Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Tcbhn wurde beendet und geschlossen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 03.05.2013, 11:09   #1
Finlayx3
 
Tcbhn wurde beendet und geschlossen - Icon23

Tcbhn wurde beendet und geschlossen



Hallo Trojaner Board !


Erstmal zu meinem Problem.

Ich bin ja ein leidenschaftlicher "Zocker" und mein Spiel minimiert sich IMMER nach 30 minuten und dann erscheint eine Meldung: "Tcbhn wurde beendet und geschlossen". Ich hab es schon mit Adwcleaner versucht weil ich dies in einem anderen Beitrag gelesen habe. Aber ich komm einfach nicht klar was ich machen soll. Vielleicht muss ich was anderes bei meinen Ergebnissen downloaden.. Naja jedenfalls brauche ich Hilfe und eine ausführliche Anleitung wie ich diesen Virus weg kriege ...

Ich bedanke mich schon mal sehr bei euch für die Hilfe !

Desweiteren wünsche ich euch einen schönen Tag noch !

Grüße

Finlayx3

Alt 03.05.2013, 11:46   #2
t'john
/// Helfer-Team
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen





Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.




dann:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________

Alt 03.05.2013, 12:35   #3
Finlayx3
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen



Hallo und Danke für die schnelle antwort. Einmal die Log Datein von OTL

Code:
ATTFilter
OTL logfile created on: 03.05.2013 13:06:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,58% Memory free
6,22 Gb Paging File | 4,29 Gb Available in Paging File | 69,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 243,55 Gb Free Space | 42,27% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,66 Gb Free Space | 48,29% Space Free | Partition Type: FAT32
 
Computer Name: FINLAY | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Mama\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Common Files\Steam\SteamService.exe (Valve Corporation)
PRC - C:\Programme\Steam\Steam.exe (Valve Corporation)
PRC - C:\Users\Mama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
PRC - C:\Programme\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
PRC - C:\Users\Mama\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
PRC - C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\Display\nvtray.exe (NVIDIA Corporation)
PRC - C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
PRC - C:\Windows\System32\atieclxx.exe (AMD)
PRC - C:\Windows\System32\atiesrxx.exe (AMD)
PRC - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
PRC - C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Programme\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
PRC - C:\Programme\HP\HP Deskjet 3070 B611 series\Bin\HPNetworkCommunicator.exe (Hewlett-Packard Co.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
PRC - C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Programme\Logitech\Logitech Vid\Vid.exe (Logitech Inc.)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
PRC - c:\Programme\Windows Defender\MpCmdRun.exe (Microsoft Corporation)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\Steam\bin\chromehtml.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.64\ppgooglenaclpluginchrome.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Programme\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Programme\Steam\bin\libcef.dll ()
MOD - C:\Programme\Steam\SDL2.dll ()
MOD - C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\chromeNPAPI.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsFormsIntegra#\49fb1905333f84fce2906ea3d2571084\WindowsFormsIntegration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\421cb77e6a4c21f94e3c5ddf766de23b\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e64304962098e90f0d3f4c33c1b080a6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\UIAutomationProvider\a40abd2f2caf5cb5c4509dd5fb552eda\UIAutomationProvider.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b5df40c22ab563a816103629e2ca99d4\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\004bc6615f9c06df5c98859d35149fe6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\b757806657fa5db2b1ed1a89b026b463\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\78157a494dc9a7e52be8840decfcd9cc\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\2cbdbc8bb7fcf0d7eb7a8d616e141d79\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\4d2c890606d2a3a43a90684115bfccfc\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\668c039655437b25586280e1fbff8ef0\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\a8080296b18898342ce986091c08b0a4\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\9126f2ff9fd9c05900f67e963ccc27ef\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\cc149d08e75f8c53cd28ac926b38c370\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\2227d1559f87943255069398608d5c56\mscorlib.ni.dll ()
MOD - C:\Programme\Steam\bin\avcodec-53.dll ()
MOD - C:\Programme\Steam\bin\avformat-53.dll ()
MOD - C:\Programme\Steam\bin\avutil-51.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll ()
MOD - C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\plugins\imageformats\qico4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\plugins\imageformats\qgif4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\SDL.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\qtxml4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\QtWebKit4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\qtsql4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\QtOpenGL4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\QtNetwork4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\QtGui4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\QtCore4.dll ()
MOD - C:\Programme\Logitech\Logitech Vid\phonon4.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (Akamai) -- c:\program files\common files\akamai/netsession_win_ca0e279.dll ()
SRV - (TeamViewer8) -- C:\Programme\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (Hamachi2Svc) -- C:\Programme\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD)
SRV - (AMD FUEL Service) -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV - (SQLWriter) -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe (Microsoft Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation)
SRV - (npggsvc) -- C:\Windows\System32\GameMon.des (INCA Internet Co., Ltd.)
SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (LVPrcSrv) -- C:\Programme\Common Files\logishrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (XDva401) -- C:\Windows\system32\XDva401.sys File not found
DRV - (XDva400) -- C:\Windows\system32\XDva400.sys File not found
DRV - (XDva399) -- C:\Windows\system32\XDva399.sys File not found
DRV - (XDva397) -- C:\Windows\system32\XDva397.sys File not found
DRV - (XDva392) -- C:\Windows\system32\XDva392.sys File not found
DRV - (WinRing0_1_2_0) -- C:\Program Files\IObit\Game Booster 3\Driver\WinRing0.sys File not found
DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found
DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found
DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found
DRV - (EagleXNt) -- C:\Windows\system32\drivers\EagleXNt.sys File not found
DRV - (EagleNT) -- C:\Windows\system32\drivers\EagleNT.sys File not found
DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV - (apf003) -- C:\Windows\System32\apf003.sys ()
DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (AODDriver4.1) -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\i386\aoddriver2.sys (Advanced Micro Devices)
DRV - (aswSnx) -- C:\Windows\System32\drivers\aswSnx.sys (AVAST Software)
DRV - (aswSP) -- C:\Windows\System32\drivers\aswSP.sys (AVAST Software)
DRV - (aswRdr) -- C:\Windows\System32\drivers\aswRdr.sys (AVAST Software)
DRV - (aswTdi) -- C:\Windows\System32\drivers\aswTdi.sys (AVAST Software)
DRV - (aswMonFlt) -- C:\Windows\System32\drivers\aswMonFlt.sys (AVAST Software)
DRV - (aswFsBlk) -- C:\Windows\System32\drivers\aswFsBlk.sys (AVAST Software)
DRV - (L1C) -- C:\Windows\System32\drivers\L1C60x86.sys (Atheros Communications, Inc.)
DRV - (SCREAMINGBDRIVER) -- C:\Windows\System32\drivers\ScreamingBAudio.sys (Screaming Bee LLC)
DRV - (amdiox86) -- C:\Windows\System32\drivers\amdiox86.sys (Advanced Micro Devices)
DRV - (LVPr2Mon) -- C:\Windows\System32\drivers\LVPr2Mon.sys ()
DRV - (PID_PEPI) -- C:\Windows\System32\drivers\LV302V32.SYS (Logitech Inc.)
DRV - (hamachi) -- C:\Windows\System32\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (RTHDMIAzAudService) -- C:\Windows\System32\drivers\RtHDMIV.sys (Realtek Semiconductor Corp.)
DRV - (ahcix86s) -- C:\Windows\System32\drivers\ahcix86s.sys (Advanced Micro Devices, Inc)
DRV - (AtiPcie) -- C:\Windows\System32\drivers\AtiPcie.sys (ATI Technologies Inc.)
DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation                                            )
DRV - (WSDPrintDevice) -- C:\Windows\System32\drivers\WSDPrint.sys (Microsoft Corporation)
DRV - (amdide) -- C:\Windows\System32\drivers\amdide.sys (Advanced Micro Devices)
DRV - (vmm) -- C:\Windows\System32\drivers\VMM.sys (Microsoft Corporation)
DRV - (VPCNetS2) -- C:\Windows\System32\drivers\VMNetSrv.sys (Microsoft Corporation)
DRV - (Xponaut_WBD) -- C:\Windows\System32\drivers\xpntwbd.sys (Xponaut)
DRV - (NPPTNT2) -- C:\Windows\System32\npptNT2.sys (INCA Internet Co., Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\URLSearchHook:  - No CLSID value found
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.g-hacks.com/
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.google.com
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.g-hacks.com/
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\URLSearchHook:  - No CLSID value found
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{0D432877-63B3-415B-9577-D3FC5DA32390}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\SearchScopes\{B4161FEA-551B-4473-A787-7988B75981D7}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1:9421;<local>
 
IE - HKU\S-1-5-21-2809430191-2561511874-1137215038-1005\..\SearchScopes,DefaultScope = 
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "ICQ Search"
FF - prefs.js..browser.search.selectedEngine: "ICQ Search"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.01.31
FF - prefs.js..extensions.enabledAddons: %7B81BF1D23-5F17-408D-AC6B-BD6DF7CAF670%7D:8.3.0
FF - prefs.js..extensions.enabledAddons: bbrs_003%40blabbers.com:1.0.5
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll ()
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@rocketlife.com/RocketLife Secure Plug-In Layer;version=1.0.5: C:\ProgramData\Visan\plugins\npRLSecurePluginLayer.dll (RocketLife, LLP)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Mama\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mama\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011.11.30 15:08:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 19:00:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.28 19:00:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
 
[2012.05.20 20:55:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Extensions
[2013.04.29 15:10:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\uv1rw8f8.default\extensions
[2013.04.29 15:10:14 | 000,000,000 | ---D | M] (iMacros for Firefox) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\uv1rw8f8.default\extensions\{81BF1D23-5F17-408D-AC6B-BD6DF7CAF670}
[2013.04.09 14:05:56 | 000,000,000 | ---D | M] (Ginyas Browser Companions) -- C:\Users\Mama\AppData\Roaming\mozilla\Firefox\Profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com
[2013.02.03 22:05:53 | 000,021,561 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\leethax@leethax.net.xpi
[2013.03.14 16:41:52 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.04.14 21:47:19 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\0324adea3b6ec02af09ea4ae9424591b_expire
[2013.04.14 21:50:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\2328e1768b820b18ab2f301c9ff88e2c_expire
[2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\266efba29a8dc2649e413548c9af865c_expire
[2013.04.02 18:29:11 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\292124057d00cb0fa73db6b90d079658_expire
[2013.04.14 21:50:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\38126fd00e0eb9d5ca912a5939b4755d_expire
[2013.04.02 18:29:13 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\4b11d64dc5896effc80eff8c4ad28411_expire
[2013.02.03 22:05:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\4d3d10bd28ff623813254a49b26be41f_expire
[2013.04.14 21:47:20 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\4e6cace4f315fec36500e6b8d99cc694_expire
[2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\559d3b97ddd036cd43981f82bb643a6b_expire
[2013.04.14 21:50:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\5c07ce6ac7fa7b9ff2f3fd7a4d77eef8_expire
[2013.04.14 21:50:47 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\72891ec935a3d247f2da6562ef29a005_expire
[2013.04.14 21:50:46 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\a2853631512ec717cfd936b9a1f41b5c_expire
[2013.03.21 20:26:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\a38dbdd1af07f4236d43e8fd995f57a6_expire
[2013.04.14 21:50:45 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\a7e0abb80dabcdbb6dbaec920aa126a0_expire
[2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\bc417bfcd62af75b6bf321501f63d514_expire
[2013.03.21 20:26:39 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\bf73732e1f0b76bac435293ba3880579_expire
[2013.05.01 14:32:02 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\c93f2aa3f7ed8c08097d4d5c3c2c61e1_expire
[2013.02.06 18:49:04 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\e919434ec29526b28593c426e4264271_expire
[2013.02.03 22:05:31 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\fa74672918974682c82b8d91dfbe0d6b_expire
[2013.04.28 17:55:23 | 000,000,013 | ---- | M] () (No name found) -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\extensions\bbrs_003@blabbers.com\chrome\content\cache\ff4d692d5e7cccbc4b3e9ef4062b1c6f_expire
[2012.09.21 19:28:11 | 000,002,089 | ---- | M] () -- C:\Users\Mama\AppData\Roaming\mozilla\firefox\profiles\uv1rw8f8.default\searchplugins\Startpins.xml
[2013.04.28 19:00:22 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.04.28 19:00:35 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2013.01.17 02:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.17 02:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.17 02:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.17 02:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.17 02:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.17 02:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.privitize.com/?aff=7
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\gcswf32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: Click to activate/deactivate ProxTube = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\aakchaleigkohafkfjfjbblobjifikek\1.2.0_0\
CHR - Extension: YouTube = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Ginyas Browser Companions = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\bpgoohpbdddibhlhdkenenmmlfofjfkh\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Stylish = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\1.1_0\
CHR - Extension: avast! WebRep = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\6.0.1374_0\
CHR - Extension: Skype Click to Call = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Google Mail = C:\Users\Mama\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Ginyas Browser Companion) - {2d8c4843-765f-4827-bafa-8c318284e4d8} - C:\Programme\GinyasBrowserCompanions\jsloader.dll ()
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {40C3CC16-7269-4B32-9531-17F2950FB06F} - No CLSID value found.
O3 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..\Toolbar\WebBrowser: (no name) - {C95A4E8E-816D-4655-8C79-D736DA1ADB6D} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Akamai NetSession Interface] C:\Users\Mama\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [HP Deskjet 3070 B611 series (NET)] C:\Program Files\HP\HP Deskjet 3070 B611 series\Bin\ScanToPCActivationApp.exe (Hewlett-Packard Co.)
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Logitech Vid] C:\Program Files\Logitech\Logitech Vid\vid.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [RGSC] C:\Program Files\Rockstar Games\Rockstar Games Social Club\RGSCLauncher.exe /silent File not found
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Spotify] C:\Users\Mama\AppData\Roaming\Spotify\Spotify.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000..\Run: [Spotify Web Helper] C:\Users\Mama\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1005..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2809430191-2561511874-1137215038-1000\..Trusted Ranges: Range1979 ([http] in Trusted sites)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.5.1)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4B6E2F78-D6B6-4DE4-9759-F4065F0AF8A4}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF66AEF1-032F-4555-A953-B9FB3CE89EB7}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img36.jpg
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2011.05.10 12:18:32 | 000,000,076 | ---- | M] () - D:\AUTORUN.INF -- [ FAT32 ]
O33 - MountPoints2\{7a9f60a6-e132-11e1-8be2-8c89a56d33df}\Shell - "" = AutoRun
O33 - MountPoints2\{7a9f60a6-e132-11e1-8be2-8c89a56d33df}\Shell\AutoRun\command - "" = I:\autorun\autorun.exe
O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell\configure\command - "" = E:\SETUP.EXE
O33 - MountPoints2\{adb99c99-d163-11e0-b80b-806e6f6e6963}\Shell\install\command - "" = E:\SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\Run.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.03 13:04:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2013.05.03 12:25:22 | 000,408,576 | ---- | C] (xdcrossmang GmbH) -- C:\Users\Mama\Desktop\XDC Public Hack Loader v.6.exe
[2013.05.02 18:53:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\MFAData
[2013.05.02 18:53:17 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.05.02 18:53:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\Avg2013
[2013.05.02 09:24:27 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2013.05.02 09:24:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.05.02 09:24:06 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.05.02 09:24:06 | 000,094,112 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.30 11:00:06 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\GNHacks
[2013.04.28 19:00:21 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.04.28 18:22:17 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\iMacros
[2013.04.28 18:11:42 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\Neuer Ordner
[2013.04.28 14:23:12 | 015,453,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\xlive.dll
[2013.04.28 13:54:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Logs
[2013.04.28 13:54:49 | 000,017,344 | ---- | C] (Dll-Files.com) -- C:\Windows\System32\roboot.exe
[2013.04.27 17:58:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Landwirtschafts Simulator 2011
[2013.04.27 17:57:25 | 000,000,000 | ---D | C] -- C:\Program Files\Landwirtschafts Simulator 2011
[2013.04.26 19:37:36 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\DeinHode Bunny Hop Hack 1.0
[2013.04.25 13:25:21 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Local\Microsoft Corporation
[2013.04.25 13:24:28 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2013.04.24 19:20:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Python 3.3
[2013.04.24 19:19:35 | 000,000,000 | ---D | C] -- C:\Python33
[2013.04.12 18:15:36 | 000,000,000 | ---D | C] -- C:\ProgramData\eSellerate
[2013.04.12 18:15:36 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\eSellerate
[2013.04.12 18:15:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
[2013.04.12 18:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\NewBlue
[2013.04.10 21:50:55 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2013.04.10 21:50:54 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2013.04.10 21:50:54 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2013.04.10 21:50:53 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2013.04.10 21:50:53 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2013.04.10 21:50:51 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2013.04.10 21:50:51 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2013.04.10 21:50:49 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2013.04.10 16:35:27 | 003,603,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2013.04.10 16:35:27 | 003,551,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2013.04.10 16:35:26 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll
[2013.04.10 16:35:23 | 000,376,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2013.04.10 16:35:21 | 002,049,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2013.04.09 13:32:39 | 000,000,000 | ---D | C] -- C:\Users\Mama\Documents\MSDCSC
[2013.04.06 20:28:08 | 000,094,208 | ---- | C] (Python Software Foundation) -- C:\Windows\pyw.exe
[2013.04.06 20:25:14 | 002,653,184 | ---- | C] (Python Software Foundation) -- C:\Windows\System32\python33.dll
[2013.04.06 20:24:36 | 000,093,696 | ---- | C] (Python Software Foundation) -- C:\Windows\py.exe
[2013.04.04 12:56:31 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Epvp INTROS
[2013.04.03 20:00:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
[2013.04.03 19:59:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2013.04.03 19:56:21 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2013.04.03 19:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2013.04.03 19:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2013.04.03 19:49:01 | 000,000,000 | ---D | C] -- C:\Users\Mama\AppData\Roaming\Sony Creative Software Inc
[2013.04.03 17:30:11 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Hacken1
[2013.04.03 14:23:26 | 000,000,000 | ---D | C] -- C:\Users\Mama\Desktop\Beleidigungen etc
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.03 13:18:01 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Stats Report.job
[2013.05.03 13:04:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mama\Desktop\OTL.exe
[2013.05.03 13:03:03 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2809430191-2561511874-1137215038-1000UA.job
[2013.05.03 13:00:01 | 000,000,336 | ---- | M] () -- C:\Windows\tasks\HP Photo Creations Communicator.job
[2013.05.03 12:58:29 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Chrome Watcher.job
[2013.05.03 12:58:28 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions FireFox Watcher.job
[2013.05.03 12:49:04 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 12:49:02 | 000,012,288 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 12:43:47 | 000,014,264 | ---- | M] () -- C:\Windows\System32\Dir.dll
[2013.05.03 12:43:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.03 12:29:26 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.03 12:25:09 | 000,168,381 | ---- | M] () -- C:\Users\Mama\Desktop\XDC+Public+Hack+Loader+v.6.rar
[2013.05.03 11:09:33 | 000,000,932 | ---- | M] () -- C:\Windows\tasks\GinyasBrowserCompanions Update Checker.job
[2013.05.03 10:49:39 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.03 10:48:54 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.03 10:48:48 | 3218,661,376 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.02 19:00:35 | 000,628,743 | ---- | M] () -- C:\Users\Mama\Desktop\AdwCleaner.exe
[2013.05.02 17:01:35 | 000,408,576 | ---- | M] (xdcrossmang GmbH) -- C:\Users\Mama\Desktop\XDC Public Hack Loader v.6.exe
[2013.05.02 16:03:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2809430191-2561511874-1137215038-1000Core.job
[2013.05.02 11:58:42 | 000,121,856 | ---- | M] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.05.01 10:34:22 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.30 11:29:06 | 000,040,960 | ---- | M] () -- C:\aim1
[2013.04.30 11:29:06 | 000,000,256 | ---- | M] () -- C:\aim
[2013.04.28 14:27:51 | 000,009,188 | ---- | M] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2013.04.27 18:01:43 | 352,149,294 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.27 17:58:35 | 000,001,084 | ---- | M] () -- C:\Users\Mama\Desktop\Landwirtschafts Simulator 2011  Platin-Edition.lnk
[2013.04.27 17:46:05 | 000,000,306 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.04.25 15:34:05 | 004,439,073 | ---- | M] () -- C:\Users\Mama\Desktop\Rob & Chris - Superheld [SPEED UP ] By GleichFinlay.mp3
[2013.04.23 17:45:47 | 066,420,326 | ---- | M] () -- C:\Users\Mama\Documents\IRON MAN 3 - Trailer D.mp4
[2013.04.23 14:54:44 | 000,000,959 | ---- | M] () -- C:\Users\Public\Desktop\TeamViewer 8.lnk
[2013.04.15 18:48:11 | 000,685,292 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.04.15 18:48:11 | 000,641,416 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.04.15 18:48:11 | 000,151,090 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.04.15 18:48:11 | 000,122,666 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.04.14 11:57:40 | 000,691,592 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2013.04.14 11:57:40 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2013.04.12 19:42:15 | 000,000,963 | ---- | M] () -- C:\Users\Mama\Desktop\Elsword.lnk
[2013.04.11 17:30:06 | 035,777,954 | ---- | M] () -- C:\Users\Mama\Documents\Lights by Ellie Goulding [Lyric Video].mp4
[2013.04.11 17:26:02 | 027,210,270 | ---- | M] () -- C:\Users\Mama\Documents\Tomorrowland 2012 - Million Voices In My Mind.mp4
[2013.04.11 16:12:00 | 000,017,344 | ---- | M] (Dll-Files.com) -- C:\Windows\System32\roboot.exe
[2013.04.11 12:35:28 | 000,380,504 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.04.09 19:36:18 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.04.06 20:28:08 | 000,094,208 | ---- | M] (Python Software Foundation) -- C:\Windows\pyw.exe
[2013.04.06 20:25:14 | 002,653,184 | ---- | M] (Python Software Foundation) -- C:\Windows\System32\python33.dll
[2013.04.06 20:24:36 | 000,093,696 | ---- | M] (Python Software Foundation) -- C:\Windows\py.exe
[2013.04.06 19:57:02 | 005,976,981 | ---- | M] () -- C:\Users\Mama\Documents\Linkin Park - Numb [Lyrics].mp3
[2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.04.04 05:35:08 | 000,094,112 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll
[2013.04.04 05:30:10 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe
[2013.04.04 05:29:44 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe
[2013.04.03 19:36:41 | 000,000,947 | ---- | M] () -- C:\Users\Mama\Desktop\vegas110.exe - Verknüpfung.lnk
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.03 12:43:43 | 000,014,264 | ---- | C] () -- C:\Windows\System32\Dir.dll
[2013.05.03 12:25:07 | 000,168,381 | ---- | C] () -- C:\Users\Mama\Desktop\XDC+Public+Hack+Loader+v.6.rar
[2013.05.02 19:00:29 | 000,628,743 | ---- | C] () -- C:\Users\Mama\Desktop\AdwCleaner.exe
[2013.05.01 10:34:22 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.28 16:07:42 | 000,040,960 | ---- | C] () -- C:\aim1
[2013.04.27 18:01:43 | 352,149,294 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.04.27 17:58:35 | 000,001,084 | ---- | C] () -- C:\Users\Mama\Desktop\Landwirtschafts Simulator 2011  Platin-Edition.lnk
[2013.04.25 15:33:58 | 004,439,073 | ---- | C] () -- C:\Users\Mama\Desktop\Rob & Chris - Superheld [SPEED UP ] By GleichFinlay.mp3
[2013.04.25 13:24:28 | 000,002,000 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2013.04.23 17:40:31 | 066,420,326 | ---- | C] () -- C:\Users\Mama\Documents\IRON MAN 3 - Trailer D.mp4
[2013.04.18 11:44:11 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2013.04.12 19:42:15 | 000,000,963 | ---- | C] () -- C:\Users\Mama\Desktop\Elsword.lnk
[2013.04.11 17:27:32 | 035,777,954 | ---- | C] () -- C:\Users\Mama\Documents\Lights by Ellie Goulding [Lyric Video].mp4
[2013.04.11 17:22:23 | 027,210,270 | ---- | C] () -- C:\Users\Mama\Documents\Tomorrowland 2012 - Million Voices In My Mind.mp4
[2013.04.06 19:56:53 | 005,976,981 | ---- | C] () -- C:\Users\Mama\Documents\Linkin Park - Numb [Lyrics].mp3
[2013.04.03 19:56:05 | 000,001,830 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2013.04.03 19:36:41 | 000,000,947 | ---- | C] () -- C:\Users\Mama\Desktop\vegas110.exe - Verknüpfung.lnk
[2013.02.05 18:40:03 | 001,391,616 | ---- | C] () -- C:\Windows\Win.dll
[2013.02.04 16:49:28 | 001,428,992 | ---- | C] () -- C:\Windows\GData.dll
[2013.01.19 14:41:51 | 001,382,400 | ---- | C] () -- C:\Windows\gdi.dll
[2013.01.02 21:14:09 | 008,018,000 | ---- | C] () -- C:\Users\Mama\ts3_recording_13_01_02_20_14_8.wav
[2012.12.30 22:31:52 | 000,008,704 | ---- | C] () -- C:\Windows\System32\ph.dll
[2012.12.23 22:48:43 | 000,008,192 | ---- | C] () -- C:\Windows\System32\hack.dll
[2012.12.23 13:47:01 | 001,376,768 | ---- | C] () -- C:\Windows\Data.dll
[2012.11.16 21:37:32 | 000,037,376 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll
[2012.11.16 17:01:04 | 000,159,232 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.09.27 19:10:51 | 000,000,092 | ---- | C] () -- C:\Users\Mama\AppData\Local\fusioncache.dat
[2012.09.10 20:06:49 | 000,001,100 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d8caps.dat
[2012.09.07 10:59:43 | 000,016,304 | ---- | C] () -- C:\Windows\System32\apl003.sys
[2012.09.07 10:59:43 | 000,013,232 | ---- | C] () -- C:\Windows\System32\apf003.sys
[2012.08.09 09:40:32 | 000,065,576 | ---- | C] () -- C:\Windows\System32\bdmpegv.dll
[2012.08.09 09:40:28 | 000,022,560 | ---- | C] () -- C:\Windows\System32\bdmjpeg.dll
[2012.08.08 20:37:28 | 000,000,000 | ---- | C] () -- C:\Windows\PowerReg.dat
[2012.07.31 23:06:55 | 000,000,061 | ---- | C] () -- C:\Windows\System32\SYSVCPDRV.SYS
[2012.06.04 18:27:26 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.05.21 20:23:29 | 021,296,720 | ---- | C] () -- C:\Users\Mama\ts3_recording_12_05_21_20_23_26.wav
[2012.05.03 04:54:46 | 000,042,392 | ---- | C] () -- C:\Windows\System32\xfcodec.dll
[2012.04.18 18:11:22 | 000,000,070 | ---- | C] () -- C:\Windows\wiso.ini
[2012.03.06 19:59:32 | 000,618,823 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.02.11 20:20:39 | 000,000,000 | ---- | C] () -- C:\Windows\System32\cd.dat
[2012.01.27 21:27:48 | 000,080,896 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe
[2011.11.17 20:47:14 | 000,000,600 | ---- | C] () -- C:\Users\Mama\AppData\Local\PUTTY.RND
[2011.11.17 19:09:49 | 001,589,248 | ---- | C] () -- C:\Windows\System32\libmysql_d.dll
[2011.10.25 18:31:29 | 002,484,592 | ---- | C] () -- C:\Windows\System32\pbsvc_p4f.exe
[2011.10.25 14:10:02 | 000,138,264 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.10.25 14:10:02 | 000,138,056 | ---- | C] () -- C:\Users\Mama\AppData\Roaming\PnkBstrK.sys
[2011.10.25 14:09:34 | 000,234,768 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.10.25 14:09:27 | 000,075,136 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.10.21 17:25:53 | 000,015,873 | ---- | C] () -- C:\Windows\System32\Inetde.dll
[2011.09.24 19:51:38 | 000,121,856 | ---- | C] () -- C:\Users\Mama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2011.09.11 14:20:45 | 000,544,256 | ---- | C] () -- C:\Windows\System32\janGraphics.dll
[2011.09.11 14:20:45 | 000,124,416 | ---- | C] () -- C:\Windows\System32\dXCtrls.dll
[2011.08.29 14:43:45 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011.08.29 14:43:45 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011.08.28 20:48:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011.08.28 15:10:53 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.08.28 14:53:20 | 000,164,247 | ---- | C] () -- C:\Windows\hpoins19.dat
[2011.08.28 14:51:17 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat
[2011.08.28 13:29:24 | 000,000,032 | R--- | C] () -- C:\Windows\System32\drivers\VERSION.DAT
[2011.08.28 13:20:18 | 000,009,188 | ---- | C] () -- C:\Users\Mama\AppData\Local\d3d9caps.dat
[2011.06.08 23:49:42 | 001,929,576 | ---- | C] () -- C:\Windows\System32\HPScanTRDrv_DJ3070_B611.dll
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 110 bytes -> C:\ProgramData\TEMP:888AFB86

< End of report >
         
Dann Extra´s

Code:
ATTFilter
OTL Extras logfile created on: 03.05.2013 13:06:50 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mama\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,79 Gb Available Physical Memory | 59,58% Memory free
6,22 Gb Paging File | 4,29 Gb Available in Paging File | 69,02% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 576,16 Gb Total Space | 243,55 Gb Free Space | 42,27% Space Free | Partition Type: NTFS
Drive D: | 20,00 Gb Total Space | 9,66 Gb Free Space | 48,29% Space Free | Partition Type: FAT32
 
Computer Name: FINLAY | User Name: Mama | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_USERS\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04049F02-0C1F-40EA-99A3-2CF485EEF36B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{0496C212-F54E-4F6E-B8F1-FFBC55F01D0B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{0BC76374-022E-4295-B15D-7991C3695FED}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{16726531-3988-4664-9945-70B40C9CADB9}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{196DDCCD-B8CB-444B-94BC-AFBB543627E3}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1E50C8C6-D4AD-4658-9F80-19CEB1FAA469}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{1F0897BA-3948-40FC-A9AE-ABE36ED36EED}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe | 
"{1F6DCD65-96D0-417A-8171-D3049599630A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{246E8C02-0BEF-40B9-912C-795B7AB5C130}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{2D242257-67A8-464D-B4ED-38DF2A87175A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3399FD0F-D945-4643-9844-4687D25B2508}" = lport=137 | protocol=17 | dir=in | app=system | 
"{39A83C53-8FCE-4619-A053-34C2621BD507}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{67225C6E-E3AA-4495-8EEA-66ECB3F0AC67}" = lport=4000 | protocol=6 | dir=out | app=c:\program files\dll-files.com fixer\dllfixer.exe | 
"{6C9110F9-F028-4E88-A824-A2D50BAA6D32}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{73999683-5C92-4622-867E-2F84B4035C1F}" = lport=445 | protocol=6 | dir=in | app=system | 
"{8252B1B4-0424-4742-B4B2-44C1B556BD88}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{8F6B5D52-2491-47DF-8192-8D8626D0666A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A662FD03-5CAC-4933-9F18-01F35B221CAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9C56874-D42E-46FC-B414-AA8B69F7A967}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{B9A0F876-B982-4611-8492-70DD03E6316D}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{BAC62789-EF57-46BD-B838-966637CB321E}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{BC76CF89-2A08-4E03-9EDD-B57E88087EE6}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C2DC8C86-96CE-4F8A-B42A-8EE7C0AB3A0F}" = lport=139 | protocol=6 | dir=in | app=system | 
"{CBCD6416-06CB-4CA2-98F9-8EB4A7F1DF5A}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{CECB3A49-07B6-477C-AFFF-86B1FE90C2BE}" = rport=139 | protocol=6 | dir=out | app=system | 
"{D0723529-BACF-4466-9A34-B1652C2B5D0D}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{D4728676-0890-4966-9981-AEBE01A26110}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{D48ABC43-0585-4CEA-AEFB-6EAA226B21B6}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E16B1E1E-E6BC-40D7-A603-07EC8D946244}" = lport=138 | protocol=17 | dir=in | app=system | 
"{E738BAB1-3898-4FED-8F2C-88855E3C057A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{E89DC12A-10C6-4591-90D4-70AAFC1427DA}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{EBEE553B-5946-4D70-B764-49C3848F3212}" = rport=445 | protocol=6 | dir=out | app=system | 
"{F807FA00-204B-4485-A56B-0239F5D9EAD4}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00EBE49E-E34F-4098-93A8-B4A15772C505}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{0D31BE89-14D9-42F9-94DD-54AEC4286759}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{16B22B3A-41EE-4094-B329-5CD922B42B4A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\itzdom3\counter-strike source\hl2.exe | 
"{18995837-1D5A-4AD3-A7D1-35CF3F2807B3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{19977839-03EF-48BF-878D-80D09479210C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{1D7B13A2-9345-427E-A8BA-549F9DD92F91}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-203 | 
"{1DAB1E2A-6ECB-44D9-8B5D-5CD0BA114B1B}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{2077E164-70A4-493A-BC77-5826508B4F1E}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{21B48C98-5154-4663-92A8-A3B453DA1492}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{2217B297-EFC1-4230-B259-CEE2E5E8DD09}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{23C14692-0132-450E-98E1-D94CDCF7D4C4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{2841E01A-0B8C-4D06-88BE-2F1F63552638}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{2A6DC975-E5D4-4355-9BEC-1707968D0641}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E80C738-A981-43C4-818F-D6775B33EFE8}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer.exe | 
"{2E982B9E-C97B-4207-AC8D-0F0E775DFE44}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3464B3EF-E7FA-4199-BA6E-69EF06E7E899}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{35AA03C0-D4A5-4A99-A7E7-2AD9FB8BE2DC}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{388F4BFB-F576-4DCB-85CE-ACD42CEA2193}" = protocol=17 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{39158DF1-28E6-4918-B057-2000034682FE}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\jcsetup.exe | 
"{3A42F71B-8A36-40D3-843C-1057A8076FDF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{3B277CBB-D048-45F5-B367-BCBEDA16BEA5}" = protocol=58 | dir=in | app=system | 
"{3C1E440B-E936-44F5-86E7-59EDF5385F88}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{4570A0A1-F03F-422E-AFB3-B84EF641F876}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{45BF64EB-3B16-48EA-9BB3-21D672ECB076}" = protocol=6 | dir=in | app=c:\users\mama\appdata\local\akamai\netsession_win.exe | 
"{45D6080A-830B-4749-8D0C-E6E708F8AE4B}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{473B9168-50C5-41A3-BE6F-E23B2071E2E5}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{49EF2118-CF9A-4DD8-8BBC-1C303C2C5CAE}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{4B403600-1ADA-44DF-9C30-FBC68FB948E6}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{4C77DB86-B98A-4A5E-A356-F1CB3228263F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{50695D2C-BFA8-408F-984F-76B0382CECBC}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{5094F336-8521-4E13-B7FA-336D849B856B}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\hpnetworkcommunicator.exe | 
"{5428ED3E-19F1-432F-AE1F-2EF4525C9BE7}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\game.exe | 
"{572A134C-AB27-4D8B-AE04-35FE0FB1169E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\itzdom3\counter-strike source\hl2.exe | 
"{587BA19F-FFB4-4D40-82B4-97A33AED2F9D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6598FC98-147B-48F3-9DB4-96249C7F5E91}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{6AAD97D0-D573-4F88-90F6-B00022777016}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{6B6E032C-7239-45CF-9BF9-05F3CF2ED0E2}" = protocol=6 | dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{6C35B9E7-8B33-4DE6-9A90-EDE0D5B23825}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{75F92B3E-2A6B-48D3-9F84-23A045369AC3}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{7828DA5E-72D7-4806-A295-B5A2DCF00A31}" = protocol=6 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | 
"{803F01A8-A816-4D21-A89B-7B6C7C02F8DD}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{8130E2E9-8807-43AB-A0FF-E5B2F4250FB7}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 2\iw4mp.exe | 
"{83F11A02-4EBD-4C59-AB89-26EA9CEABD22}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{849D5D88-53AA-48E4-ABC5-7303DEA91D22}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{872ECEB2-17F8-49DC-B898-CE53EE96F806}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe | 
"{8744506E-FF76-45EA-B6EE-6FC2463313FE}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{87CA300D-18B1-475C-A300-082398542E59}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{8BBF5D06-A324-46C9-AD68-87515C38854B}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2011\farmingsimulator2011.exe | 
"{8D058154-1492-40D6-972F-D580471E8736}" = dir=in | app=c:\program files\hp\hp deskjet 3070 b611 series\bin\devicesetup.exe | 
"{8DF5611D-25BD-425E-A551-F643547E60F5}" = protocol=17 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013.exe | 
"{8F0F47CD-4A52-4A5C-B22A-297196819275}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp.exe | 
"{8F3EB327-1F4D-4621-A44D-778C63C85FE7}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{90DB3332-7CF8-42F1-8417-5E58F422B1FA}" = protocol=17 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{9200CEAF-963E-4E5C-B20B-099815AB757C}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\jcsetup.exe | 
"{9549A161-4CE4-464E-8FB0-A801A1214943}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{96395198-1978-41CC-ACD9-A9DF6C767AE9}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\justcausedemo.exe | 
"{970361DF-3C38-4022-83AF-B603AFFACE6B}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\counter-strike source\hl2.exe | 
"{9A3B81C0-72E3-4E25-A616-5985FFAA19BF}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackopsmp.exe | 
"{9AF15A1A-48F5-4F3D-9E75-E8CC19D8B7D2}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\just cause demo\justcausedemo.exe | 
"{9DE8BA6C-8CA3-47AB-9F5C-4D218FFCEBE8}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | 
"{9FA1E26C-628A-49D6-9CEF-6C27E482C3F7}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1199\agent.exe | 
"{A2CE67EF-4261-4D3B-8EAB-1B81A711AE5E}" = protocol=6 | dir=in | app=c:\program files\landwirtschafts simulator 2013\farmingsimulator2013game.exe | 
"{A3EE64F2-662C-46A5-A5F8-5CC581F9E9F5}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{AC9DB568-DBF4-41EE-8EF9-2E4D2EA98B21}" = dir=in | app=c:\program files\pando networks\media booster\pmb.exe | 
"{ADBFB534-A6BC-4329-90B3-3F52CB30B59A}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{B4794336-EB04-488A-A08A-8E3A59C0DE21}" = protocol=6 | dir=in | app=c:\program files\simple port forwarding\spf.exe | 
"{B4BACF79-15E1-4BA6-91CB-1AEC02F72C70}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version8\teamviewer_service.exe | 
"{B5893A32-EB40-4796-9821-822905F921EF}" = dir=in | app=c:\program files\windows live\mesh\moe.exe | 
"{B721FA9B-895C-42B5-B799-7021E339DD5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{BB88B2B6-787C-4EEE-B5B9-0A665CB29D97}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5sp.exe | 
"{BD8DF874-127E-4853-8D04-FBA5A5BA4ABF}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{BDFAB2AE-2F11-420C-A10E-42648A552E52}" = protocol=6 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{BE427EAF-05A8-484A-83D7-D79A1B22CB42}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops rcon\blackopsrcon.exe | 
"{BEE792F1-0B68-4DC7-A857-371846A9401B}" = protocol=17 | dir=in | app=c:\users\mama\appdata\local\akamai\netsession_win.exe | 
"{C0785B60-C1E5-4510-8920-DA92555EA1F5}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{C08CB3CA-F6EE-4F65-B730-77C22C692DCE}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{C5583F45-05E6-421C-B383-1B5049C20341}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe | 
"{C722A281-D8F7-477B-962D-7DA9F19E14C6}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{C9540B2F-FFFB-4FF4-95A8-342C5A7C6A26}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{C986946C-2192-4870-BD5C-22BA0C5D04A1}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{D89CB620-E87B-448C-B03A-0549440C2FCE}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D92648E6-A70B-4770-9E28-08A87739B489}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{E02B5609-A6FB-4062-A64A-0EA7A5471FE9}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe | 
"{E6DD4485-3A96-4452-97A4-0DED88107D97}" = protocol=6 | dir=out | app=system | 
"{EEF0DDBC-D5A5-44D9-879D-AF98E9AFF380}" = protocol=17 | dir=in | app=c:\program files\logitech\logitech vid\vid.exe | 
"{EF6D1553-657A-45AB-BBFA-33002B0012B1}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops\blackops.exe | 
"{F3E16550-517A-4881-BBEB-E613017CEE19}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty modern warfare 3\iw5mp_server.exe | 
"{F60AE8D8-4A65-4F08-993E-D856316DEE90}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | 
"{F8B32C48-2E01-42E3-BCA6-D3F9DAD0C8C5}" = dir=in | app=c:\users\mama\appdata\local\facebook\video\skype\facebookvideocalling.exe | 
"{FA8DBD26-5D18-4549-B12A-49BD3FEB0E40}" = protocol=17 | dir=in | app=c:\program files\gameforge4d\elsword_de\data\x2.exe | 
"{FADE9593-6A2A-4940-93F7-1297FEB9428A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{FB08938E-0CD1-4632-A99C-C9F7438C5FA0}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"TCP Query User{07BE950D-A03B-4DFF-AF79-BEE1CAAF0247}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe | 
"TCP Query User{24FD8A6D-F950-47CF-B253-E0DC8E20D93B}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin | 
"TCP Query User{383A436B-B7D3-4B1E-ADB0-E3055E99A5A7}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=6 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | 
"TCP Query User{4146C8B9-EC6F-4F65-BE70-B1538BE6663C}C:\users\mama\desktop\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\metin2client.bin | 
"TCP Query User{4F444BC9-F6BF-4430-9883-98A61C84CE83}C:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe | 
"TCP Query User{5F971FC6-7652-4253-9C2A-464E84A24EEC}C:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe | 
"TCP Query User{6E1B2BBE-122E-42D2-ABD5-021680507E53}C:\users\mama\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\mama\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{82FFF8B6-DA83-45C9-A94E-95C34A2869CC}C:\users\mama\games\tom clancy's h.a.w.x\hawx.exe" = protocol=6 | dir=in | app=c:\users\mama\games\tom clancy's h.a.w.x\hawx.exe | 
"TCP Query User{891AFF27-3BFB-4282-BCD2-4B18DE77D6DA}C:\users\mama\desktop\hardcore reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\metin2client.bin | 
"TCP Query User{A06503AC-851D-4704-A413-74F4E0A05BE2}C:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe | 
"TCP Query User{A4AF484D-057D-4087-A4E6-BBD252E53A85}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{B40967AA-5432-4787-AA70-7D608B330F0D}C:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=6 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin | 
"TCP Query User{C2336282-3BC3-43AB-9C64-11BEE4BC5340}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"TCP Query User{E5469A79-4685-400F-952C-43131E4793ED}C:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe" = protocol=6 | dir=in | app=c:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe | 
"TCP Query User{FB3FB0FF-09D1-4168-AA5E-22A92F2A30DE}C:\windows\system32\javaw.exe" = protocol=6 | dir=in | app=c:\windows\system32\javaw.exe | 
"UDP Query User{0C394EE7-69A1-4E17-8AEE-41C61940354E}C:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\spieleordner\schon wieder alles voll\gleichfinlay\anwendung etc\finlay´s spiele\hardcore reloadedv3.5\hardcore reloaded\.hardcore reloaded.exe | 
"UDP Query User{3181AD3A-3258-4D37-B013-EB2F933811D6}C:\programdata\battle.net\agent\agent.1225\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"UDP Query User{37C19EB8-9855-4D65-BD73-C63C5A3B98F6}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\metin2client.bin | 
"UDP Query User{3BCD4A9D-187D-4535-85D7-C12F9FD006A3}C:\users\mama\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\mama\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{3CC69E4A-D7FC-4B92-A9A1-086CD285CD1E}C:\program files\mp3 skype recorder\mp3 skype recorder.exe" = protocol=17 | dir=in | app=c:\program files\mp3 skype recorder\mp3 skype recorder.exe | 
"UDP Query User{506AB8F9-89AC-4A96-BD93-B42B8D738F31}C:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\.hardcore reloaded.exe | 
"UDP Query User{6C57BF31-CA0F-4055-BEF8-8F60FFD6E998}C:\users\mama\games\tom clancy's h.a.w.x\hawx.exe" = protocol=17 | dir=in | app=c:\users\mama\games\tom clancy's h.a.w.x\hawx.exe | 
"UDP Query User{94283DEC-6B37-4C17-BE51-05442E359E2A}C:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\hardcore-reloaded\metin2client.bin | 
"UDP Query User{A61670EE-BD03-4F23-A5ED-90DAA4F81E00}C:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\.hardcore reloaded.exe | 
"UDP Query User{AB45D71A-8B2E-463B-A05C-A48524889F7D}C:\users\mama\desktop\hardcore reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore reloaded\metin2client.bin | 
"UDP Query User{B6E04D6C-90B8-493F-97D1-33F2C0F3AAF1}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{C96FC727-5623-4E35-A2D6-AE7F40ABD0E7}C:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\hardcore-reloaded\.hardcore reloaded.exe | 
"UDP Query User{CA499705-9B1B-4679-ABEA-1A46E6557EE1}C:\users\mama\desktop\hardcore-reloaded\metin2client.bin" = protocol=17 | dir=in | app=c:\users\mama\desktop\hardcore-reloaded\metin2client.bin | 
"UDP Query User{CD55C47D-1DCA-4520-B8DF-F81759F4A782}C:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe" = protocol=17 | dir=in | app=c:\users\mama\desktop\spieleordner\hardcore-reloaded\.hardcore reloaded.exe | 
"UDP Query User{F8AD885B-8DAD-4050-AB0B-1651516CE12B}C:\windows\system32\javaw.exe" = protocol=17 | dir=in | app=c:\windows\system32\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00C84D22-DB8F-4159-BF70-682B8EA56A1E}" = Microsoft SQL Server Data Tools Build Utilities - DEU (11.1.20828.01)
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{086BADF8-9B1F-4E89-B207-2EDA520972D6}" = Grand Theft Auto San Andreas
"{0B03071A-C96E-34CA-E5A3-4D8DA8ACCB3D}" = CCC Help Polish
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{106B4413-ACBB-4CDE-8707-587DB9BD77EC}" = LogMeIn Hamachi
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1472627A-6E9F-DCB1-8894-E2BD249FD5E4}" = CCC Help Thai
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{1948E039-EC79-4591-951D-9867A8C14C90}" = Microsoft .NET Framework 4.5 SDK
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1A2C316B-F842-6FB3-3C87-6FE02861F396}" = AMD VISION Engine Control Center
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{218BE476-B206-2879-B912-971E6E89E44D}" = CCC Help Finnish
"{22154f09-719a-4619-bb71-5b3356999fbf}" = Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216029FF}" = Java(TM) 6 Update 30
"{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21
"{28A2EF20-B486-685D-6642-829180ED7683}" = ccc-utility
"{28C7A4BB-3966-4373-8376-C11F38290630}" = Microsoft SQL Server 2012 T-SQL Language Service 
"{2A3CC014-FA33-4027-AECD-9A4845223209}" = Microsoft SQL Server 2012 Native Client 
"{2DFFE333-1B60-4CAA-F836-3CF0C99777CA}" = CCC Help Norwegian
"{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update
"{2F73A7B2-E50E-39A6-9ABC-EF89E4C62E36}" = Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.50727
"{2FEC5714-F642-4258-8336-E596A1494860}" = Messenger Plus! Community Smartbar
"{30640168-E261-4261-B8FF-7FA5E0F6A2F1}" = Microsoft SQL Server 2012 Transact-SQL ScriptDom 
"{3143EA86-CF89-4E22-91BB-25B28CE23AED}" = 2350_Help
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{364374D2-FE10-2170-2397-5B01F9D00093}" = CCC Help Spanish
"{36FDBE6E-6684-462B-AE98-9A39A1B200CC}" = HP Product Assistant
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C1ED1BF-B7B9-4DED-90E2-B9B0C1ED12C1}" = IObit Toolbar v6.9
"{40786C7F-7078-5147-444E-D45DE808B684}" = CCC Help Portuguese
"{43D3EA3E-2B72-57F3-40E0-318A614D0FDD}" = CCC Help Czech
"{4705DBFD-9D5E-4D23-817C-8CA7359B7BDE}" = Entity Framework Designer für Visual Studio 2012 - DEU
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0B27C3-3E8F-4BD2-80FF-6E9E48EBD6D8}" = Microsoft-System-CLR-Typen für SQL Server 2012
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{4F7823C4-BB28-A63E-CE08-1B463D4682DE}" = CCC Help Dutch
"{4FBCEA31-5D18-4212-9231-DE7CF1BE7DBB}" = Logitech Vid
"{5454083B-1308-4485-BF17-1110000D8301}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8302}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8303}" = Grand Theft Auto IV
"{5454083B-1308-4485-BF17-1110000D8304}" = Grand Theft Auto IV
"{5482DCBE-D2D1-47B0-A621-DF8E2B0D174C}" = Windows Live Family Safety
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{5CBB00A9-CAA2-406A-B149-65343CD6A86E}" = Microsoft SQL Server 2012 Transact-SQL Compiler Service 
"{5CBFF3F3-2D40-34EE-BCA5-A95BC19E400D}" = Microsoft .NET Framework 4.5 Multi-Targeting Pack
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B7B7E62-9F56-4C87-8664-0E20F2CAB03B}" = Microsoft SQL Server 2012 Management Objects
"{6D7B8E2C-4356-619D-134F-FB36B0809958}" = CCC Help German
"{6F173E00-2766-E174-C2E0-AD88F24685BD}" = CCC Help Swedish
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FAEC41D-0654-12C1-0068-770D19FC2446}" = CCC Help Italian
"{7032B400-11EC-11E0-A9BF-0013D3D69929}" = MSVCRT Redists
"{70CB6C40-8DF1-11E1-BDCF-F04DA23A5C58}" = MSVCRT Redists
"{70D065C3-77E5-45E9-A75C-EEB2E84EA869}" = Erforderliche Komponenten für SSDT 
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{73D239CC-D6B1-ADEC-A7BE-E100C7112004}" = CCC Help Korean
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7BCB4F1F-4864-4808-95F6-44BEF497EADB}" = NVIDIA PhysX
"{7CC4FADE-70AC-4560-9418-639D71A4767C}" = Microsoft SQL Server Compact 4.0 SP1 DEU
"{7F1F9EC3-2A14-11B1-9111-526F36E7739B}" = AMD Fuel
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169, 8168, 8101E and 8102E Ethernet Network Card Driver for Windows Vista
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A7CAA24-7B23-410B-A7C3-F994B0944160}" = Microsoft Virtual PC 2007
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D3D92F0-852F-D832-FD8B-029C8C231C13}" = CCC Help Russian
"{8D7507C3-DF2B-4740-8700-8227C2C7AE81}" = HP Deskjet 3070 B611 series - Grundlegende Software für das Gerät
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90849941-4C23-3054-B575-3833700DF788}" = Microsoft Help Viewer 2.0 Language Pack - DEU
"{929CE49F-1CA7-4CF3-A9A1-6D757443C63F}" = Microsoft Games for Windows - LIVE Redistributable
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031" = Microsoft .NET Framework 4.5 DEU Language Pack
"{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033" = Microsoft .NET Framework 4.5
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{9611BFC7-0C25-48D9-927B-DB5D0D5562CB}" = Microsoft SQL Server 2012 Express LocalDB 
"{963FFEAB-16E5-EB69-4E64-338B3D319FB4}" = CCC Help Chinese Standard
"{969E11AA-8F3A-F162-1A5A-0965E216B6CE}" = Adobe Download Assistant
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{98B45D1C-6EB1-460D-A87D-2B60678DC105}" = Microsoft .NET Framework 4.5 SDK - DEU Lang Pack
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A4D182C-35C7-4791-8484-4304EBC9101A}" = Windows 7 Upgrade Advisor
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C98989A-3A15-42DA-A3B9-D20331437D67}}_is1" = Gameforge Live 1.0 "Legend"
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9D7EF9D6-212E-3C87-AB96-ED9F2A6C3218}" = Microsoft .NET Framework 4.5 DEU Language Pack
"{9F20CE56-3828-432D-A3C5-3EC6A2ED93C6}" = HP Deskjet 3070 B611 series Hilfe
"{9F612429-4A00-3D44-88CF-146DA2EE1F92}" = Microsoft .NET Framework 4.5
"{9F7E9D7B-3291-96CE-A27F-DD4F6EB230EA}" = CCC Help Chinese Traditional
"{A11E24AD-A7EB-78C9-F792-AD9CDDB8B651}" = Catalyst Control Center InstallProxy
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A38310A9-0AAF-4815-856D-63DAE3D7DFF1}" = Microsoft SQL Server 2012 Command Line Utilities 
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A6FC405C-6C58-4ACF-AC41-E999261E76E9}" = 2350Trb
"{A6FDE264-C48D-36CE-CFA7-ABBEB861AC10}" = Catalyst Control Center Localization All
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.4 - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 311.06
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.38
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0807
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.11.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B31A9284-632D-683E-3BD0-F6926D445A7B}" = CCC Help Danish
"{B644D34F-0296-11E2-938E-F04DA23A5C58}" = Vegas Pro 11.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A75523-3D7F-CF23-12F7-999EAF6C7167}" = CCC Help Japanese
"{B7E2A724-2774-4AC2-9F0A-B58C7319B6E6}" = Sony Vegas Pro 8.0
"{B8D84F70-0296-11E2-8DF5-F04DA23A5C58}" = MSVCRT Redists
"{B92C5909-1D37-4C51-8397-A28BB28E5DC3}" = Facebook Video Calling 1.2.0.287
"{b9ed8a90-8d53-3960-b93b-d383c65ffc80}" = Python 3.3.1
"{BCF16F16-AC0E-4ABE-A9EF-412CF484BA51}" = Windows Live Family Safety
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C27BC2A2-30DD-4014-B22E-63EB0DB572F9}" = Logitech Webcam Software
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C369380E-92AC-425C-943A-E911077C5449}" = Eazfuscator.NET
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C821D689-95BE-0D60-255E-D9B89CB3019F}" = Catalyst Control Center Graphics Previews Common
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB606F47-7D0E-40DF-95BB-0E5413A1295F}" = MP3 Skype Recorder
"{CE1458AA-23A7-332D-68D9-86B799898DA6}" = CCC Help Greek
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{E0655E94-1D4D-8484-64C6-E6F847B7BE92}" = CCC Help Turkish
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E43B4909-141E-DFF3-8C58-62B5E4D66BBA}" = AMD Catalyst Install Manager
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E511AE89-54BB-481D-BC4A-1B1F1E1B7693}" = Microsoft SQL Server Data Tools - DEU (11.1.20828.01)
"{E555950B-1496-C37C-CA2C-2DF8745A5BE9}" = CCC Help English
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{EE229D0E-3D9E-636C-6E75-9436A87C7E49}" = CCC Help French
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3757C8B-6552-4EA5-9451-B933A55170BC}" = 2350
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F536CCF1-C4C1-5FB9-6B17-F883DFFAE569}" = CCC Help Hungarian
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FBA6F90E-36EC-4FC9-9B25-3834E3BD46A8}" = Microsoft SQL Server 2012 Data-Tier App Framework 
"{FD065B02-AE17-4496-8C0F-FFD3A9FD9460}" = WISO Bewerbung 2008
"{FDB30193-FDA0-3DAA-ACCA-A75EEFE53607}" = Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.50727
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEB375AB-6EEC-3929-8FAF-188ED81DD8B5}" = Microsoft Help Viewer 2.0
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4Story_DE_is1" = 4Story DE 4.0.167
"888poker" = 888poker
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Akamai" = Akamai NetSession Interface Service
"Audacity_is1" = Audacity 2.0
"avast" = avast! Free Antivirus
"Bandicam" = Bandicam
"BandiMPEG1" = Bandisoft MPEG-1 Decoder
"Brick-Force" = Brick-Force 
"CCleaner" = CCleaner
"CdCoverCreator" = CdCoverCreator 2.5.3
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"Comanche 4" = Comanche 4
"Crossfire Europe" = Crossfire Europe
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"Elsword_DE_is1" = Elsword_DE
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FarmingSimulator2011_PLATINUMDE_is1" = Landwirtschafts Simulator 2011
"FarmingSimulator2013DE_is1" = Landwirtschafts Simulator 2013
"Fraps" = Fraps (remove only)
"GinyasBrowserCompanions" = GinyasBrowserCompanions
"Google Chrome" = Google Chrome
"HighwayNights" = Cobra 11 - Highway Nights (remove only)
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Photo Creations" = HP Photo Creations
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"HyperCam 2" = HyperCam 2
"InstallShield_{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Metin2_is1" = Metin2
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft Help Viewer 2.0" = Microsoft Help Viewer 2.0
"Microsoft Help Viewer 2.0 Language Pack - DEU" = Microsoft Help Viewer 2.0 Language Pack - DEU
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NewBlue Film Effects for Windows" = NewBlue Film Effects for Windows
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Picasa 3" = Picasa 3
"PremiumSoft Navicat Premium_is1" = PremiumSoft Navicat Premium 10.0
"PunkBusterSvc" = PunkBuster Services
"Real Heroes - Firefighter_is1" = Real Heroes Firefighter
"Simple Port Forwarding" = Simple Port Forwarding
"Steam App 10190" = Call of Duty: Modern Warfare 2 - Multiplayer
"Steam App 240" = Counter-Strike: Source
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 42710" = Call of Duty: Black Ops - Multiplayer
"Steam App 42720" = Call of Duty Black Ops - Remote Console
"Steam App 42750" = Call of Duty: Modern Warfare 3 - Dedicated Server
"Steam App 6930" = Just Cause Demo
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 8" = TeamViewer 8
"Totalcmd" = Total Commander (Remove or Repair)
"VLC media player" = VLC media player 2.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR 4.01 (32-Bit)
 
========== HKEY_USERS Uninstall List ==========
 
[HKEY_USERS\S-1-5-21-2809430191-2561511874-1137215038-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Spotify" = Spotify
"UnityWebPlayer" = Unity Web Player
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 23.09.2012 10:11:15 | Computer Name = Mama-PC | Source = VSS | ID = 8194
Description = 
 
Error - 23.09.2012 10:28:19 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 10:28:19 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 13:28:12 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 13:28:13 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 13:55:03 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 13:55:03 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 13:55:18 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 13:55:18 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
Error - 23.09.2012 14:00:56 | Computer Name = Mama-PC | Source = SideBySide | ID = 16842830
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Windows
 Live\Messenger\msnmsgr.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile
 .  Eine für die Anwendung erforderliche Komponentenversion steht in Konflikt mit 
einer anderen bereits aktiven Komponentenversion.  Die widersprüchlichen Komponenten
 sind:  Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.4148_none_5090ab56bcba71c2.manifest.
Komponente
 2: C:\Windows\WinSxS\manifests\x86_microsoft.vc90.crt_1fc8b3b9a1e18e3b_9.0.30729.1_none_e163563597edeada.manifest.
 
[ System Events ]
Error - 02.05.2013 13:06:03 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.05.2013 13:06:03 | Computer Name = Finlay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 02.05.2013 13:08:01 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.05.2013 13:08:01 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 02.05.2013 14:14:28 | Computer Name = Finlay | Source = bowser | ID = 8003
Description = 
 
Error - 03.05.2013 04:50:32 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.05.2013 04:50:32 | Computer Name = Finlay | Source = Service Control Manager | ID = 7026
Description = 
 
Error - 03.05.2013 04:50:37 | Computer Name = Finlay | Source = DCOM | ID = 10016
Description = 
 
Error - 03.05.2013 04:52:02 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001
Description = 
 
Error - 03.05.2013 04:52:02 | Computer Name = Finlay | Source = Service Control Manager | ID = 7001
Description = 
 
 
< End of report >
         
__________________

Alt 03.05.2013, 12:40   #4
t'john
/// Helfer-Team
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen



Bitte das Malwarebytes-Logfile posten, das du schon gemacht hast!
(Reiter Logdateien)
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.05.2013, 12:42   #5
Finlayx3
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen



Vergessen sorry !

Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.01.03

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
Mama :: FINLAY [Administrator]

01.05.2013 10:36:03
mbam-log-2013-05-01 (10-36-03).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 550303
Laufzeit: 2 Stunde(n), 19 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Mama\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 26
C:\$Recycle.Bin\S-1-5-21-2809430191-2561511874-1137215038-1000\$RGV3O2Z.rar (Ttrojan.MSIL.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\OneHitCF 12.4.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\onehitcrossfire.zip (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\GNHacks Injector.exe (Ttrojan.MSIL.Krypt) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Anwendungen\DH.exe (Malware.Packer.T) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Anwendungen\SonyVegasKeygen.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Finlay´s Spiele\Metin2 und Spiele\hack.exe (Trojan.Agent.H) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Spam-Bot (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Spam-Bot (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Switch-Bot (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Switch-Bot (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Tools einstellen (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Tools einstellen (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Upp-Tool (Vista & 7).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Switchbot\Upp-Tool (XP).dll (Flooder.SpamBot) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Neuer Ordner (3)\Blacknight-2011\metin2Client.dll (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Neuer Ordner (3)\Blacknight-2011\pack\start.epx (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Spieleordner\Hack\Hacken.exe.exe (Trojan.Agent.XC) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Desktop\Müll!!\Keygen.exe (Trojan.Agent.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Games\Downloads\Keygen.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\Games\Downloads\SonyVegasPro Patch.exe (RiskWare.Tool.HCK) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows\system.gdat (Trojan.BadVMP) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows.old\Users\Mama\Downloads\Downloads\MChilliPepper.zip (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows.old\Users\Mama\Downloads\Downloads\SAMP-MH (1).rar (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Windows.old\Users\Mama\Downloads\Downloads\SAMP-MH.rar (HackTool.GamesCheat.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Mama\AppData\Roaming\dclogs\2013-04-09-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         


Alt 03.05.2013, 12:46   #6
t'john
/// Helfer-Team
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen



Trojan.Agent.XC
C:\Users\Mama\Desktop\Spieleordner\Hack\Hacken.exe.exe
Trojan.Agent.CK
C:\Users\Mama\Desktop\Müll!!\Keygen.exe
RiskWare.Tool.HCK
C:\Users\Mama\Games\Downloads\Keygen.exe
C:\Users\Mama\Games\Downloads\SonyVegasPro Patch.exe
RiskWare.Tool.CK
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Anwendungen\SonyVegasKeygen.exe
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Neuer Ordner (3)\Blacknight-2011\metin2Client.dll
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Neuer Ordner (3)\Blacknight-2011\pack\start.epx
Trojan.Agent.H
C:\Users\Mama\Desktop\Spieleordner\Schon wieder alles voll\GleichFinlay\Anwendung etc\Finlay´s Spiele\Metin2 und Spiele\hack.exe
Stolen.Data
C:\Users\Mama\AppData\Roaming\dclogs
C:\Users\Mama\AppData\Roaming\dclogs\2013-04-09-3.dc



Die Benutzung von Cracks und Keygens verstoesst gegen unseren Kodex.

Schon mal darueber nachgedacht, warum es Cracks gibt?
Mit Cracks & Co installiert man sich Hintertueren auf dem Rechner.
Kriminelle nutzen solche Rechner als Botnetz fuer ihre Machenschaften. Dein System ist als nicht vertrauenswuerdig einzustufen und du solltest keine sensiblen Sachen wie Homebanking an dem PC betreiben.

Anleitungen zum Neuaufsetzen (bebildert) > Windows 7 neu aufsetzen > Vista > XP

1. Datenrettung:



2. Formatieren, Windows neu instalieren:



3. PC absichern: http://www.trojaner-board.de/96344-a...-rechners.html
ich werde außerdem noch weitere punkte dazu posten.
4. alle Passwörter ändern!
5. nach PC Absicherung, die gesicherten Daten prüfen und falls sauber: zurückspielen.
__________________
--> Tcbhn wurde beendet und geschlossen

Alt 03.05.2013, 12:55   #7
Finlayx3
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen



Oh man oh man ! Keygen war ja nur für Sony Vegas geeignet und den hab ich von nem Freund bekommen und der hat so nen Problem nicht :S .. . Würde das Problem behoben werden wenn ich mir ein Neues Betriebssystem kaufe ggf. Windows 7 bei mir weil ich ja gerade Windows Vista habe ...

Alt 03.05.2013, 14:09   #8
t'john
/// Helfer-Team
 
Tcbhn wurde beendet und geschlossen - Standard

Tcbhn wurde beendet und geschlossen



Windows 7 ist sehr zu empfehlen.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Tcbhn wurde beendet und geschlossen
anderen, anderes, anleitung, beendet, beendet und geschlossen, ergebnisse, erscheint, flooder.spambot, geschlossen, hacktool.gamescheat.gen, malware.packer.t, meldung, minuten, riskware.tool.ck, riskware.tool.hck, schönen, stolen.data, tcbhn, trojan.agent, trojan.agent.ck, trojan.agent.h, trojan.agent.xc, trojan.badvmp, trojaner, trojaner board, ttrojan.msil.krypt




Ähnliche Themen: Tcbhn wurde beendet und geschlossen


  1. tcbhn hat ein Problem festgestellt und muß beendet werden
    Log-Analyse und Auswertung - 08.02.2015 (1)
  2. Microsoft Windows meldet: AdobeFlashPlayer Update Service 11.6 r602 wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 28.08.2013 (9)
  3. tcbhn wurde beendet
    Log-Analyse und Auswertung - 15.08.2013 (39)
  4. Windows XP start: tcbhn.exe hat ein Problem festgestellt und muss beendet werden
    Log-Analyse und Auswertung - 23.07.2013 (30)
  5. Fehlermeldung: tcbhn wurde geschlossen
    Log-Analyse und Auswertung - 08.07.2013 (11)
  6. tcbhn wurde beendet und geschlossen!
    Log-Analyse und Auswertung - 14.06.2013 (30)
  7. tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 13.06.2013 (47)
  8. Tcbhn wurde beendet und geschlossen - Virus?
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (9)
  9. tcbhn.exe wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 14.05.2013 (17)
  10. tcbhn.exe wurde beendet und geschlossen.
    Plagegeister aller Art und deren Bekämpfung - 07.05.2013 (3)
  11. tcbhn hat ein Problem festgestellt und muß beendet werden
    Log-Analyse und Auswertung - 28.04.2013 (4)
  12. Meldung: tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (21)
  13. tcbhn wurde beendet und geschlossen?
    Log-Analyse und Auswertung - 23.04.2013 (8)
  14. Meldung: tcbhn wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (11)
  15. tbhcn wurde beendet und geschlossen
    Log-Analyse und Auswertung - 14.03.2013 (23)
  16. tcbhn wurde beendet und geschlossen?
    Plagegeister aller Art und deren Bekämpfung - 22.02.2013 (43)
  17. Hostprozess für Windows-Dienste wurde beendet und geschlossen
    Plagegeister aller Art und deren Bekämpfung - 01.09.2010 (28)

Zum Thema Tcbhn wurde beendet und geschlossen - Hallo Trojaner Board ! Erstmal zu meinem Problem. Ich bin ja ein leidenschaftlicher "Zocker" und mein Spiel minimiert sich IMMER nach 30 minuten und dann erscheint eine Meldung: "Tcbhn wurde - Tcbhn wurde beendet und geschlossen...
Archiv
Du betrachtest: Tcbhn wurde beendet und geschlossen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.