Goulding [Lyric Video].mp4 [2013.04.11 17:22:23 | 027,210,270 | ---- | C] () -- C:\Users\Mama\Documents\Tomorrowland 2012 - Million Voices In My Mind.mp4 [2013.04.06 19:56:53 | 005,976,981 | ---- | C] () -- C:\Users\Mama\Documents\Linkin Park - Numb [Lyrics].mp3 [2013.04.03 19:56:05 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.04.03 19:36:41 | 000,000,947 | ---- | C] () -- C:\Users\Mama\Desktop\vegas110.exe - Verknüpfung.lnk [2013.02.05 18:40:03 | 001,391,616 | ---- | C] () -- C:\Windows\Win.dll [2013.02.04 16:49:28 | 001,428,992 | ---- | C] () -- C:\Windows\GData.dll [2013.01.19 14:41:51 | 001,382,400 | ---- | C] () -- C:\Windows\gdi.dll [2013.01.02 21:14:09 | 008,018,000 | ---- | C] () -- C:\Users\Mama\ts3_recording_13_01_02_20_14_8.wav [2012.12.30 22:31:52 | 000,008,704 | ---- | C] () -- C:\Windows\System32\ph.dll [2012.12.23 22:48:43 | 000,008,192 | ---- | C] () -- C:\Windows\System32\hack.dll [2012.12.23 13:47:01 | 001,376,768 | ---- | C] () -- C:\Windows\Data.dll [2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll [2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe [2012.09.27 19:10:51 | 000,000,092 | ---- | C] () -- C:\Users\Mama\AppData\Local\fusioncache.dat [2012.09.10 20:06:49 | 000,001,100 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d8caps.dat [2012.09.07 10:59:43 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys [2012.09.07 10:59:43 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys [2012.08.09 09:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll [2012.08.09 09:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll [2012.08.08 20:37:28 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat [2012.07.31 23:06:55 | 000,000,061 | ---- | C] () -- C:\Windows\System32\SYSVCPDRV.SYS [2012.06.04 18:27:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini [2012.05.21 20:23:29 | 021,296,720 | ---- | C] () -- C:\Users\Mama\ts3_recording_12_05_21_20_23_26.wav [2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll [2012.04.18 18:11:22 | 000,000,070 | ---- | C] () -- C:\Windows\wiso.ini [2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat [2012.02.11 20:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat [2012.01.27 21:27:48 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2011.11.17 20:47:14 | 000,000,600 | ---- | C] () -- C:\Users\Mama\AppData\Local\PUTTY.RND [2011.11.17 19:09:49 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll [2011.10.25 18:31:29 | 002,484,592 | ---- | C] () -- C:\Windows\System32\pbsvc_p4f.exe [2011.10.25 14:10:02 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2011.10.25 14:10:02 | 000,138,056 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\PnkBstrK.sys [2011.10.25 14:09:34 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2011.10.25 14:09:27 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2011.10.21 17:25:53 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll [2011.09.24 19:51:38 | 000,121,856 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2011.09.11 14:20:45 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll [2011.09.11 14:20:45 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll [2011.08.29 14:43:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.08.29 14:43:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.08.28 20:48:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2011.08.28 15:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.28 14:53:20 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.08.28 14:51:17 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.08.28 13:29:24 | 000,000,032 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT [2011.08.28 13:20:18 | 000,009,188 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat [2011.06.08 23:49:42 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== Alternate Data Streams ========== @Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86 < End of report > Code:
ATTFilter OTL Extras logfile created on: 03.05.2013 13:06:50 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Mama\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,58% Memory free 6,22 Gb Paging File | 4,29 Gb Available in Paging File | 69,02% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 576,16 Gb Total Space | 243,55 Gb Free Space | 42,27% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 9,66 Gb Free Space | 48,29% Space Free | Partition Type: FAT32 Computer Name: FINLAY | User Name: Mama | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Classes\<extension>] .html [@ = ChromeHTML] -- Reg Error: Key error. File not found ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 "VistaSp1" = Reg Error: Unknown registry data type -- File not found "VistaSp2" = Reg Error: Unknown registry data type -- File not found [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 "DoNotAllowExceptions" = 0 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{04049F02-0C1F-40EA-99A3-2CF485EEF36B}" = rport=138 | protocol=17 | dir=out | app=system | "{0496C212-F54E-4F6E-B8F1-FFBC55F01D0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{0BC76374-022E-4295-B15D-7991C3695FED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{16726531-3988-4664-9945-70B40C9CADB9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{196DDCCD-B8CB-444B-94BC-AFBB543627E3}" = rport=137 | protocol=17 | dir=out | app=system | "{1E50C8C6-D4AD-4658-9F80-19CEB1FAA469}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | "{1F0897BA-3948-40FC-A9AE-ABE36ED36EED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | "{1F6DCD65-96D0-417A-8171-D3049599630A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{246E8C02-0BEF-40B9-912C-795B7AB5C130}" = rport=10243 | protocol=6 | dir=out | app=system | "{2D242257-67A8-464D-B4ED-38DF2A87175A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{3399FD0F-D945-4643-9844-4687D25B2508}" = lport=137 | protocol=17 | dir=in | app=system | "{39A83C53-8FCE-4619-A053-34C2621BD507}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{67225C6E-E3AA-4495-8EEA-66ECB3F0AC67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | "{6C9110F9-F028-4E88-A824-A2D50BAA6D32}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{73999683-5C92-4622-867E-2F84B4035C1F}" = lport=445 | protocol=6 | dir=in | app=system | "{8252B1B4-0424-4742-B4B2-44C1B556BD88}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{8F6B5D52-2491-47DF-8192-8D8626D0666A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A662FD03-5CAC-4933-9F18-01F35B221CAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{A9C56874-D42E-46FC-B414-AA8B69F7A967}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | "{B9A0F876-B982-4611-8492-70DD03E6316D}" = lport=2869 | protocol=6 | dir=in | app=system | "{BAC62789-EF57-46BD-B838-966637CB321E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BC76CF89-2A08-4E03-9EDD-B57E88087EE6}" = lport=10243 | protocol=6 | dir=in | app=system | "{C2DC8C86-96CE-4F8A-B42A-8EE7C0AB3A0F}" = lport=139 | protocol=6 | dir=in | app=system | "{CBCD6416-06CB-4CA2-98F9-8EB4A7F1DF5A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | "{CECB3A49-07B6-477C-AFFF-86B1FE90C2BE}" = rport=139 | protocol=6 | dir=out | app=system | "{D0723529-BACF-4466-9A34-B1652C2B5D0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{D4728676-0890-4966-9981-AEBE01A26110}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{D48ABC43-0585-4CEA-AEFB-6EAA226B21B6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | "{E16B1E1E-E6BC-40D7-A603-07EC8D946244}" = lport=138 | protocol=17 | dir=in | app=system | "{E738BAB1-3898-4FED-8F2C-88855E3C057A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{E89DC12A-10C6-4591-90D4-70AAFC1427DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{EBEE553B-5946-4D70-B764-49C3848F3212}" = rport=445 | protocol=6 | dir=out | app=system | "{F807FA00-204B-4485-A56B-0239F5D9EAD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{00EBE49E-E34F-4098-93A8-B4A15772C505}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{0D31BE89-14D9-42F9-94DD-54AEC4286759}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{16B22B3A-41EE-4094-B329-5CD922B42B4A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\itzdom3\counter-strike source\hl2.exe | "{18995837-1D5A-4AD3-A7D1-35CF3F2807B3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{19977839-03EF-48BF-878D-80D09479210C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{1D7B13A2-9345-427E-A8BA-549F9DD92F91}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | "{1DAB1E2A-6ECB-44D9-8B5D-5CD0BA114B1B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | "{2077E164-70A4-493A-BC77-5826508B4F1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{21B48C98-5154-4663-92A8-A3B453DA1492}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{2217B297-EFC1-4230-B259-CEE2E5E8DD09}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{23C14692-0132-450E-98E1-D94CDCF7D4C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{2841E01A-0B8C-4D06-88BE-2F1F63552638}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{2A6DC975-E5D4-4355-9BEC-1707968D0641}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{2E80C738-A981-43C4-818F-D6775B33EFE8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | "{2E982B9E-C97B-4207-AC8D-0F0E775DFE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3464B3EF-E7FA-4199-BA6E-69EF06E7E899}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{35AA03C0-D4A5-4A99-A7E7-2AD9FB8BE2DC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{388F4BFB-F576-4DCB-85CE-ACD42CEA2193}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{39158DF1-28E6-4918-B057-2000034682FE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\jcsetup.exe | "{3A42F71B-8A36-40D3-843C-1057A8076FDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{3B277CBB-D048-45F5-B367-BCBEDA16BEA5}" = protocol=58 | dir=in | app=system | "{3C1E440B-E936-44F5-86E7-59EDF5385F88}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{4570A0A1-F03F-422E-AFB3-B84EF641F876}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{45BF64EB-3B16-48EA-9BB3-21D672ECB076}" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\akamai\netsession_win.exe | "{45D6080A-830B-4749-8D0C-E6E708F8AE4B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{473B9168-50C5-41A3-BE6F-E23B2071E2E5}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{49EF2118-CF9A-4DD8-8BBC-1C303C2C5CAE}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{4B403600-1ADA-44DF-9C30-FBC68FB948E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{4C77DB86-B98A-4A5E-A356-F1CB3228263F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{50695D2C-BFA8-408F-984F-76B0382CECBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{5094F336-8521-4E13-B7FA-336D849B856B}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | "{5428ED3E-19F1-432F-AE1F-2EF4525C9BE7}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | "{572A134C-AB27-4D8B-AE04-35FE0FB1169E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\itzdom3\counter-strike source\hl2.exe | "{587BA19F-FFB4-4D40-82B4-97A33AED2F9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{6598FC98-147B-48F3-9DB4-96249C7F5E91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{6AAD97D0-D573-4F88-90F6-B00022777016}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | "{6B6E032C-7239-45CF-9BF9-05F3CF2ED0E2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{6C35B9E7-8B33-4DE6-9A90-EDE0D5B23825}" = dir=in | app=c:\brickforce\brickforce.exe | "{75F92B3E-2A6B-48D3-9F84-23A045369AC3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{7828DA5E-72D7-4806-A295-B5A2DCF00A31}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | "{803F01A8-A816-4D21-A89B-7B6C7C02F8DD}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{8130E2E9-8807-43AB-A0FF-E5B2F4250FB7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | "{83F11A02-4EBD-4C59-AB89-26EA9CEABD22}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{849D5D88-53AA-48E4-ABC5-7303DEA91D22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{872ECEB2-17F8-49DC-B898-CE53EE96F806}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe | "{8744506E-FF76-45EA-B6EE-6FC2463313FE}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{87CA300D-18B1-475C-A300-082398542E59}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | "{8BBF5D06-A324-46C9-AD68-87515C38854B}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | "{8D058154-1492-40D6-972F-D580471E8736}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | "{8DF5611D-25BD-425E-A551-F643547E60F5}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | "{8F0F47CD-4A52-4A5C-B22A-297196819275}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | "{8F3EB327-1F4D-4621-A44D-778C63C85FE7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | "{90DB3332-7CF8-42F1-8417-5E58F422B1FA}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{9200CEAF-963E-4E5C-B20B-099815AB757C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\jcsetup.exe | "{9549A161-4CE4-464E-8FB0-A801A1214943}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{96395198-1978-41CC-ACD9-A9DF6C767AE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\justcausedemo.exe | "{970361DF-3C38-4022-83AF-B603AFFACE6B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe | "{9A3B81C0-72E3-4E25-A616-5985FFAA19BF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | "{9AF15A1A-48F5-4F3D-9E75-E8CC19D8B7D2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\justcausedemo.exe | "{9DE8BA6C-8CA3-47AB-9F5C-4D218FFCEBE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | "{9FA1E26C-628A-49D6-9CEF-6C27E482C3F7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | "{A2CE67EF-4261-4D3B-8EAB-1B81A711AE5E}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | "{A3EE64F2-662C-46A5-A5F8-5CC581F9E9F5}" = dir=in | app=c:\brickforce\bflauncher.exe | "{AC9DB568-DBF4-41EE-8EF9-2E4D2EA98B21}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | "{ADBFB534-A6BC-4329-90B3-3F52CB30B59A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{B4794336-EB04-488A-A08A-8E3A59C0DE21}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | "{B4BACF79-15E1-4BA6-91CB-1AEC02F72C70}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | "{B5893A32-EB40-4796-9821-822905F921EF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | "{B721FA9B-895C-42B5-B799-7021E339DD5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB88B2B6-787C-4EEE-B5B9-0A665CB29D97}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | "{BD8DF874-127E-4853-8D04-FBA5A5BA4ABF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{BDFAB2AE-2F11-420C-A10E-42648A552E52}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{BE427EAF-05A8-484A-83D7-D79A1B22CB42}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | "{BEE792F1-0B68-4DC7-A857-371846A9401B}" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\akamai\netsession_win.exe | "{C0785B60-C1E5-4510-8920-DA92555EA1F5}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | "{C08CB3CA-F6EE-4F65-B730-77C22C692DCE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | "{C5583F45-05E6-421C-B383-1B5049C20341}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | "{C722A281-D8F7-477B-962D-7DA9F19E14C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{C9540B2F-FFFB-4FF4-95A8-342C5A7C6A26}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{C986946C-2192-4870-BD5C-22BA0C5D04A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{D89CB620-E87B-448C-B03A-0549440C2FCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{D92648E6-A70B-4770-9E28-08A87739B489}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | "{E02B5609-A6FB-4062-A64A-0EA7A5471FE9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | "{E6DD4485-3A96-4452-97A4-0DED88107D97}" = protocol=6 | dir=out | app=system | "{EEF0DDBC-D5A5-44D9-879D-AF98E9AFF380}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | "{EF6D1553-657A-45AB-BBFA-33002B0012B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | "{F3E16550-517A-4881-BBEB-E613017CEE19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | "{F60AE8D8-4A65-4F08-993E-D856316DEE90}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{F8B32C48-2E01-42E3-BCA6-D3F9DAD0C8C5}" = dir=in | app=c:\users\mama\appdata\local\facebook\video\skype\facebookvideocalling.exe | "{FA8DBD26-5D18-4549-B12A-49BD3FEB0E40}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | "{FADE9593-6A2A-4940-93F7-1297FEB9428A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{FB08938E-0CD1-4632-A99C-C9F7438C5FA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | "TCP Query User{07BE950D-A03B-4DFF-AF79-BEE1CAAF0247}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe | "TCP Query User{24FD8A6D-F950-47CF-B253-E0DC8E20D93B}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin | "TCP Query User{383A436B-B7D3-4B1E-ADB0-E3055E99A5A7}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | "TCP Query User{4146C8B9-EC6F-4F65-BE70-B1538BE6663C}C:\users\mama\desktop\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\metin2client.bin | "TCP Query User{4F444BC9-F6BF-4430-9883-98A61C84CE83}C:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe | "TCP Query User{5F971FC6-7652-4253-9C2A-464E84A24EEC}C:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe | "TCP Query User{6E1B2BBE-122E-42D2-ABD5-021680507E53}C:\users\mama\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\spotify\spotify.exe | "TCP Query User{82FFF8B6-DA83-45C9-A94E-95C34A2869CC}C:\users\mama\games\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\users\mama\games\tom clancy's h.a.w.x\hawx.exe | "TCP Query User{891AFF27-3BFB-4282-BCD2-4B18DE77D6DA}C:\users\mama\desktop\hardcore reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\metin2client.bin | "TCP Query User{A06503AC-851D-4704-A413-74F4E0A05BE2}C:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe | "TCP Query User{A4AF484D-057D-4087-A4E6-BBD252E53A85}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "TCP Query User{B40967AA-5432-4787-AA70-7D608B330F0D}C:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin | "TCP Query User{C2336282-3BC3-43AB-9C64-11BEE4BC5340}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "TCP Query User{E5469A79-4685-400F-952C-43131E4793ED}C:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe | "TCP Query User{FB3FB0FF-09D1-4168-AA5E-22A92F2A30DE}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | "UDP Query User{0C394EE7-69A1-4E17-8AEE-41C61940354E}C:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe | "UDP Query User{3181AD3A-3258-4D37-B013-EB2F933811D6}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | "UDP Query User{37C19EB8-9855-4D65-BD73-C63C5A3B98F6}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin | "UDP Query User{3BCD4A9D-187D-4535-85D7-C12F9FD006A3}C:\users\mama\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\spotify\spotify.exe | "UDP Query User{3CC69E4A-D7FC-4B92-A9A1-086CD285CD1E}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | "UDP Query User{506AB8F9-89AC-4A96-BD93-B42B8D738F31}C:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe | "UDP Query User{6C57BF31-CA0F-4055-BEF8-8F60FFD6E998}C:\users\mama\games\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\users\mama\games\tom clancy's h.a.w.x\hawx.exe | "UDP Query User{94283DEC-6B37-4C17-BE51-05442E359E2A}C:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin | "UDP Query User{A61670EE-BD03-4F23-A5ED-90DAA4F81E00}C:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe | "UDP Query User{AB45D71A-8B2E-463B-A05C-A48524889F7D}C:\users\mama\desktop\hardcore reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\metin2client.bin | "UDP Query User{B6E04D6C-90B8-493F-97D1-33F2C0F3AAF1}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | "UDP Query User{C96FC727-5623-4E35-A2D6-AE7F40ABD0E7}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe | "UDP Query User{CA499705-9B1B-4679-ABEA-1A46E6557EE1}C:\users\mama\desktop\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\metin2client.bin | "UDP Query User{CD55C47D-1DCA-4520-B8DF-F81759F4A782}C:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe | "UDP Query User{F8AD885B-8DAD-4050-AB0B-1651516CE12B}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00C84D22-DB8F-4159-BF70-682B8EA56A1E}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01) "{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU "{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources "{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu "{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas "{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish "{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer "{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan "{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi "{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1 "{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai "{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan "{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg "{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK "{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client "{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center "{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger "{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU "{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update "{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions "{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish "{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 "{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service "{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{28A2EF20-B486-685D-6642-829180ED7683}" = ccc-utility "{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service "{2A3CC014-FA33-4027-AECD-9A4845223209}" = Microsoft SQL Server 2012 Native Client "{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727 "{2FEC5714-F642-4258-8336-E596A1494860}" = Messenger Plus! Community Smartbar "{30640168-E261-4261-B8FF-7FA5E0F6A2F1}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom "{3143EA86-CF89-4E22-91BB-25B28CE23AED}" = 2350_Help "{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery "{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish "{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant "{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack "{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources "{3C1ED1BF-B7B9-4DED-90E2-B9B0C1ED12C1}" = IObit Toolbar v6.9 "{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese "{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech "{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}" = Entity Framework Designer für Visual Studio 2012 - DEU "{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0 "{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012 "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1 "{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch "{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid "{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV "{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV "{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety "{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager "{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II "{5CBB00A9-CAA2-406A-B149-65343CD6A86E}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service "{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack "{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI "{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE "{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder "{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant "{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects "{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German "{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish "{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder "{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian "{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists "{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists "{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core "{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax "{7BCB4F1F-4864-4808-95F6-44BEF497EADB}" = NVIDIA PhysX "{7CC4FADE-70AC-4560-9418-639D71A4767C}" = Microsoft SQL Server Compact 4.0 SP1 DEU "{7F1F9EC3-2A14-11B1-9111-526F36E7739B}" = AMD Fuel "{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform "{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer "{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder "{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007 "{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime "{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian "{8D7507C3-DF2B-4740-8700-8227C2C7AE81}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät "{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT "{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007 "{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007 "{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007 "{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007 "{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007 "{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007 "{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU "{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable "{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack "{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5 "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector "{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch "{9611BFC7-0C25-48D9-927B-DB5D0D5562CB}" = Microsoft SQL Server 2012 Express LocalDB "{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard "{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant "{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status "{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster "{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor "{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend" "{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail "{9D7EF9D6-212E-3C87-AB96-ED9F2A6C3218}" = Microsoft .NET Framework 4.5 DEU Language Pack "{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe "{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5 "{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional "{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy "{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime "{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter "{A38310A9-0AAF-4815-856D-63DAE3D7DFF1}" = Microsoft SQL Server 2012 Command Line Utilities "{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy "{A6FC405C-6C58-4ACF-AC41-E999261E76E9}" = 2350Trb "{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All "{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common "{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer "{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch "{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh "{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime "{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter "{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie "{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.38 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0807 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish "{B644D34F-0296-11E2-938E-F04DA23A5C58}" = Vegas Pro 11.0 "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese "{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0 "{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists "{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287 "{b9ed8a90-8d53-3960-b93b-d383c65ffc80}" = Python 3.3.1 "{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety "{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm "{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software "{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common "{C369380E-92AC-425C-943A-E911077C5449}" = Eazfuscator.NET "{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections "{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant "{C716522C-3731-4667-8579-40B098294500}" = Toolbox "{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common "{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1 "{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder "{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek "{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1 "{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform "{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack "{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform "{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh "{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU "{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish "{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport "{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software "{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10 "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}" = AMD Catalyst Install Manager "{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker "{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}" = Microsoft SQL Server Data Tools - DEU (11.1.20828.01) "{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English "{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger "{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext "{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential "{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply "{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F3757C8B-6552-4EA5-9451-B933A55170BC}" = 2350 "{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5 "{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support "{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian "{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials "{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework "{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008 "{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727 "{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR "{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0 "{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp "{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 "4Story_DE_is1" = 4Story DE 4.0.167 "888poker" = 888poker "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Akamai" = Akamai NetSession Interface Service "Audacity_is1" = Audacity 2.0 "avast" = avast! Free Antivirus "Bandicam" = Bandicam "BandiMPEG1" = Bandisoft MPEG-1 Decoder "Brick-Force" = Brick-Force "CCleaner" = CCleaner "CdCoverCreator" = CdCoverCreator 2.5.3 "com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant "Comanche 4" = Comanche 4 "Crossfire Europe" = Crossfire Europe "DAEMON Tools Lite" = DAEMON Tools Lite "Diablo III" = Diablo III "Elsword_DE_is1" = Elsword_DE "ENTERPRISE" = Microsoft Office Enterprise 2007 "FarmingSimulator2011_PLATINUMDE_is1" = Landwirtschafts Simulator 2011 "FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013 "Fraps" = Fraps (remove only) "GinyasBrowserCompanions" = GinyasBrowserCompanions "Google Chrome" = Google Chrome "HighwayNights" = Cobra 11 - Highway Nights (remove only) "HP Imaging Device Functions" = HP Imaging Device Functions 8.0 "HP Photo Creations" = HP Photo Creations "HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0 "HPExtendedCapabilities" = HP Customer Participation Program 8.0 "HPOCR" = HP OCR Software 8.0 "HyperCam 2" = HyperCam 2 "InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II "LogMeIn Hamachi" = LogMeIn Hamachi "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Metin2_is1" = Metin2 "Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1 "Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU "Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1 "Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0 "Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU "Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0 "Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU "Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "PhotoScape" = PhotoScape "Picasa 3" = Picasa 3 "PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 10.0 "PunkBusterSvc" = PunkBuster Services "Real Heroes - Firefighter_is1" = Real Heroes Firefighter "Simple Port Forwarding" = Simple Port Forwarding "Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer "Steam App 240" = Counter-Strike: Source "Steam App 42680" = Call of Duty: Modern Warfare 3 "Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer "Steam App 42710" = Call of Duty: Black Ops - Multiplayer "Steam App 42720" = Call of Duty Black Ops - Remote Console "Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server "Steam App 6930" = Just Cause Demo "TeamSpeak 3 Client" = TeamSpeak 3 Client "TeamViewer 8" = TeamViewer 8 "Totalcmd" = Total Commander (Remove or Repair) "VLC media player" = VLC media player 2.0.1 "WinLiveSuite" = Windows Live Essentials "WinRAR archiver" = WinRAR 4.01 (32-Bit) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Akamai" = Akamai NetSession Interface "Spotify" = Spotify "UnityWebPlayer" = Unity Web Player ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 23.09.2012 10:11:15 | Computer Name = Mama-PC | Source = VSS | ID = 8194 Description = Error - 23.09.2012 10:28:19 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 10:28:19 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 13:28:12 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 13:28:13 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 13:55:03 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 13:55:03 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 13:55:18 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 13:55:18 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. Error - 23.09.2012 14:00:56 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830 Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen bereits aktiven Komponentenversion. Die widersprüchlichen Komponenten sind: Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest. Komponente 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest. [ System Events ] Error - 02.05.2013 13:06:03 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001 Description = Error - 02.05.2013 13:06:03 | Computer Name = Finlay | Source = Service Control Manager | ID = 7026 Description = Error - 02.05.2013 13:08:01 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001 Description = Error - 02.05.2013 13:08:01 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001 Description = Error - 02.05.2013 14:14:28 | Computer Name = Finlay | Source = bowser | ID = 8003 Description = Error - 03.05.2013 04:50:32 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001 Description = Error - 03.05.2013 04:50:32 | Computer Name = Finlay | Source = Service Control Manager | ID = 7026 Description = Error - 03.05.2013 04:50:37 | Computer Name = Finlay | Source = DCOM | ID = 10016 Description = Error - 03.05.2013 04:52:02 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001 Description = Error - 03.05.2013 04:52:02 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001 Description = < End of report > |
03.05.2013, 12:40 | #4 |
/// Helfer-Team | Tcbhn wurde beendet und geschlossen Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast! (Reiter Logdateien) |
03.05.2013, 12:42 | #5 |
| Tcbhn wurde beendet und geschlossen Vergessen sorry ! Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.01.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Mama :: FINLAY [Administrator] 01.05.2013 10:36:03 mbam-log-2013-05-01 (10-36-03).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 550303 Laufzeit: 2 Stunde(n), 19 Minute(n), 51 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\Mama\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 26 C:\$Recycle.Bin\S-1-5-21-2809430191-2561511874-1137215038-1000\$RGV3O2Z.rar (Ttrojan.MSIL.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\OneHitCF 12.4.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\onehitcrossfire.zip (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\GNHacks Injector.exe (Ttrojan.MSIL.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Anwendungen\DH.exe (Malware.Packer.T) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Anwendungen\SonyVegasKeygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Finlay´s Spiele\Metin2 und Spiele\hack.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Spam-Bot (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Spam-Bot (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Switch-Bot (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Switch-Bot (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Tools einstellen (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Tools einstellen (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Upp-Tool (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Upp-Tool (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Neuer Ordner (3)\Blacknight-2011\metin2Client.dll (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Neuer Ordner (3)\Blacknight-2011\pack\start.epx (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Spieleordner\Hack\Hacken.exe.exe (Trojan.Agent.XC) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Desktop\Müll!!\Keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Games\Downloads\Keygen.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\Games\Downloads\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\system.gdat (Trojan.BadVMP) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Mama\Downloads\Downloads\MChilliPepper.zip (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Mama\Downloads\Downloads\SAMP-MH (1).rar (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows.old\Users\Mama\Downloads\Downloads\SAMP-MH.rar (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Mama\AppData\Roaming\dclogs\2013-04-09-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) |
03.05.2013, 12:46 | #6 |
/// Helfer-Team | Tcbhn wurde beendet und geschlossen Trojan.Agent.XC C:\Users\Mama\Desktop\Spieleordner\Hack\Hacken.exe.exeTrojan.Agent.CK C:\Users\Mama\Desktop\Müll!!\Keygen.exeRiskWare.Tool.HCK C:\Users\Mama\Games\Downloads\Keygen.exeRiskWare.Tool.CK C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Anwendungen\SonyVegasKeygen.exeTrojan.Agent.H C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Finlay´s Spiele\Metin2 und Spiele\hack.exeStolen.Data C:\Users\Mama\AppData\Roaming\dclogs Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex. Schon mal darueber nachgedacht, warum es Cracks gibt? Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner. Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben. Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP 1. Datenrettung:
2. Formatieren, Windows neu instalieren:
3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html ich werde außerdem noch weitere punkte dazu posten. 4. alle Passwörter ändern! 5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________ --> Tcbhn wurde beendet und geschlossen |
03.05.2013, 12:55 | #7 |
| Tcbhn wurde beendet und geschlossen Oh man oh man ! Keygen war ja nur für Sony Vegas geeignet und den hab ich von nem Freund bekommen und der hat so nen Problem nicht :S .. . Würde das Problem behoben werden wenn ich mir ein Neues Betriebssystem kaufe ggf. Windows 7 bei mir weil ich ja gerade Windows Vista habe ... |
03.05.2013, 14:09 | #8 |
/// Helfer-Team | Tcbhn wurde beendet und geschlossen Windows 7 ist sehr zu empfehlen. |
Themen zu Tcbhn wurde beendet und geschlossen |
anderen, anderes, anleitung, beendet, beendet und geschlossen, ergebnisse, erscheint, flooder.spambot, geschlossen, hacktool.gamescheat.gen, malware.packer.t, meldung, minuten, riskware.tool.ck, riskware.tool.hck, schönen, stolen.data, tcbhn, trojan.agent, trojan.agent.ck, trojan.agent.h, trojan.agent.xc, trojan.badvmp, trojaner, trojaner board, ttrojan.msil.krypt |