Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 13.12.2011, 13:28   #1
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Hallo Leute,

ich nutze Windows 7 64 Bit.
Gestern meldete SpyBot oder/und Avira (bin da nicht mehr ganz sicher) beim surfen, dass etwas gefunden/verändert wurde, in dem Moment öffneten sich automatisch zahlreiche (mindestes 25) kleine Fenster mit Fehlermeldungen. Habe dann schnell neugestartet und folgendes war verändert: Alle Desktop Symbole bis auf "Benutzername", "Computer" und "Papierkorb" waren verschwunden, desweiteren die an die Taskleiste angehefteten Verknüpfungen für den "Internet Explorer", "Dateiordner" und "Windows Media Player". Im Windows Startmenü fehlten alle Einträge bis auf "Benutzername" und "Favoriten", unter "Alle Programm" waren ebenfalls alle Verknüpfungen verschwunden.
Daraufhin wollte ich (zum ersten Mal, der PC ist eine Woche alt) eine Systemwiederherstellung durchführen, doch kurz nach dem Durchführen des Prozesses und Herunterfahren wird der Bildschrim blau, es erscheint die Meldung "STOP 0x0000003B" und der PC ohne Systemwiederherstellung neu gestartet.
Der PC funktioniert soweit normal ... ich habe dann Spybot als Admin ausgeführt, gefunden wurden "Babylon Toolbar", "Toolbar.Facemood" und "E2Give", konnte alle entfernen, habe jedoch leider keinen Bericht hierüber abgespeichert
Avira habe ich kurz duchlaufen lassen und abgebrochen, als "TR/Gendal.4334125" gefunden wurde. Danach habe ich gesehen, dass genau zu dem Zeitpunkt als sich alle Fenster öffneten die Datei "TR/Crypt.XPACK.Gen" gefunden wurde. Diese habe ich nun aus der Quarantäne gelöscht. Des Weiteren habe ich nun wieder alle Einträge im Startmenü hergestellt (z.B. "Systemsteuerung", "Computer", "Videos" etc.) und die Verknüpfungen "Internet Explorer", "Dateiordner" und "Windows Media Player" an die Taskleiste geheftet.
Könntet Ihr mal einen Blick auf meinen Computer werfen und gucken, ob dieser weiterhin infiziert/trojanisiert ist? Es läuft zwar alles, aber das muss ja nichts heißen. Meine Vermutung ist, dass "Crypt.XPACK.Gen" diese Desktop/Taskleisten-Löschungen vorgenommen hat, aber was meint ihr?

Meine OTL Logfiles (OTL.txt wurde per Scan, Extras.txt per Quick Scan erstellt) habe ich angehängt.

Ich sage schonmal vielen vielen Dank im Voraus, ich hoffe, hier kann mir jemand helfen

Nachtrag: Hier einmal beide OTL Logfiles in Textform:

OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 11.12.2011 15:24:14 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 1,99 Gb Available Physical Memory | 50,05% Memory free
7,96 Gb Paging File | 5,64 Gb Available in Paging File | 70,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1606,98 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\***\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avscan.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\program files (x86)\avira\antivir desktop\avcenter.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe (Adobe Systems, Inc.)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink)
PRC - c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe (Voyetra Turtle Beach, Inc.)
PRC - C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SpybotSD.exe (Safer Networking Limited)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll ()
MOD - C:\Program Files\rarext32.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ()
MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll ()
MOD - C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy\sqlite3.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Fennel.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Chai.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\Mate.dll ()
MOD - C:\Program Files (x86)\Spybot - Search & Destroy\Plugins\TCPIPAddress.dll ()
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - (wlcrasvc) -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (CLKMSVC10_9EC60124) -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe (CyberLink)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.)
SRV - (SBSDWSCService) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (asmtxhci) -- C:\Windows\SysNative\drivers\asmtxhci.sys (ASMedia Technology Inc)
DRV:64bit: - (asmthub3) -- C:\Windows\SysNative\drivers\asmthub3.sys (ASMedia Technology Inc)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (MEIx64) Intel(R) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8192su) -- C:\Windows\SysNative\drivers\RTL8192su.sys (Realtek Semiconductor Corporation                           )
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (USBAU) -- C:\Windows\SysNative\drivers\CM10264.sys (C-Media Electronics Inc)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=89074cfa-2048-11e1-b15d-8c89a56bfac5
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.02 12:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M]
 
[2011.12.02 12:14:09 | 000,000,000 | -H-D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\***\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (IE5BarLauncherBHO Class) - {78F3A323-798E-4AEA-9A57-88F4B05FD5DD} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (VShareToolBar) - {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} - C:\Program Files (x86)\vShare.tv plugin\BarLcher.dll (VShare Inc.)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Turtle Beach Audio Advantage Micro] C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.244.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\Shell - "" = AutoRun
O33 - MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\Shell\AutoRun\command - "" = J:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.11 01:41:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.10 13:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011.12.09 20:25:59 | 000,000,000 | ---D | C] -- C:\Anna-Lenas Scheiss Fuckin Shit Ordner
[2011.12.09 16:06:43 | 000,000,000 | ---D | C] -- C:\Another American Experience
[2011.12.09 15:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011.12.09 13:18:44 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\T-Online
[2011.12.09 13:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online
[2011.12.09 13:15:31 | 000,000,000 | ---D | C] -- C:\T-Online
[2011.12.09 13:13:55 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011.12.09 13:13:54 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.12.09 13:13:01 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\TP
[2011.12.09 13:08:00 | 000,000,000 | ---D | C] -- C:\An American Experience
[2011.12.09 08:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jackpot Capital
[2011.12.08 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intertops Casino
[2011.12.08 18:01:37 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2011.12.08 15:25:43 | 000,000,000 | ---D | C] -- C:\projax
[2011.12.08 14:41:14 | 000,000,000 | ---D | C] -- C:\itunes
[2011.12.08 13:58:18 | 000,000,000 | ---D | C] -- C:\various
[2011.12.08 13:33:55 | 000,000,000 | ---D | C] -- C:\unknowntitle
[2011.12.08 13:32:05 | 000,000,000 | ---D | C] -- C:\uni
[2011.12.08 11:57:00 | 000,000,000 | R--D | C] -- C:\Beatles
[2011.12.08 01:18:59 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\vlc
[2011.12.08 01:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.08 00:43:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.12.08 00:43:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2011.12.08 00:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2011.12.08 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2011.12.08 00:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.12.08 00:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.12.06 23:43:34 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.12.06 23:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.12.06 21:27:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\VshareComplete
[2011.12.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VshareComplete
[2011.12.06 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare.tv plugin
[2011.12.06 16:27:29 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Meine Paletten
[2011.12.06 16:27:27 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Corel
[2011.12.06 16:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.12.06 16:27:16 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Corel
[2011.12.05 19:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Wild Casino
[2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\Microgaming
[2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2011.12.04 22:07:47 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2011.12.04 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2011.12.04 15:49:36 | 000,000,000 | ---D | C] -- C:\bay
[2011.12.04 14:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WS_FTP
[2011.12.04 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc Plus 2.5
[2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc
[2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartripper
[2011.12.04 14:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoto Plus 4
[2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrontPage Express
[2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2011.12.04 14:56:12 | 000,000,000 | ---D | C] -- C:\maike
[2011.12.04 14:56:01 | 000,000,000 | ---D | C] -- C:\len
[2011.12.04 14:55:59 | 000,000,000 | ---D | C] -- C:\job
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\files
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\bentus
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\alfotto
[2011.12.04 14:53:14 | 000,000,000 | ---D | C] -- C:\tyschan
[2011.12.04 14:53:08 | 000,000,000 | ---D | C] -- C:\trade
[2011.12.04 14:53:06 | 000,000,000 | ---D | C] -- C:\snes
[2011.12.04 14:52:57 | 000,000,000 | ---D | C] -- C:\shirt
[2011.12.04 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNetBet Casino
[2011.12.04 14:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011.12.04 01:43:02 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\Rockstar Games
[2011.12.04 01:41:39 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Rockstar Games
[2011.12.04 01:32:55 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.12.04 01:16:28 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.12.04 01:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.12.04 01:15:46 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.04 01:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.12.03 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lucky18 Casino
[2011.12.02 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slotastic
[2011.12.02 15:43:06 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\CyberLink
[2011.12.02 15:41:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2011.12.02 15:41:44 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2011.12.02 15:41:44 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vb6stkit.dll
[2011.12.02 15:41:44 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6KO.DLL
[2011.12.02 15:41:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemdisp.tlb
[2011.12.02 15:41:44 | 000,016,384 | ---- | C] (CST) -- C:\Windows\SysWow64\lgfwunis.exe
[2011.12.02 15:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
[2011.12.02 15:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2011.12.02 15:38:57 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011.12.02 15:36:26 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2011.12.02 15:34:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011.12.02 15:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011.12.02 15:34:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011.12.02 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011.12.02 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files
[2011.12.02 13:13:08 | 000,000,000 | ---D | C] -- C:\The Folder
[2011.12.02 12:29:07 | 000,000,000 | ---D | C] -- C:\thunderbird
[2011.12.02 12:14:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.02 12:14:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2011.12.02 12:14:09 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.12.02 12:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.12.02 10:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.12.02 10:17:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.02 10:17:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.02 10:17:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.02 10:17:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.02 10:17:32 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.02 10:17:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.02 10:17:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.02 10:17:31 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.02 10:17:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.02 07:35:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.12.02 07:35:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.12.02 07:35:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.12.02 07:35:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.12.02 07:35:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.12.02 07:35:39 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.12.01 21:35:42 | 000,000,000 | -H-D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2011.12.01 21:35:38 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.12.01 21:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.01 21:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011.12.01 21:09:15 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.12.01 20:38:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.12.01 20:38:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.01 20:38:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.01 20:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Formats
[2011.12.01 20:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.12.01 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.12.01 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.12.01 18:32:10 | 000,000,000 | ---D | C] -- C:\torrent
[2011.12.01 18:25:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Azureus
[2011.12.01 18:24:58 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus
[2011.12.01 18:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2011.12.01 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Azureus
[2011.12.01 16:59:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.12.01 16:59:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Windows Live Writer
[2011.12.01 16:57:25 | 000,000,000 | ---D | C] -- C:\Casino
[2011.12.01 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011.12.01 16:45:29 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\HP
[2011.12.01 16:45:28 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\HP
[2011.12.01 16:08:18 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Yahoo!
[2011.12.01 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011.12.01 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011.12.01 16:06:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011.12.01 16:05:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.01 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011.12.01 16:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011.12.01 16:04:54 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2011.12.01 16:04:03 | 000,902,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax9.dll
[2011.12.01 16:04:03 | 000,742,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtscl5.dll
[2011.12.01 16:04:03 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2011.12.01 16:04:03 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll
[2011.12.01 16:03:55 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011.12.01 16:03:49 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l092.dll
[2011.12.01 16:03:33 | 000,000,000 | -H-D | C] -- C:\Config.Msi
[2011.12.01 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.01 16:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.01 15:31:53 | 000,000,000 | ---D | C] -- C:\rou
[2011.12.01 14:55:10 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa102.dll
[2011.12.01 14:54:08 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2011.12.01 14:53:56 | 001,306,624 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10264.sys
[2011.12.01 14:53:56 | 000,323,584 | ---- | C] (Voyetra Turtle Beach) -- C:\Windows\AAMicroUninstall.exe
[2011.12.01 14:53:56 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\Fltr102.dll
[2011.12.01 14:53:56 | 000,229,376 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\Windows\SysWow64\TBMicro.cpl
[2011.12.01 14:53:56 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\C102Prop.dll
[2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Beach
[2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turtle Beach
[2011.12.01 14:41:56 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Adobe
[2011.12.01 14:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.01 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.01 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.01 10:21:04 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\photoOptimizeHistoryDataBase
[2011.12.01 10:21:03 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Ashampoo Photo Optimizer Medion
[2011.12.01 10:20:49 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.12.01 10:19:52 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\watchmi
[2011.12.01 10:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.01 10:15:34 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.01 10:15:34 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.01 10:15:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.01 09:41:26 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.01 08:39:14 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2011.12.01 08:39:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Medion Reminder
[2011.12.01 08:39:11 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Power2Go
[2011.12.01 08:38:50 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.12.01 08:38:50 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011.12.01 08:38:43 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.12.01 08:38:41 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011.12.01 08:38:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.01 08:38:40 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.12.01 08:38:33 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\Videos
[2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\Pictures
[2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\Music
[2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.12.01 08:38:33 | 000,000,000 | RH-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
[2011.12.01 08:38:33 | 000,000,000 | -H-D | C] -- C:\Users\***\AppData
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011.12.01 08:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek
[2011.12.01 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011.12.01 08:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011.12.01 08:34:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011.12.01 08:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2011.12.01 08:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011.12.01 08:33:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5
[2011.12.01 08:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011.12.01 08:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011.12.01 08:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal
[2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011.12.01 08:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.11 10:57:50 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 10:57:50 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.11 10:54:46 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.11 10:54:46 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.11 10:54:46 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.11 10:54:46 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.11 10:54:46 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.11 10:50:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.11 10:50:27 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.11 02:38:04 | 000,001,574 | ---- | M] () -- C:\Users\***\Desktop\eMail.lnk
[2011.12.11 02:37:26 | 000,000,271 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011.12.11 02:36:39 | 589,455,643 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.11 01:23:23 | 000,453,632 | ---- | M] () -- C:\ProgramData\pGONmFwqUnrH.exe
[2011.12.10 06:35:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.10 03:01:02 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 12:46:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 10:58:00 | 000,391,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.08 15:12:27 | 000,000,600 | ---- | M] () -- C:\Users\***\PUTTY.RND
[2011.12.08 02:14:17 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111208_021415.reg
[2011.12.08 02:14:05 | 000,001,378 | -H-- | M] () -- C:\Users\***\Documents\cc_20111208_021403.reg
[2011.12.08 00:24:06 | 000,001,161 | ---- | M] () -- C:\prefs.js
[2011.12.06 21:43:52 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111206_214350.reg
[2011.12.06 12:28:52 | 000,001,186 | -H-- | M] () -- C:\Users\***\Documents\cc_20111206_122849.reg
[2011.12.04 22:07:47 | 000,000,750 | -H-- | M] () -- C:\Users\***\Desktop\CasinoClub.lnk
[2011.12.04 01:55:47 | 000,000,740 | -H-- | M] () -- C:\Users\***\Documents\cc_20111204_015545.reg
[2011.12.04 01:32:55 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.04 01:16:28 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.12.02 16:38:24 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_163822.reg
[2011.12.02 16:38:10 | 000,029,470 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_163807.reg
[2011.12.02 15:38:55 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011.12.02 12:04:11 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120408.reg
[2011.12.02 12:04:00 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120357.reg
[2011.12.02 12:03:49 | 000,000,206 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120347.reg
[2011.12.02 12:03:38 | 000,001,060 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120335.reg
[2011.12.02 12:03:20 | 000,038,304 | -H-- | M] () -- C:\Users\***\Documents\cc_20111202_120311.reg
[2011.12.01 21:51:08 | 000,001,221 | -H-- | M] () -- C:\Users\***\Desktop\GTA San Andreas.lnk
[2011.12.01 20:38:29 | 000,000,022 | ---- | M] () -- C:\Program Files\zipnew.dat
[2011.12.01 20:38:29 | 000,000,020 | ---- | M] () -- C:\Program Files\rarnew.dat
[2011.12.01 16:45:25 | 000,241,431 | ---- | M] () -- C:\Windows\hpwins28.dat
[2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.12.01 14:55:10 | 000,000,135 | ---- | M] () -- C:\Windows\Cm102.ini.imi
[2011.12.01 14:55:10 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2011.12.01 14:55:10 | 000,000,107 | ---- | M] () -- C:\Windows\Cm102.ini.cfl
[2011.12.01 14:54:25 | 000,000,084 | ---- | M] () -- C:\Windows\System\Cm102.ini
[2011.12.01 14:37:02 | 000,001,262 | -H-- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 14:10:03 | 000,093,158 | -H-- | M] () -- C:\Users\***\Documents\cc_20111201_140954.reg
 
========== Files Created - No Company Name ==========
 
[2011.12.11 02:38:04 | 000,001,574 | ---- | C] () -- C:\Users\***\Desktop\eMail.lnk
[2011.12.11 01:41:39 | 589,455,643 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.11 01:26:47 | 000,453,632 | ---- | C] () -- C:\ProgramData\pGONmFwqUnrH.exe
[2011.12.10 06:35:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.09 13:13:19 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.08 15:12:27 | 000,000,600 | ---- | C] () -- C:\Users\***\PUTTY.RND
[2011.12.08 02:14:16 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111208_021415.reg
[2011.12.08 02:14:04 | 000,001,378 | -H-- | C] () -- C:\Users\***\Documents\cc_20111208_021403.reg
[2011.12.08 00:24:06 | 000,001,161 | ---- | C] () -- C:\prefs.js
[2011.12.06 21:43:51 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111206_214350.reg
[2011.12.06 12:28:51 | 000,001,186 | -H-- | C] () -- C:\Users\***\Documents\cc_20111206_122849.reg
[2011.12.04 22:07:47 | 000,000,750 | -H-- | C] () -- C:\Users\***\Desktop\CasinoClub.lnk
[2011.12.04 01:55:46 | 000,000,740 | -H-- | C] () -- C:\Users\***\Documents\cc_20111204_015545.reg
[2011.12.02 16:38:23 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_163822.reg
[2011.12.02 16:38:09 | 000,029,470 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_163807.reg
[2011.12.02 15:41:46 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.12.02 12:04:09 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120408.reg
[2011.12.02 12:03:59 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120357.reg
[2011.12.02 12:03:48 | 000,000,206 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120347.reg
[2011.12.02 12:03:36 | 000,001,060 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120335.reg
[2011.12.02 12:03:16 | 000,038,304 | -H-- | C] () -- C:\Users\***\Documents\cc_20111202_120311.reg
[2011.12.01 21:51:08 | 000,001,221 | -H-- | C] () -- C:\Users\***\Desktop\GTA San Andreas.lnk
[2011.12.01 20:38:29 | 000,000,022 | ---- | C] () -- C:\Program Files\zipnew.dat
[2011.12.01 20:38:29 | 000,000,020 | ---- | C] () -- C:\Program Files\rarnew.dat
[2011.12.01 20:38:22 | 001,163,264 | ---- | C] () -- C:\Program Files\WinRAR.exe
[2011.12.01 20:38:22 | 000,417,792 | ---- | C] () -- C:\Program Files\Rar.exe
[2011.12.01 20:38:22 | 000,312,149 | ---- | C] () -- C:\Program Files\WinRAR.chm
[2011.12.01 20:38:22 | 000,276,992 | ---- | C] () -- C:\Program Files\UnRAR.exe
[2011.12.01 20:38:22 | 000,164,864 | ---- | C] () -- C:\Program Files\RarExt.dll
[2011.12.01 20:38:22 | 000,140,288 | ---- | C] () -- C:\Program Files\RarExt32.dll
[2011.12.01 20:38:22 | 000,135,814 | ---- | C] () -- C:\Program Files\Default64.SFX
[2011.12.01 20:38:22 | 000,132,608 | ---- | C] () -- C:\Program Files\Uninstall.exe
[2011.12.01 20:38:22 | 000,106,118 | ---- | C] () -- C:\Program Files\Zip64.SFX
[2011.12.01 20:38:22 | 000,102,864 | ---- | C] () -- C:\Program Files\WinCon64.SFX
[2011.12.01 20:38:22 | 000,100,726 | ---- | C] () -- C:\Program Files\winrar.lng
[2011.12.01 20:38:22 | 000,099,840 | ---- | C] () -- C:\Program Files\Default.SFX
[2011.12.01 20:38:22 | 000,079,872 | ---- | C] () -- C:\Program Files\Zip.SFX
[2011.12.01 20:38:22 | 000,073,728 | ---- | C] () -- C:\Program Files\WinCon.SFX
[2011.12.01 20:38:22 | 000,038,092 | ---- | C] () -- C:\Program Files\rar.lng
[2011.12.01 20:38:22 | 000,008,084 | ---- | C] () -- C:\Program Files\uninstall.lng
[2011.12.01 20:38:22 | 000,003,973 | ---- | C] () -- C:\Program Files\Order.htm
[2011.12.01 20:38:22 | 000,003,584 | ---- | C] () -- C:\Program Files\rarext.lng
[2011.12.01 20:38:22 | 000,001,422 | ---- | C] () -- C:\Program Files\Descript.ion
[2011.12.01 20:38:22 | 000,001,400 | ---- | C] () -- C:\Program Files\RarFiles.lst
[2011.12.01 20:38:22 | 000,000,700 | ---- | C] () -- C:\Program Files\Uninstall.lst
[2011.12.01 20:38:22 | 000,000,622 | ---- | C] () -- C:\Program Files\File_Id.diz
[2011.12.01 16:57:27 | 000,000,801 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Club Gold Casino.lnk
[2011.12.01 16:13:37 | 3206,787,072 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.01 16:02:09 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.12.01 14:55:10 | 000,787,456 | ---- | C] () -- C:\Windows\SysNative\Cmeau102.exe
[2011.12.01 14:55:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix102.dll
[2011.12.01 14:55:10 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2011.12.01 14:55:10 | 000,000,107 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2011.12.01 14:54:44 | 000,000,135 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2011.12.01 14:54:25 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2011.12.01 14:54:25 | 000,000,494 | ---- | C] () -- C:\Windows\Cm102.ini.cfg
[2011.12.01 14:54:25 | 000,000,084 | ---- | C] () -- C:\Windows\System\Cm102.ini
[2011.12.01 14:54:07 | 000,000,449 | ---- | C] () -- C:\Windows\cm102.ini
[2011.12.01 14:37:02 | 000,001,262 | -H-- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 14:10:01 | 000,093,158 | -H-- | C] () -- C:\Users\***\Documents\cc_20111201_140954.reg
[2011.12.01 08:38:56 | 000,001,409 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.12.01 08:38:51 | 000,001,260 | -H-- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2011.12.10 06:19:19 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.12.04 01:18:03 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.11 01:35:57 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.12.10 03:03:39 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.09 13:18:44 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2011.12.02 12:14:09 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.09 13:14:01 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.12.06 21:27:29 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\VshareComplete
[2011.12.01 16:59:03 | 000,000,000 | -H-D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.12.11 01:42:05 | 000,025,978 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
< End of report >
         
--- --- ---




Extras.txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 11.12.2011 15:29:12 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 45,85% Memory free
7,96 Gb Paging File | 5,46 Gb Available in Paging File | 68,54% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1606,98 Gb Free Space | 88,69% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1f7fdd50-deac-46f0-ae3b-beb62f962976}" = Slotastic
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3a4df6e3-5d5b-4d3b-a829-5e4fea186714}" = Lucky18 Casino
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{8467b556-b091-4b48-ac95-c32808a4d3aa}" = iNetBet Casino
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{d7cb908f-8b0f-48b5-8d71-ef6b226bb434}" = Intertops Casino
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE03E7C3-0250-49DC-A5AA-24FE0555EA22}" = AudioAdvantageMicro
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{fe986ae8-5283-4177-9178-52ba8d21bb10}" = Jackpot Capital
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Azureus" = Azureus
"CasinoClub" = CasinoClub
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"gowild" = Go Wild Casino
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Liven asennustyökalu
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Club Gold Casino" = Club Gold Casino
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 09.12.2011 07:18:13 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea790c9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6c67f1e9
ID
 des fehlerhaften Prozesses: 0xc84  Startzeit der fehlerhaften Anwendung: 0x01ccb662cc351e2a
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\valve\steam\steamapps\cyman3\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 7b3aeae0-2257-11e1-b280-8c89a56bfac5
 
Error - 09.12.2011 14:14:50 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: hl2.exe, Version: 0.0.0.0, Zeitstempel:
 0x4ea78f27  Name des fehlerhaften Moduls: filesystem_steam.dll_unloaded, Version:
 0.0.0.0, Zeitstempel: 0x4ea790c9  Ausnahmecode: 0xc0000005  Fehleroffset: 0x6cc6f1e9
ID
 des fehlerhaften Prozesses: 0xd94  Startzeit der fehlerhaften Anwendung: 0x01ccb69ce3b27cc9
Pfad
 der fehlerhaften Anwendung: c:\program files (x86)\valve\steam\steamapps\cyman3\counter-strike
 source\hl2.exe  Pfad des fehlerhaften Moduls: filesystem_steam.dll  Berichtskennung:
 aedffcfc-2291-11e1-b280-8c89a56bfac5
 
Error - 09.12.2011 17:21:30 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm PowerDVD9.exe, Version 9.0.2917.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 14ac    Startzeit:
 01ccb6b7d6d51003    Endzeit: 135    Anwendungspfad: C:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.exe
 
Berichts-ID:
 b869ebe3-22ab-11e1-b280-8c89a56bfac5  
 
Error - 09.12.2011 22:18:53 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Error: Die Serververbindung wurde aufgrund eines
 Fehlers beendet.   ErrorCode: 14007(0x36b7). 
 
Error - 10.12.2011 13:09:55 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.0.147, Zeitstempel:
 0x4e084ccc  Name des fehlerhaften Moduls: javaw.exe, Version: 7.0.0.147, Zeitstempel:
 0x4e084ccc  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000014c99  ID des fehlerhaften
 Prozesses: 0x1a74  Startzeit der fehlerhaften Anwendung: 0x01ccb750cf8b5936  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Java\jre7\bin\javaw.exe  Berichtskennung: c7cd095e-2351-11e1-abb0-8c89a56bfac5
 
Error - 10.12.2011 13:16:27 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.0.147 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1d90    Startzeit:
 01ccb75e96db4d93    Endzeit: 107    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe
 
Berichts-ID:
 a6c415b3-2352-11e1-abb0-8c89a56bfac5  
 
Error - 10.12.2011 15:07:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.0.147, Zeitstempel:
 0x4e084ccc  Name des fehlerhaften Moduls: javaw.exe, Version: 7.0.0.147, Zeitstempel:
 0x4e084ccc  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000014c99  ID des fehlerhaften
 Prozesses: 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01ccb75f75ecb5f7  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Java\jre7\bin\javaw.exe  Berichtskennung: 3d3c132a-2362-11e1-abb0-8c89a56bfac5
 
Error - 10.12.2011 20:42:20 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
Error - 10.12.2011 20:44:45 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
Error - 10.12.2011 20:49:03 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
[ System Events ]
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:22 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.12.2011 20:48:41 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 10.12.2011 21:36:44 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
 
< End of report >
         
--- --- ---


Sorry, double-post, kann gelöscht werden.

Habe nun nochmals SpyBot und Avira durchlaufen lassen, beide haben nichts mehr gefunden. Was meinen die Experten zum Logfile, gibts da z.B. Registry Probleme oder andere Trojaner Aktivitäten?

Ich weiß, dass nicht sofort geantwortet werden kann ... es wäre nur toll, wenn jemand kurz übers Logfile drüber gucken könnte, weil ich auf meinem PC zur Zeit nur ungern Passwörter etc. eingebe ...

anyone?
Ich möchte nicht drängen, nur verstehe ich zu wenig von OTL als das ich mich trauen würde, wieder Passwörter an meinem PC zu verwenden ... was meint ihr?

OK, zum fünften Mal ... ich brauche Hilfe!

Ähm, ich trau mich ja kaum zu fragen, aber an die Moderatoren: Was mache ich falsch? Habe ich etwas nicht gepostet, was zur Fehlerdiagnose nötig ist?

Moderator?

Alt 14.12.2011, 06:50   #2
kira
/// Helfer-Team
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du herauslöschen oder durch [X] ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
Zitat:
Wenn ein System kompromittiert wurde, ist das System nicht mehr vertrauenswürdig
Eine Neuinstallation garantiert die rückstandsfreie Entfernung der Infektion - Lesestoff: "Hilfe: Ich wurde das Opfer eines Hackerangriffs. Was soll ich tun?" - Säubern eines gefährdeten Systems
Falls du doch für die Systemreinigung entscheidest - Ein System zu bereinigen kann ein paar Tage dauern (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst::

Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
Zitat:
Spybot
- würde ich nicht mehr empfehlen, da erfüllt nicht die neue Schutzanforderungen und Lösungen Schutz vor Malware bzw gegenüber ganz neuen Herausforderungen arbeitet nicht zufriedenstellend
meiner Meinung nach bietet nicht mehr ausreichenden Schutz gegen "moderne Malwarearten"...
► Falls Du doch es behalten möchtest:
Stelle bitte den TeaTimer ab:
Gehe bei Spybot-S&D in den Erweiterten Modus und wähle dort Werkzeuge -> Resident.
Deaktiviere hier den "Resident TeaTimer aktiv".
(Tea Timer versucht positive änderungen auch zu blockieren) - soll für immer deaktiviert bleiben!

2.
Code:
ATTFilter
Azureus
         
die Nutzung der von Filesharing (Filesharing (deutsch "Dateifreigabe" oder "gemeinsamer Dateizugriff", wörtlich "Dateien teilen") )- Plattformen ...
Zitat:
Internet-Tauschbörsen gehören leider zu den unseriösesten Anbietern, und dort werden sehr viele Schädlinge verbreitet, hierbei sollte deshalb, wenn überhaupt, nur ganz besonders vorsichtig umgegangen werden ! Laut Studien sind bei den Tauschbörsen bei 45% der zum Download angebotenen Dateien, Viren oder Würmer und sonstige Schädlinge enthalten!
Hinzu kommt noch, dass die meisten Downloads von diesen Tauschbörsen eh illegal sind, und damit die Nutzer verleitet werden, „Straftaten“ zu begehen!
Selbst wenn du glaubst, dass Du ein „sicheres“ P2P Programm verwendest, nicht mal das Programm selbst sicher, da Du wirst Daten von "uncertified Quellen" teilen, und diese werden häufig angesteckt...
Ausserdem nicht nur trojanische Pferde oder andere Virentypen eine direkt Verbindung brauchen, sondern der Verwendung von µtorrent & Co, "telefonieren auch nach Hause", wenn auch noch keine Beweise vorliegen (zumindest teilweise nicht) und solchen Clients erlaubt, würde ich nicht empfehlen!
Solange du solche Programme auf dein PC hast, wirst Du Dich laufend mit etwas Problematik konfrontieren müssen!

3.
Zitat:
Falls treten folgende Symptome auf:
Ordner sind leer, unter Startmenü Programme fehlen etc., dieses Tool bietet dir die Lösung:
<Achtung!>: Wenn Dateien etc, die absichtlich von Dir verborgen waren, also unter eigenschaften versteckt eingestellt hast, musst Du wieder auszublenden, nachdem das Tool ausgeführt wird.

Zitat:
Alles wieder sichtbar? Bitte kontrolliere es und berichte mir genau über den Zustand!
4.
Lade Dir
Malwarebytes Anti-Malware von→ malwarebytes.org
  • Installieren und per Doppelklick starten.
  • Deutsch einstellen und gleich mal die Datenbanken zu aktualisieren - online updaten
  • "Komplett Scan durchführen" wählen (überall Haken setzen)
  • wenn der Scanvorgang beendet ist, klicke auf "Zeige Resultate"
  • Alle Funde - falls MBAM meldet in C:\System Volume Information - den Haken bitte entfernen - markieren und auf "Löschen" - "Ausgewähltes entfernen") klicken.
  • Poste das Ergebnis hier in den Thread - den Bericht findest Du unter "Scan-Berichte"
eine bebilderte Anleitung findest Du hier: Anleitung

5.
Zitat:
Achtung wichtig!:
Falls Du selber im Logfile Änderungen vorgenommen hast, musst Du durch die Originalbezeichnung ersetzen und so in Script einfügen! sonst funktioniert nicht!
(Benutzerordner, dein Name oder sonstige Änderungen durch X, Stern oder andere Namen ersetzt)
Fixen mit OTL
  • Starte die OTL.exe.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Kopiere folgendes Skript:
Code:
ATTFilter
:OTL
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startsear.ch/?aff=1&cf=89074cfa-2048-11e1-b15d-8c89a56bfac5
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\Shell - "" = AutoRun
O33 - MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\Shell\AutoRun\command - "" = J:\Autorun.exe

:Commands
[purity]
[emptytemp]
[resethosts]
         
  • und füge es hier ein:
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Klick auf .
  • OTL verlangt einen Neustart. Bitte zulassen.
  • Nach dem Neustart findest Du ein Textdokument.
    Kopiere den Inhalt hier in Code-Tags in Deinen Thread.

6.
Ich würde gerne noch all deine installierten Programme sehen:
Lade dir das Tool CCleaner herunter
Download
installieren (Software-Lizenzvereinbarung lesen, falls angeboten wird "Füge CCleaner Yahoo! Toolbar hinzu" abwählen)→ starten→ Sprache → Deutsch auswählen
dann klick auf "Extra (um die installierten Programme auch anzuzeigen)→ weiter auf "Als Textdatei speichern..."
wird eine Textdatei (*.txt) erstellt, kopiere dazu den Inhalt und füge ihn da ein

7.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles):[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
** Möglichst nicht ins internet gehen, kein Online-Banking, File-sharing, Chatprogramme usw
gruß
kira
__________________

__________________

Alt 14.12.2011, 12:03   #3
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



So, kira, erstmal vielen vielen Dank für die Antwort!
Also, los gehts:

1. Zu SpyBot: Ich habe das nun (inkl. TeaTimer) erstmal draufgelassen bis Du/Ihr mir eine bessere Alternative empfehlt ... was könnte man stattdessen nehmen?

2. Unhide.exe hat wirklich alle Dateien und Verknüpfungen wieder zurückgebracht, Danke! Aber wie wurde das gemacht, versteckt waren die Dateien doch nicht (zumindest hatte ich zuvor schon versucht über die Ordneroptionen versteckte Elemente anzeigen zu lassen, hat aber nicht geklappt)?!
Während des Ausführens von unhide.exe wurde von Avira übrigens folgender Fund gemacht (und gleich in die Quarantäne gepackt): TR/FakeSysdef.A.1269

3. Malwarebytes hat in der Tat (obwohl SpyBot und Avira nichts mehr gefunden hatten) über 30 Objekte entdeckt ... ich habe - bis auf 5 Funde in einer Casino-Software (ich denke, damit ist alles in Ordnung, oder sollte ich die noch löschen bzw. kann ich das Casino dann noch ausführen?) - alle Funde markiert und gelöscht:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8368

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

14.12.2011 11:15:05
mbam-log-2011-12-14 (11-15-05).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|Q:\|)
Durchsuchte Objekte: 352796
Laufzeit: 48 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 1
Infizierte Registrierungsschlüssel: 17
Infizierte Registrierungswerte: 4
Infizierte Dateiobjekte der Registrierung: 2
Infizierte Verzeichnisse: 0
Infizierte Dateien: 10

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
c:\program files (x86)\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Delete on reboot.

Infizierte Registrierungsschlüssel:
HKEY_CLASSES_ROOT\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Club Gold Casino (PUP.Casino) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gowild (PUP.Casino.Gen) -> Quarantined and deleted successfully.

Infizierte Registrierungswerte:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Value: {7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} -> Quarantined and deleted successfully.

Infizierte Dateiobjekte der Registrierung:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (PUM.Hijack.StartMenu) -> Bad: (0) Good: (1) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Main\Start Page (Hijack.StartPage) -> Bad: (hxxp://startsear.ch/?aff=1&cf=89074cfa-2048-11e1-b15d-8c89a56bfac5) Good: (hxxp://www.google.com) -> Quarantined and deleted successfully.

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\vshare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Quarantined and deleted successfully.
c:\Casino\club gold casino\_setupcasino.exe_b6fd0.exe (PUP.Casino) -> Quarantined and deleted successfully.
c:\microgaming\Casino\GoWild\install.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\program files (x86)\inetbet casino\miniprocess.exe (Adware.Casino) -> Not selected for removal.
c:\program files (x86)\intertops casino\miniprocess.exe (Adware.Casino) -> Not selected for removal.
c:\program files (x86)\jackpot capital\miniprocess.exe (Adware.Casino) -> Not selected for removal.
c:\program files (x86)\lucky18 casino\miniprocess.exe (Adware.Casino) -> Not selected for removal.
c:\program files (x86)\slotastic\miniprocess.exe (Adware.Casino) -> Not selected for removal.
c:\rou\gowildcasino.exe (PUP.Casino.Gen) -> Quarantined and deleted successfully.
c:\rou\setupcasino.exe_b6fd0.exe (PUP.Casino) -> Quarantined and deleted successfully.
         
4. Bei dem Fix mit OTL.exe hatte ich erst die Sternchen ausm Logfile nicht weggemacht und abgebrochen ... beim zweiten Versuch hats dann wohl geklappt, hier das Resultat:

Code:
ATTFilter
All processes killed
========== OTL ==========
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{46a6bd82-1da4-11e1-8ccf-8c89a56bfac5}\ not found.
File J:\Autorun.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: arne-lena
->Temp folder emptied: 16384 bytes
->Temporary Internet Files folder emptied: 12426098 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 2403 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 0 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 12,00 mb
 
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
 
OTL by OldTimer - Version 3.2.31.0 log created on 12142011_113549

Files\Folders moved on Reboot...
File\Folder C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\UM6OJQT8\106111-desktop-verknuepfungen-verschwunden-crypt-xpack-gen-entdeckt-wurde[1].htm moved successfully.
File\Folder C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\ED8654D5-B9F0-4DD9-B3E8-F8F560086FDF.dat not found!

Registry entries deleted on Reboot...
         
5. Hier die erneuten Scan Logfiles von OTL.exe:

OTL.txt

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.12.2011 11:42:23 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,39% Memory free
7,96 Gb Paging File | 6,17 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1601,00 Gb Free Space | 88,36% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.11 15:22:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.11 22:51:47 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.26 00:32:46 | 000,443,688 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 08:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.14 06:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.08.30 22:03:42 | 001,654,784 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe
PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.01.26 15:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.19 09:22:04 | 000,548,864 | ---- | M] (BL) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.02 11:40:57 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll
MOD - [2011.12.02 11:40:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2011.12.02 11:33:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.12.02 11:33:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.12.02 11:33:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.12.02 11:32:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.12.02 11:32:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.12.02 11:32:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.12.02 11:32:51 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.12.02 11:32:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.05.16 15:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.22 12:42:56 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.04.22 12:42:54 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.04.22 12:42:54 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.12.09 14:49:42 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.05.14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:46:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.04 01:16:28 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.17 06:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.09.14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009.09.08 17:45:24 | 001,306,624 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10264.sys -- (USBAU)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.02 12:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M]
 
[2011.12.02 12:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2011.12.14 11:36:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\***\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\***\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Turtle Beach Audio Advantage Micro] C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.244.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.14 11:22:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.14 10:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.14 10:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.14 10:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.14 10:17:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.14 10:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.14 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.14 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.14 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2011.12.14 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.14 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2011.12.11 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.11 18:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.11 18:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.12.11 16:42:15 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011.12.11 01:41:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.10 13:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011.12.09 20:25:59 | 000,000,000 | ---D | C] -- C:\Anna-Lenas Scheiss Fuckin Shit Ordner
[2011.12.09 16:06:43 | 000,000,000 | ---D | C] -- C:\Another American Experience
[2011.12.09 15:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011.12.09 13:18:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\T-Online
[2011.12.09 13:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online
[2011.12.09 13:15:31 | 000,000,000 | ---D | C] -- C:\T-Online
[2011.12.09 13:13:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011.12.09 13:13:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.12.09 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TP
[2011.12.09 13:08:00 | 000,000,000 | ---D | C] -- C:\An American Experience
[2011.12.09 08:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jackpot Capital
[2011.12.08 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intertops Casino
[2011.12.08 18:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2011.12.08 15:25:43 | 000,000,000 | ---D | C] -- C:\projax
[2011.12.08 14:41:14 | 000,000,000 | ---D | C] -- C:\itunes
[2011.12.08 13:58:18 | 000,000,000 | ---D | C] -- C:\various
[2011.12.08 13:33:55 | 000,000,000 | ---D | C] -- C:\unknowntitle
[2011.12.08 13:32:05 | 000,000,000 | ---D | C] -- C:\uni
[2011.12.08 11:57:00 | 000,000,000 | R--D | C] -- C:\Beatles
[2011.12.08 01:18:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2011.12.08 01:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.08 00:43:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.12.08 00:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2011.12.08 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2011.12.08 00:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.12.08 00:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.12.06 23:43:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.12.06 23:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.12.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VshareComplete
[2011.12.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VshareComplete
[2011.12.06 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare.tv plugin
[2011.12.06 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Paletten
[2011.12.06 16:27:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Corel
[2011.12.06 16:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.12.06 16:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2011.12.05 19:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Wild Casino
[2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\Microgaming
[2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2011.12.04 22:07:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2011.12.04 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2011.12.04 15:49:36 | 000,000,000 | ---D | C] -- C:\bay
[2011.12.04 14:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WS_FTP
[2011.12.04 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc Plus 2.5
[2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc
[2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartripper
[2011.12.04 14:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoto Plus 4
[2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrontPage Express
[2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2011.12.04 14:56:12 | 000,000,000 | ---D | C] -- C:\maike
[2011.12.04 14:56:01 | 000,000,000 | ---D | C] -- C:\len
[2011.12.04 14:55:59 | 000,000,000 | ---D | C] -- C:\job
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\files
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\bentus
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\alfotto
[2011.12.04 14:53:14 | 000,000,000 | ---D | C] -- C:\tyschan
[2011.12.04 14:53:08 | 000,000,000 | ---D | C] -- C:\trade
[2011.12.04 14:53:06 | 000,000,000 | ---D | C] -- C:\snes
[2011.12.04 14:52:57 | 000,000,000 | ---D | C] -- C:\shirt
[2011.12.04 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNetBet Casino
[2011.12.04 14:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011.12.04 01:43:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rockstar Games
[2011.12.04 01:41:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games
[2011.12.04 01:32:55 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.12.04 01:16:28 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.12.04 01:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.12.04 01:15:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.04 01:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.12.03 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lucky18 Casino
[2011.12.02 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slotastic
[2011.12.02 15:43:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2011.12.02 15:41:44 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2011.12.02 15:41:44 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vb6stkit.dll
[2011.12.02 15:41:44 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6KO.DLL
[2011.12.02 15:41:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemdisp.tlb
[2011.12.02 15:41:44 | 000,016,384 | ---- | C] (CST) -- C:\Windows\SysWow64\lgfwunis.exe
[2011.12.02 15:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
[2011.12.02 15:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2011.12.02 15:38:57 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011.12.02 15:36:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2011.12.02 15:34:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011.12.02 15:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011.12.02 15:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011.12.02 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011.12.02 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files
[2011.12.02 13:13:08 | 000,000,000 | ---D | C] -- C:\The Folder
[2011.12.02 12:29:07 | 000,000,000 | ---D | C] -- C:\thunderbird
[2011.12.02 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.02 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2011.12.02 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.12.02 12:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.12.02 10:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.12.02 10:17:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.02 10:17:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.02 10:17:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.02 10:17:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.02 10:17:32 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.02 10:17:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.02 10:17:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.02 10:17:31 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.02 10:17:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.02 07:35:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.12.02 07:35:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.12.02 07:35:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.12.02 07:35:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.12.02 07:35:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.12.02 07:35:39 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.12.01 21:35:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2011.12.01 21:35:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.12.01 21:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011.12.01 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.12.01 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.12.01 20:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Formats
[2011.12.01 20:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.12.01 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.12.01 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.12.01 18:32:10 | 000,000,000 | ---D | C] -- C:\torrent
[2011.12.01 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Azureus
[2011.12.01 18:24:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Azureus
[2011.12.01 18:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2011.12.01 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Azureus
[2011.12.01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.12.01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer
[2011.12.01 16:57:25 | 000,000,000 | ---D | C] -- C:\Casino
[2011.12.01 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011.12.01 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP
[2011.12.01 16:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HP
[2011.12.01 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yahoo!
[2011.12.01 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011.12.01 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011.12.01 16:06:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011.12.01 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011.12.01 16:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011.12.01 16:04:54 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2011.12.01 16:04:03 | 000,902,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax9.dll
[2011.12.01 16:04:03 | 000,742,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtscl5.dll
[2011.12.01 16:04:03 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2011.12.01 16:04:03 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll
[2011.12.01 16:03:55 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011.12.01 16:03:49 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l092.dll
[2011.12.01 16:03:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.12.01 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.01 16:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.01 15:31:53 | 000,000,000 | ---D | C] -- C:\rou
[2011.12.01 14:55:10 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa102.dll
[2011.12.01 14:54:08 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2011.12.01 14:53:56 | 001,306,624 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10264.sys
[2011.12.01 14:53:56 | 000,323,584 | ---- | C] (Voyetra Turtle Beach) -- C:\Windows\AAMicroUninstall.exe
[2011.12.01 14:53:56 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\Fltr102.dll
[2011.12.01 14:53:56 | 000,229,376 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\Windows\SysWow64\TBMicro.cpl
[2011.12.01 14:53:56 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\C102Prop.dll
[2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Beach
[2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turtle Beach
[2011.12.01 14:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2011.12.01 14:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.01 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.01 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.01 10:21:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\photoOptimizeHistoryDataBase
[2011.12.01 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Ashampoo Photo Optimizer Medion
[2011.12.01 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.12.01 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\watchmi
[2011.12.01 10:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.01 10:15:34 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.01 10:15:34 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.01 10:15:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.01 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.01 08:39:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2011.12.01 08:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion Reminder
[2011.12.01 08:39:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.01 08:38:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.12.01 08:38:41 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011.12.01 08:38:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.01 08:38:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.12.01 08:38:33 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData
[2011.12.01 08:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek
[2011.12.01 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011.12.01 08:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011.12.01 08:34:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011.12.01 08:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2011.12.01 08:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011.12.01 08:33:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5
[2011.12.01 08:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011.12.01 08:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011.12.01 08:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal
[2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011.12.01 08:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.14 11:44:18 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 11:44:18 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.14 11:41:41 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.14 11:41:41 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.14 11:41:41 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.14 11:41:41 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.14 11:41:41 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.14 11:41:36 | 000,000,630 | ---- | M] () -- C:\Users\***\Documents\bericht.rtf
[2011.12.14 11:37:54 | 000,000,271 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011.12.14 11:37:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.14 11:37:03 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.14 11:36:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.12.14 10:17:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.14 10:10:56 | 000,684,297 | ---- | M] () -- C:\Users\***\Desktop\unhide.exe
[2011.12.12 22:42:56 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111212_224254.reg
[2011.12.12 22:42:47 | 000,010,300 | ---- | M] () -- C:\Users\***\Documents\cc_20111212_224244.reg
[2011.12.11 17:57:42 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111211_175739.reg
[2011.12.11 17:57:14 | 000,021,334 | ---- | M] () -- C:\Users\***\Documents\cc_20111211_175707.reg
[2011.12.11 02:38:04 | 000,001,574 | ---- | M] () -- C:\Users\***\Desktop\eMail.lnk
[2011.12.11 02:36:39 | 589,455,643 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2011.12.10 06:35:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.10 03:01:02 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 12:46:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 10:58:00 | 000,391,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.08 15:12:27 | 000,000,600 | ---- | M] () -- C:\Users\***\PUTTY.RND
[2011.12.08 02:14:17 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111208_021415.reg
[2011.12.08 02:14:05 | 000,001,378 | ---- | M] () -- C:\Users\***\Documents\cc_20111208_021403.reg
[2011.12.08 00:24:06 | 000,001,161 | ---- | M] () -- C:\prefs.js
[2011.12.06 21:43:52 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111206_214350.reg
[2011.12.06 12:28:52 | 000,001,186 | ---- | M] () -- C:\Users\***\Documents\cc_20111206_122849.reg
[2011.12.05 19:27:06 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Go Wild Casino.lnk
[2011.12.04 22:07:47 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\CasinoClub.lnk
[2011.12.04 18:18:53 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.12.04 01:55:47 | 000,000,740 | ---- | M] () -- C:\Users\***\Documents\cc_20111204_015545.reg
[2011.12.04 01:32:55 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.04 01:16:28 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.12.02 18:02:08 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Slotastic.lnk
[2011.12.02 16:38:24 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_163822.reg
[2011.12.02 16:38:10 | 000,029,470 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_163807.reg
[2011.12.02 15:38:55 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011.12.02 12:04:11 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120408.reg
[2011.12.02 12:04:00 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120357.reg
[2011.12.02 12:03:49 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120347.reg
[2011.12.02 12:03:38 | 000,001,060 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120335.reg
[2011.12.02 12:03:20 | 000,038,304 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120311.reg
[2011.12.01 21:51:08 | 000,001,221 | ---- | M] () -- C:\Users\***\Desktop\GTA San Andreas.lnk
[2011.12.01 16:45:25 | 000,241,431 | ---- | M] () -- C:\Windows\hpwins28.dat
[2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.12.01 16:06:39 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.12.01 16:06:05 | 000,002,103 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.12.01 14:55:10 | 000,000,135 | ---- | M] () -- C:\Windows\Cm102.ini.imi
[2011.12.01 14:55:10 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2011.12.01 14:55:10 | 000,000,107 | ---- | M] () -- C:\Windows\Cm102.ini.cfl
[2011.12.01 14:54:25 | 000,000,084 | ---- | M] () -- C:\Windows\System\Cm102.ini
[2011.12.01 14:37:02 | 000,001,262 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 14:10:03 | 000,093,158 | ---- | M] () -- C:\Users\***\Documents\cc_20111201_140954.reg
[2011.12.01 10:15:38 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.14 10:17:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.14 10:16:02 | 000,000,630 | ---- | C] () -- C:\Users\***\Documents\bericht.rtf
[2011.12.14 10:13:16 | 000,002,309 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office 2010.lnk
[2011.12.14 10:13:16 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.14 10:13:16 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.12.14 10:13:16 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\MEDION Serviceportal.lnk
[2011.12.14 10:13:16 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Slotastic.lnk
[2011.12.14 10:13:16 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Go Wild Casino.lnk
[2011.12.14 10:13:16 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.12.14 10:13:14 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.12.14 10:13:13 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.12.14 10:13:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.14 10:13:13 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2011.12.14 10:13:13 | 000,002,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011.12.14 10:13:13 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.12.14 10:13:13 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.12.14 10:13:13 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.12.14 10:13:13 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.12.14 10:13:13 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.12.14 10:13:13 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.12.14 10:13:13 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.12.14 10:13:13 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.12.14 10:13:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.12.14 10:13:13 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.12.14 10:13:13 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.12.14 10:13:13 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.12.14 10:13:13 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.12.14 10:13:13 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.12.14 10:13:13 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.14 10:10:52 | 000,684,297 | ---- | C] () -- C:\Users\***\Desktop\unhide.exe
[2011.12.12 22:42:55 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111212_224254.reg
[2011.12.12 22:42:46 | 000,010,300 | ---- | C] () -- C:\Users\***\Documents\cc_20111212_224244.reg
[2011.12.11 17:57:40 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111211_175739.reg
[2011.12.11 17:57:12 | 000,021,334 | ---- | C] () -- C:\Users\***\Documents\cc_20111211_175707.reg
[2011.12.11 02:38:04 | 000,001,574 | ---- | C] () -- C:\Users\***\Desktop\eMail.lnk
[2011.12.11 01:41:39 | 589,455,643 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2011.12.10 06:35:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.09 13:13:19 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.08 15:12:27 | 000,000,600 | ---- | C] () -- C:\Users\***\PUTTY.RND
[2011.12.08 02:14:16 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111208_021415.reg
[2011.12.08 02:14:04 | 000,001,378 | ---- | C] () -- C:\Users\***\Documents\cc_20111208_021403.reg
[2011.12.08 00:24:06 | 000,001,161 | ---- | C] () -- C:\prefs.js
[2011.12.06 21:43:51 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111206_214350.reg
[2011.12.06 12:28:51 | 000,001,186 | ---- | C] () -- C:\Users\***\Documents\cc_20111206_122849.reg
[2011.12.04 22:07:47 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\CasinoClub.lnk
[2011.12.04 01:55:46 | 000,000,740 | ---- | C] () -- C:\Users\***\Documents\cc_20111204_015545.reg
[2011.12.02 16:38:23 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_163822.reg
[2011.12.02 16:38:09 | 000,029,470 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_163807.reg
[2011.12.02 15:41:46 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.12.02 12:04:09 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120408.reg
[2011.12.02 12:03:59 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120357.reg
[2011.12.02 12:03:48 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120347.reg
[2011.12.02 12:03:36 | 000,001,060 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120335.reg
[2011.12.02 12:03:16 | 000,038,304 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120311.reg
[2011.12.01 21:51:08 | 000,001,221 | ---- | C] () -- C:\Users\***\Desktop\GTA San Andreas.lnk
[2011.12.01 16:13:37 | 3206,787,072 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.01 16:02:09 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.12.01 14:55:10 | 000,787,456 | ---- | C] () -- C:\Windows\SysNative\Cmeau102.exe
[2011.12.01 14:55:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix102.dll
[2011.12.01 14:55:10 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2011.12.01 14:55:10 | 000,000,107 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2011.12.01 14:54:44 | 000,000,135 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2011.12.01 14:54:25 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2011.12.01 14:54:25 | 000,000,494 | ---- | C] () -- C:\Windows\Cm102.ini.cfg
[2011.12.01 14:54:25 | 000,000,084 | ---- | C] () -- C:\Windows\System\Cm102.ini
[2011.12.01 14:54:07 | 000,000,449 | ---- | C] () -- C:\Windows\cm102.ini
[2011.12.01 14:37:02 | 000,001,262 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 14:10:01 | 000,093,158 | ---- | C] () -- C:\Users\***\Documents\cc_20111201_140954.reg
[2011.12.01 08:38:56 | 000,001,409 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.12.01 08:38:51 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2011.12.12 12:05:31 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.12.04 01:18:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.14 10:16:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.12.14 11:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.09 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2011.12.02 12:14:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.09 13:14:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.12.06 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VshareComplete
[2011.12.01 16:59:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.12.11 01:42:05 | 000,028,498 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---
__________________

Alt 14.12.2011, 12:05   #4
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Extras.exe:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 14.12.2011 11:42:23 - Run 2
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 58,39% Memory free
7,96 Gb Paging File | 6,17 Gb Available in Paging File | 77,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1601,00 Gb Free Space | 88,36% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1f7fdd50-deac-46f0-ae3b-beb62f962976}" = Slotastic
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3a4df6e3-5d5b-4d3b-a829-5e4fea186714}" = Lucky18 Casino
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{8467b556-b091-4b48-ac95-c32808a4d3aa}" = iNetBet Casino
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{d7cb908f-8b0f-48b5-8d71-ef6b226bb434}" = Intertops Casino
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE03E7C3-0250-49DC-A5AA-24FE0555EA22}" = AudioAdvantageMicro
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{fe986ae8-5283-4177-9178-52ba8d21bb10}" = Jackpot Capital
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"Azureus" = Azureus
"CasinoClub" = CasinoClub
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Liven asennustyökalu
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 10.12.2011 15:07:44 | Computer Name = ***-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.0.147, Zeitstempel:
 0x4e084ccc  Name des fehlerhaften Moduls: javaw.exe, Version: 7.0.0.147, Zeitstempel:
 0x4e084ccc  Ausnahmecode: 0x40000015  Fehleroffset: 0x0000000000014c99  ID des fehlerhaften
 Prozesses: 0x17c0  Startzeit der fehlerhaften Anwendung: 0x01ccb75f75ecb5f7  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Java\jre7\bin\javaw.exe  Berichtskennung: 3d3c132a-2362-11e1-abb0-8c89a56bfac5
 
Error - 10.12.2011 20:42:20 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
Error - 10.12.2011 20:44:45 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
Error - 10.12.2011 20:49:03 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
Error - 11.12.2011 14:19:41 | Computer Name = ***-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information.  Failed to Start the CVH service 1063
 
Error - 11.12.2011 15:45:06 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.12.2011 06:26:59 | Computer Name = ***-PC | Source = Application Hang | ID = 1002
Description = Programm Azureus.exe, Version 1.0.0.0 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: 1198    Startzeit:
 01ccb8b4024cee16    Endzeit: 5    Anwendungspfad: C:\Program Files (x86)\Azureus\Azureus.exe

Berichts-ID:
 c902cfd0-24ab-11e1-b2d7-8c89a56bfac5  
 
Error - 12.12.2011 08:36:56 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 12.12.2011 12:38:27 | Computer Name = ***-PC | Source = System Restore | ID = 8204
Description = 
 
Error - 13.12.2011 04:36:47 | Computer Name = ***-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
 (x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
 "c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8.  Der
 Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ System Events ]
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:01 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
 Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.12.2011 20:45:22 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 10.12.2011 20:48:41 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 10.12.2011 21:36:44 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.12.2011 11:36:25 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 11.12.2011 11:36:25 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 11.12.2011 11:36:26 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 11.12.2011 11:36:26 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
 
< End of report >
         
--- --- ---


6. Nachdem ich nun alles durchgeführt habe, finde ich auf Boot C nun folgende Ordner ... was ist mit denen, kann ich die löschen:

C:\Config.Msi
C:\MSOCache
C:\_OTL


So, nun nochmals vielen Dank, ich hoffe, mir kann weiter geholfen werden

EDIT: Entschuldige, hatte ich vergessen, meine Programme Liste aus CCLeaner:

7. Programme
Code:
ATTFilter
ActiveX-kontroll för fjärranslutningar för Windows Live Mesh	Microsoft Corporation	04.09.2011	5,57 MB	15.4.5722.2
Adobe AIR	Adobe Systems Incorporated	09.08.2011		2.7.1.19610
Adobe Flash Player 10 ActiveX	Adobe Systems Incorporated	30.11.2011	6,00 MB	10.3.183.5
Adobe Flash Player 10 Plugin	Adobe Systems Incorporated	30.11.2011	6,00 MB	10.3.183.5
Adobe Reader X (10.1.1) MUI	Adobe Systems Incorporated	03.12.2011	477 MB	10.1.1
Adobe Shockwave Player 11.6	Adobe Systems, Inc.	30.11.2011		11.6.1.629
Asmedia ASM104x USB 3.0 Host Controller Driver	Asmedia Technology	10.08.2011	2,27 MB	1.12.5.0
AudioAdvantageMicro	Turtle Beach	30.11.2011		1.01.01.02
Avira Free Antivirus	Avira	09.12.2011	105,9 MB	12.0.0.870
Azureus		30.11.2011		2.5.0.4
CasinoClub		03.12.2011		
CCleaner	Piriform	30.11.2011		3.13
Control ActiveX de Windows Live Mesh para conexiones remotas	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
Controlo ActiveX do Windows Live Mesh para Ligações Remotas	Microsoft Corporation	17.07.2011	5,58 MB	15.4.5722.2
Contrôle ActiveX Windows Live Mesh pour connexions à distance	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
Corel Graphics - Windows Shell Extension	Corel Corporation	30.11.2011	2,93 MB	15.2.0.686
CorelDRAW Essentials X5	Corel Corporation	30.11.2011	3.655 MB	15.2.0.686
CorelDRAW Essentials X5 - Extra Content	Corel Corporation	30.11.2011		
CyberLink BD Advisor 2.0		01.12.2011		
CyberLink MediaShow	CyberLink Corp.	01.12.2011	192,1 MB	4.1.3402
CyberLink PowerDVD 9	CyberLink Corp.	01.12.2011	192,8 MB	9.0.2919.52
CyberLink PowerProducer	CyberLink Corp.	01.12.2011	165,4 MB	5.0.1.1520
CyberLink PowerRecover	CyberLink Corp.	17.07.2011	246 MB	5.5.4125
DAEMON Tools Lite	DT Soft Ltd	03.12.2011		4.45.1.0236
EVEREST Home Edition v2.20	Lavalys Inc	05.12.2011		2.20
Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
Free Download Manager 3.0	FreeDownloadManager.ORG	07.12.2011		
Grand Theft Auto IV	Rockstar Games	03.12.2011		1.00.0000
GTA San Andreas	Rockstar Games	30.11.2011		1.00.00001
Half-Life(R) 2	Valve	30.11.2011	5.056 MB	1.0.0.0
HP Customer Participation Program 13.0	HP	30.11.2011		13.0
HP Document Manager 2.0	HP	30.11.2011		2.0
HP Imaging Device Functions 13.0	HP	30.11.2011		13.0
HP Officejet 4500 G510n-z	HP	30.11.2011		13.0
HP Smart Web Printing 4.5	HP	30.11.2011		4.5
HP Solution Center 13.0	HP	30.11.2011		13.0
HP Update	Hewlett-Packard	30.11.2011	3,73 MB	4.000.011.006
iNetBet Casino	RealTimeGaming Software	03.12.2011	30,2 MB	11.1.0
Intel(R) Management Engine Components	Intel Corporation	11.08.2011		7.0.0.1144
Intel(R) Rapid Storage Technology	Intel Corporation	11.08.2011		10.5.0.1026
Intertops Casino	RealTimeGaming Software	07.12.2011	32,7 MB	11.1.0
Jackpot Capital	RealTimeGaming Software	08.12.2011	24,1 MB	11.1.0
Java(TM) 7	Oracle	10.08.2011	98,9 MB	7.0.0
Java(TM) 7 (64-bit)	Oracle	10.08.2011	93,3 MB	7.0.0
JDownloader 0.9	AppWork GmbH	07.12.2011		0.9
Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
LG Tool Kit		01.12.2011		8.01.0919.01
LightScribe System Software	LightScribe	01.12.2011	23,5 MB	1.18.14.1
Lucky18 Casino	RealTimeGaming Software	02.12.2011	30,2 MB	11.1.0
Malwarebytes' Anti-Malware Version 1.51.2.1300	Malwarebytes Corporation	13.12.2011	13,8 MB	1.51.2.1300
Microsoft .NET Framework 4 Client Profile	Microsoft Corporation	17.07.2011	38,8 MB	4.0.30319
Microsoft Games for Windows - LIVE Redistributable	Microsoft Corporation	03.12.2011	32,6 MB	2.0.672.0
Microsoft Office 2010	Microsoft Corporation	17.07.2011	6,31 MB	14.0.4763.1000
Microsoft Office Klick-und-Los 2010	Microsoft Corporation	08.12.2011		14.0.4763.1000
Microsoft Office Starter 2010 - Deutsch	Microsoft Corporation	08.12.2011		14.0.4763.1000
Microsoft Silverlight	Microsoft Corporation	09.12.2011	60,3 MB	4.0.60831.0
Microsoft SQL Server 2005 Compact Edition [ENU]	Microsoft Corporation	17.07.2011	1,70 MB	3.1.0000
Microsoft Visual C++ 2005 Redistributable	Microsoft Corporation	11.08.2011	0,29 MB	8.0.59193
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17	Microsoft Corporation	10.08.2011	0,58 MB	9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161	Microsoft Corporation	11.08.2011	0,59 MB	9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319	Microsoft Corporation	17.07.2011	13,7 MB	10.0.30319
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219	Microsoft Corporation	09.12.2011	16,5 MB	10.0.40219
Mozilla Thunderbird (8.0)	Mozilla	01.12.2011		8.0 (de)
MSXML 4.0 SP2 (KB954430)	Microsoft Corporation	01.12.2011	1,28 MB	4.20.9870.0
MSXML 4.0 SP2 (KB973688)	Microsoft Corporation	02.12.2011	1,33 MB	4.20.9876.0
NVIDIA Graphics Driver 280.26	NVIDIA Corporation	04.09.2011		280.26
NVIDIA HD Audio Driver 1.2.24.0	NVIDIA Corporation	04.09.2011		1.2.24.0
NVIDIA PhysX System Software 9.11.0621	NVIDIA Corporation	04.09.2011		9.11.0621
NVIDIA Update 1.4.28	NVIDIA Corporation	04.09.2011		1.4.28
OCR Software by I.R.I.S. 13.0	HP	30.11.2011		13.0
PlayReady PC Runtime amd64	Microsoft Corporation	30.11.2011	2,06 MB	1.3.0
Realtek High Definition Audio Driver	Realtek Semiconductor Corp.	10.08.2011		6.0.1.6368
Rockstar Games Social Club	Rockstar Games	03.12.2011		1.00.0000
Shop for HP Supplies	HP	30.11.2011		13.0
Slotastic	RealTimeGaming Software	01.12.2011	30,8 MB	11.1.0
Spelling Dictionaries Support For Adobe Reader X	Adobe Systems Incorporated	17.07.2011	65,6 MB	10.0.0
Spybot - Search & Destroy	Safer Networking Limited	30.11.2011		1.6.2
Steam(TM)	Valve	30.11.2011	24,6 MB	1.0.0.0
Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
VLC media player 1.1.11	VideoLAN	07.12.2011		1.1.11
vShare.tv plugin 1.3	vShare.tv, Inc.	05.12.2011		1.3
VshareComplete	VshareComplete	05.12.2011	1,23 MB	
Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
Windows Live Mesh ActiveX Control for Remote Connections	Microsoft Corporation	17.07.2011	5,38 MB	15.4.5722.2
Windows Live Mesh ActiveX control for remote connections	Microsoft Corporation	17.07.2011	5,58 MB	15.4.5722.2
Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger	Microsoft Corporation	04.09.2011	5,57 MB	15.4.5722.2
Windows Live Mesh ActiveX-objekt til fjernforbindelser	Microsoft Corporation	17.07.2011	5,57 MB	15.4.5722.2
Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz	Microsoft Corporation	17.07.2011	5,58 MB	15.4.5722.2
Windows Live Meshin etäyhteyksien ActiveX-komponentti	Microsoft Corporation	04.09.2011	5,57 MB	15.4.5722.2
Windows Liven asennustyökalu	Microsoft Corporation	05.09.2011		15.4.3538.0513
WinRAR 4.01 (64-Bit)	win.rar GmbH	10.12.2011		4.01.0
Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις	Microsoft Corporation	17.07.2011	5,38 MB	15.4.5722.2
         

Alt 15.12.2011, 08:09   #5
kira
/// Helfer-Team
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Zitat:
Zitat von nameless91 Beitrag anzeigen

1. Zu SpyBot: Ich habe das nun (inkl. TeaTimer) erstmal draufgelassen bis Du/Ihr mir eine bessere Alternative empfehlt ... was könnte man stattdessen nehmen?
brachst nicht "andere nehmen", bei vermuteten Malwarebefall gezielt vorgehen bzw auf den jeweiligen Virus zugeschnittene Anleitungen und Entfernprogramme verwenden. Ausserdem Jeder laufende Dienst und Prozess belastet das System und kostet Performance.
Wie gesagt, wenn Du Spybot trotz allem behalten möchtest, sollst Du den TeaTimer dringend abstellen, da behindert uns bei der Reinigung und im schlimmsten Fall stellt schädliche Einträge wieder her !!!
Außerdem 100%ige Sicherheit gibt`s nicht, wenn auch Du 100 versch. Schutzprogramme installieren würdest

Zitat:
Zitat von nameless91 Beitrag anzeigen
3. Malwarebytes hat in der Tat (obwohl SpyBot und Avira nichts mehr gefunden hatten) über 30 Objekte entdeckt ... ich habe - bis auf 5 Funde in einer Casino-Software (ich denke, damit ist alles in Ordnung, oder sollte ich die noch löschen bzw. kann ich das Casino dann noch ausführen?)
Ja...außer Du das Adware LockCasino auf Deinen Rechner drauf haben möchtest

Zitat:
Zitat von nameless91 Beitrag anzeigen
6. Nachdem ich nun alles durchgeführt habe, finde ich auf Boot C nun folgende Ordner ... was ist mit denen, kann ich die löschen:

C:\Config.Msi
C:\MSOCache
C:\_OTL
Nein...

1.
** den Quarantine-Inhalt löschen-> Update Malwarebytes Anti-Malware -> lass es nochmal anhand der folgenden Anleitung laufen: eine bebilderte Anleitung findest Du hier: Anleitung
Vollständiger Suchlauf wählen

2.
Das Programm "Azureus" bitte deinstallieren, sonst gibts von meiner Seite aus keine Hilfe mehr!

3.
Java aktualisieren
Deine Javaversion ist nicht aktuell.
Downloade nun die Offline-Version von Java Version 6 Update 29 von Oracle und installiere sie. Achte darauf, eventuell angebotene Toolbars nicht mitzuinstallieren, also während der Installation den Haken bei der Toolbar entfernen.

4.
reinige dein System mit Ccleaner:
  • "Cleaner"→ "Analysieren"→ Klick auf den Button "Start CCleaner"
  • "Registry""Fehler suchen"→ "Fehler beheben"→ "Alle beheben"
  • Starte dein System neu auf

5.
  • lade Dir SUPERAntiSpyware FREE Edition herunter.
  • installiere das Programm und update online.
  • starte SUPERAntiSpyware und klicke auf "Ihren Computer durchsuchen"
  • setze ein Häkchen bei "Kompletter Scan" und klicke auf "Weiter"
  • anschließend alle gefundenen Schadprogramme werden aufgelistet, bei alle Funde Häkchen setzen und mit "OK" bestätigen
  • auf "Weiter" klicken dann "OK" und auf "Fertig stellen"
  • um die Ergebnisse anzuzeigen: auf "Präferenzen" dann auf den "Statistiken und Protokolle" klicken
  • drücke auf "Protokoll anzeigen" - anschließend diesen Bericht bitte speichern und hier posten

6.
Auch auf USB-Sticks, selbstgebrannten Datenträgern, externen Festplatten und anderen Datenträgern können Viren transportiert werden. Man muss daher durch regelmäßige Prüfungen auf Schäden, die durch Malware ("Worm.Win32.Autorun") verursacht worden sein können, überwacht werden. Hierfür sind ser gut geegnet und empfohlen, die auf dem Speichermedium gesicherten Daten, mit Hilfe des kostenlosen Online Scanners zu prüfen.
Schließe jetzt alle externe Datenträgeran (USB Sticks etc) Deinen Rechner an, dabei die Hochstell-Taste [Shift-Taste] gedrückt halten, damit die Autorun-Funktion nicht ausgeführt wird. (So verhindest Du die Ausführung der AUTORUN-Funktion) - Man kann die AUTORUN-Funktion aber auch generell abschalten.►Anleitung

7.
-> Führe dann einen Komplett-Systemcheck mit Eset Online Scanner (NOD32)Kostenlose Online Scanner durch
Achtung!: >>Du sollst nicht die Antivirus-Sicherheitssoftware installieren, sondern dein System nur online scannen<<

8.
erneut einen Scan mit OTL:
  • Doppelklick auf die OTL.exe
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Oben findest Du ein Kästchen mit Ausgabe.
    Wähle bitte Standard-Ausgabe
  • Unter Extra-Registrierung wähle bitte Benutze SafeList.
  • Mache Häckchen bei LOP- und Purity-Prüfung.
  • Klicke nun auf Scan links oben.
  • Wenn der Scan beendet wurde werden zwei Logfiles erstellt.
    Du findest die Logfiles auf Deinem Desktop => OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

Zitat:
► Berichte mir kurz über alle Umsetzungsschritte, die Du erledigt hast!
► berichte auch erneut über den Zustand des Computers. Ob noch Probleme auftreten, wenn ja, welche?

__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Geändert von kira (15.12.2011 um 08:18 Uhr)

Alt 15.12.2011, 16:04   #6
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Nochmals vielen Dank, kira, für die fachkundige Hilfe!
Also, weiter gehts:

1. Habe SpyBot behalten, aber den TeaTimer deaktiviert. Erstmal so lassen? Oder SpyBot nun ganz deinstallieren?

2. Habe Malwarebytes nochmals durchlaufen lassen. Es wurden nun nur noch die übrigen Casino-Einträge gefunden, welche ich nun auch bereinigt habe. Hier das Logfile:

Code:
ATTFilter
Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Datenbank Version: 8373

Windows 6.1.7601 Service Pack 1
Internet Explorer 9.0.8112.16421

15.12.2011 11:52:13
mbam-log-2011-12-15 (11-52-13).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|I:\|J:\|Q:\|)
Durchsuchte Objekte: 342045
Laufzeit: 48 Minute(n), 11 Sekunde(n)

Infizierte Speicherprozesse: 0
Infizierte Speichermodule: 0
Infizierte Registrierungsschlüssel: 0
Infizierte Registrierungswerte: 0
Infizierte Dateiobjekte der Registrierung: 0
Infizierte Verzeichnisse: 0
Infizierte Dateien: 5

Infizierte Speicherprozesse:
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel:
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte:
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung:
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse:
(Keine bösartigen Objekte gefunden)

Infizierte Dateien:
c:\program files (x86)\inetbet casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\program files (x86)\intertops casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\program files (x86)\jackpot capital\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\program files (x86)\lucky18 casino\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
c:\program files (x86)\slotastic\miniprocess.exe (Adware.Casino) -> Quarantined and deleted successfully.
         
3. Habe Azureus deinstalliert ... ich brauche doch Hilfe!

4. Habe die Java 64 Bit Variante heruntergeladen und aktualisiert.

5. CCleaner-Schritte ausgeführt. Hat sowohl beim Analysieren als auch bei der Registry einiges gefunden und behoben. Neustart gemacht.

6. SUPERAntiSpyware ausgeführt. Es wurden in einer alten T-Online eMail-Datei (die ich nicht mehr nutze und nur noch für die Sicherung meiner alten eMails drauf habe) Schädlinge gefunden und erneut etwas in den Casino-Softwares entdeckt; die Casino-Dinger habe ich nun aber nicht behoben, da ich diese sonst nicht mehr ausführen könnte. Alles andere behoben. Hier das Logfile:

Code:
ATTFilter
SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com

Generated 12/15/2011 at 12:51 PM

Application Version : 5.0.1142

Core Rules Database Version : 8054
Trace Rules Database Version: 5866

Scan type       : Complete Scan
Total Scan Time : 00:41:56

Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Limited User

Memory items scanned      : 602
Memory threats detected   : 0
Registry items scanned    : 75865
Registry threats detected : 0
File items scanned        : 49079
File threats detected     : 14

Adware.Casino Games (Golden Palace Casino)
	C:\PROGRAM FILES (X86)\INETBET CASINO\CASINO.EXE
	C:\PROGRAM FILES (X86)\INTERTOPS CASINO\CASINO.EXE
	C:\PROGRAM FILES (X86)\JACKPOT CAPITAL\CASINO.EXE
	C:\PROGRAM FILES (X86)\LUCKY18 CASINO\CASINO.EXE
	C:\PROGRAM FILES (X86)\SLOTASTIC\CASINO.EXE
	C:\CASINO\CASINOCLUB\CASINO.EXE
	C:\USERS\PUBLIC\DESKTOP\SLOTASTIC.LNK
	C:\Windows\Prefetch\CASINO.EXE-4F658BC5.pf
	C:\Windows\Prefetch\CASINO.EXE-590B3B40.pf
	C:\Windows\Prefetch\CASINO.EXE-679AE763.pf
	C:\Windows\Prefetch\CASINO.EXE-B89157F0.pf

Trojan.Dropper/Gen
	C:\FILES\OLD FILES #1\T-ONLINE\BSW3\DRELREST.EXE
	C:\FILES\OLD FILES #1\T-ONLINE4\BSW4\DRELREST.EXE
	C:\T-ONLINE\BSW4\DRELREST.EXE
         
7. ESET durchlaufen lassen ... hat nichts mehr gefunden. Logfiles:

Code:
ATTFilter
ESETSmartInstaller@High as CAB hook log:
OnlineScanner64.ocx - registred OK
OnlineScanner.ocx - registred OK
# version=7
# iexplore.exe=9.00.8112.16421 (WIN7_IE9_RTM.110308-0330)
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=af179827a199a54bba5dd7ac871c97bf
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2011-12-15 01:00:12
# local_time=2011-12-15 02:00:12 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 1223139 1223139 0 0
# compatibility_mode=5893 16776574 100 94 1132549 75580323 0 0
# compatibility_mode=8192 67108863 100 0 3717 3717 0 0
# scanned=162780
# found=0
# cleaned=0
# scan_time=3539
         

Alt 15.12.2011, 16:05   #7
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



8. OTL.exe ausgeführt ... hier sowohl OTL.txt als auch Extras.txt:

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.12.2011 15:53:30 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,94% Memory free
7,96 Gb Paging File | 6,05 Gb Available in Paging File | 75,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1600,08 Gb Free Space | 88,31% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2011.12.11 15:22:50 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe
PRC - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.10.19 16:55:48 | 000,258,512 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.08.11 22:51:47 | 000,243,360 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10v_ActiveX.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.05.26 00:32:46 | 000,443,688 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe
PRC - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 08:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010.05.14 06:02:56 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2009.08.30 22:03:42 | 001,654,784 | ---- | M] (Voyetra Turtle Beach, Inc.) -- C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe
PRC - [2009.07.06 14:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.19 09:22:04 | 000,548,864 | ---- | M] (BL) -- C:\Program Files (x86)\lg_fwupdate\fwupdate.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.02 11:40:57 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll
MOD - [2011.12.02 11:40:57 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2011.12.02 11:33:34 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b2622080e047040fa044dd21a04ff10d\System.Runtime.Remoting.ni.dll
MOD - [2011.12.02 11:33:13 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.12.02 11:33:08 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.12.02 11:32:58 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.12.02 11:32:55 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.12.02 11:32:52 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.12.02 11:32:51 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.12.02 11:32:45 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.05.16 15:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.13 01:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.22 12:42:56 | 007,745,536 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtGui4.dll
MOD - [2010.04.22 12:42:54 | 002,121,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\QtCore4.dll
MOD - [2010.04.22 12:42:54 | 000,135,168 | ---- | M] () -- C:\Program Files (x86)\Common Files\LightScribe\plugins\imageformats\qjpeg4.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.08.12 00:38:04 | 000,140,672 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE -- (!SASCORE)
SRV:64bit: - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2011.12.09 14:49:42 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2011.10.19 16:56:01 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2011.10.19 16:55:48 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.06.06 20:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.30 08:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.11 13:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.03.11 13:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.09.14 05:45:56 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010.09.14 05:45:44 | 000,508,264 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2010.05.14 14:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 21:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 14:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.05.21 21:35:32 | 000,923,136 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC)
SRV - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto | Running] -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.09 12:46:20 | 000,130,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.12.04 01:16:28 | 000,279,616 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.10.19 16:56:15 | 000,097,312 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.10.19 16:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.07.22 17:26:56 | 000,014,928 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS -- (SASDIFSV)
DRV:64bit: - [2011.07.12 22:55:18 | 000,012,368 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS -- (SASKUTIL)
DRV:64bit: - [2011.07.08 00:21:28 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2011.06.02 18:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 18:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.17 06:55:28 | 000,533,096 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 19:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 13:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 14:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 21:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.09.14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2010.09.14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2010.09.14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2010.09.14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2009.09.08 17:45:24 | 001,306,624 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CM10264.sys -- (USBAU)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 21:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2011.12.02 12:14:07 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.12.01 16:07:57 | 000,000,000 | ---D | M]
 
[2011.12.02 12:14:09 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2011.12.14 11:36:10 | 000,000,098 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1       localhost
O2:64bit: - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\***\AppData\Roaming\VshareComplete\64\VshareComplete64.dll (SimplyGen)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (VshareComplete) - {08337871-0e50-4031-9110-3bd21ca3c065} - C:\Users\***\AppData\Roaming\VshareComplete\VshareComplete.dll (SimplyGen)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (FDMIECookiesBHO Class) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LGODDFU] C:\Program Files (x86)\lg_fwupdate\fwupdate.exe (BL)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Turtle Beach Audio Advantage Micro] C:\Program Files (x86)\Turtle Beach\AudioAdvantageMicro\TBAA.exe (Voyetra Turtle Beach, Inc.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Valve\Steam\Steam.exe (Valve Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4:64bit: - HKLM..\RunOnce: [MedionReminder] C:\Program Files (x86)\CyberLink\PowerRecover\Reminder.exe (CyberLink)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Google Sidewiki... - res://C:\Program Files (x86)\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html File not found
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.244.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2011.12.15 12:07:02 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SUPERAntiSpyware.com
[2011.12.15 12:06:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
[2011.12.15 12:06:39 | 000,000,000 | ---D | C] -- C:\ProgramData\SUPERAntiSpyware.com
[2011.12.15 12:06:39 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011.12.14 11:22:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2011.12.14 10:18:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes
[2011.12.14 10:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011.12.14 10:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2011.12.14 10:17:42 | 000,025,416 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2011.12.14 10:17:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2011.12.14 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rockstar Games
[2011.12.14 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2011.12.14 10:13:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LG Tool Kit
[2011.12.14 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
[2011.12.14 10:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Download Manager
[2011.12.11 18:58:58 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.11 18:58:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
[2011.12.11 18:51:11 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011.12.11 16:42:15 | 000,000,000 | R--D | C] -- C:\MSOCache
[2011.12.11 01:41:40 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2011.12.10 13:07:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (Deutsch)
[2011.12.09 20:25:59 | 000,000,000 | ---D | C] -- C:\Anna-Lenas Scheiss Fuckin Shit Ordner
[2011.12.09 16:06:43 | 000,000,000 | ---D | C] -- C:\Another American Experience
[2011.12.09 15:24:11 | 000,000,000 | ---D | C] -- C:\ProgramData\VirtualizedApplications
[2011.12.09 13:18:44 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\T-Online
[2011.12.09 13:18:44 | 000,000,000 | ---D | C] -- C:\ProgramData\T-Online
[2011.12.09 13:15:31 | 000,000,000 | ---D | C] -- C:\T-Online
[2011.12.09 13:13:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\SoftGrid Client
[2011.12.09 13:13:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Application Virtualization Client
[2011.12.09 13:13:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER
[2011.12.09 13:13:01 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\TP
[2011.12.09 13:08:00 | 000,000,000 | ---D | C] -- C:\An American Experience
[2011.12.09 08:57:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Jackpot Capital
[2011.12.08 18:07:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intertops Casino
[2011.12.08 18:01:37 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Diagnostics
[2011.12.08 15:25:43 | 000,000,000 | ---D | C] -- C:\projax
[2011.12.08 14:41:14 | 000,000,000 | ---D | C] -- C:\itunes
[2011.12.08 13:58:18 | 000,000,000 | ---D | C] -- C:\various
[2011.12.08 13:33:55 | 000,000,000 | ---D | C] -- C:\unknowntitle
[2011.12.08 13:32:05 | 000,000,000 | ---D | C] -- C:\uni
[2011.12.08 11:57:00 | 000,000,000 | R--D | C] -- C:\Beatles
[2011.12.08 01:18:59 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\vlc
[2011.12.08 01:18:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2011.12.08 00:43:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.12.08 00:43:48 | 000,000,000 | ---D | C] -- C:\ProgramData\FreeDownloadManager.ORG
[2011.12.08 00:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Free Download Manager
[2011.12.08 00:24:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2011.12.08 00:23:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\JDownloader
[2011.12.06 23:43:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\NVIDIA
[2011.12.06 23:40:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2011.12.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\VshareComplete
[2011.12.06 21:27:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VshareComplete
[2011.12.06 21:26:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\vShare.tv plugin
[2011.12.06 16:27:29 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Meine Paletten
[2011.12.06 16:27:27 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Corel
[2011.12.06 16:27:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Protexis
[2011.12.06 16:27:16 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Corel
[2011.12.05 19:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Go Wild Casino
[2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\Microgaming
[2011.12.05 19:25:55 | 000,000,000 | ---D | C] -- C:\ProgramData\MGS
[2011.12.04 22:07:47 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2011.12.04 22:07:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CasinoClub
[2011.12.04 15:49:36 | 000,000,000 | ---D | C] -- C:\bay
[2011.12.04 14:58:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WS_FTP
[2011.12.04 14:58:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc Plus 2.5
[2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TMPGEnc
[2011.12.04 14:58:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\smartripper
[2011.12.04 14:58:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoto Plus 4
[2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FrontPage Express
[2011.12.04 14:58:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\audiograbber
[2011.12.04 14:56:12 | 000,000,000 | ---D | C] -- C:\maike
[2011.12.04 14:56:01 | 000,000,000 | ---D | C] -- C:\len
[2011.12.04 14:55:59 | 000,000,000 | ---D | C] -- C:\job
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\files
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\bentus
[2011.12.04 14:53:16 | 000,000,000 | ---D | C] -- C:\alfotto
[2011.12.04 14:53:14 | 000,000,000 | ---D | C] -- C:\tyschan
[2011.12.04 14:53:08 | 000,000,000 | ---D | C] -- C:\trade
[2011.12.04 14:53:06 | 000,000,000 | ---D | C] -- C:\snes
[2011.12.04 14:52:57 | 000,000,000 | ---D | C] -- C:\shirt
[2011.12.04 14:34:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iNetBet Casino
[2011.12.04 14:30:08 | 000,000,000 | ---D | C] -- C:\ProgramData\LightScribe
[2011.12.04 01:43:02 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Rockstar Games
[2011.12.04 01:41:39 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Rockstar Games
[2011.12.04 01:32:55 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2011.12.04 01:31:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2011.12.04 01:16:28 | 000,279,616 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.12.04 01:16:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2011.12.04 01:15:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.04 01:15:42 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2011.12.03 19:29:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lucky18 Casino
[2011.12.02 18:01:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Slotastic
[2011.12.02 15:43:06 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberLink
[2011.12.02 15:41:44 | 000,115,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MSINET.OCX
[2011.12.02 15:41:44 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Vb6stkit.dll
[2011.12.02 15:41:44 | 000,102,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\VB6KO.DLL
[2011.12.02 15:41:44 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wbemdisp.tlb
[2011.12.02 15:41:44 | 000,016,384 | ---- | C] (CST) -- C:\Windows\SysWow64\lgfwunis.exe
[2011.12.02 15:41:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\lg_fwupdate
[2011.12.02 15:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\CyberLink
[2011.12.02 15:38:57 | 000,029,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011.12.02 15:36:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Cyberlink
[2011.12.02 15:34:47 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LightScribe Direct Disc Labeling
[2011.12.02 15:34:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\LightScribe
[2011.12.02 15:34:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011.12.02 15:34:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Blu-ray Disc Suite
[2011.12.02 13:22:33 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\GTA San Andreas User Files
[2011.12.02 13:13:08 | 000,000,000 | ---D | C] -- C:\The Folder
[2011.12.02 12:29:07 | 000,000,000 | ---D | C] -- C:\thunderbird
[2011.12.02 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.02 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Thunderbird
[2011.12.02 12:14:09 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Mozilla
[2011.12.02 12:14:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2011.12.02 10:43:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2011.12.02 10:17:34 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2011.12.02 10:17:34 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2011.12.02 10:17:33 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2011.12.02 10:17:33 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2011.12.02 10:17:32 | 002,309,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2011.12.02 10:17:32 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2011.12.02 10:17:32 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2011.12.02 10:17:31 | 000,818,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2011.12.02 10:17:31 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2011.12.02 07:35:47 | 000,613,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisdecd.dll
[2011.12.02 07:35:47 | 000,465,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisdecd.dll
[2011.12.02 07:35:47 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\psisrndr.ax
[2011.12.02 07:35:47 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\psisrndr.ax
[2011.12.02 07:35:39 | 000,861,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleaut32.dll
[2011.12.02 07:35:39 | 000,331,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\oleacc.dll
[2011.12.01 21:35:42 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\GTA San Andreas User Files
[2011.12.01 21:35:38 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
[2011.12.01 21:21:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2011.12.01 21:09:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\CyberLink
[2011.12.01 20:38:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\WinRAR
[2011.12.01 20:38:22 | 000,000,000 | ---D | C] -- C:\Program Files\Formats
[2011.12.01 20:35:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steam
[2011.12.01 18:56:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Valve
[2011.12.01 18:56:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Valve
[2011.12.01 18:32:10 | 000,000,000 | ---D | C] -- C:\torrent
[2011.12.01 18:25:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Azureus
[2011.12.01 18:24:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Azureus
[2011.12.01 18:24:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Azureus
[2011.12.01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.12.01 16:59:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Windows Live Writer
[2011.12.01 16:57:25 | 000,000,000 | ---D | C] -- C:\Casino
[2011.12.01 16:45:58 | 000,000,000 | ---D | C] -- C:\ProgramData\WEBREG
[2011.12.01 16:45:29 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\HP
[2011.12.01 16:45:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\HP
[2011.12.01 16:08:18 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Yahoo!
[2011.12.01 16:08:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Yahoo!
[2011.12.01 16:06:43 | 000,000,000 | ---D | C] -- C:\ProgramData\HP Product Assistant
[2011.12.01 16:06:26 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\spool
[2011.12.01 16:05:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\HP
[2011.12.01 16:05:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Hewlett-Packard
[2011.12.01 16:04:54 | 000,000,000 | ---D | C] -- C:\Windows\hpoj4500g510n-z
[2011.12.01 16:04:03 | 000,902,656 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpwwiax9.dll
[2011.12.01 16:04:03 | 000,742,912 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwtscl5.dll
[2011.12.01 16:04:03 | 000,551,424 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hppldcoi.dll
[2011.12.01 16:04:03 | 000,503,296 | ---- | C] (Hewlett-Packard Co.) -- C:\Windows\SysNative\hpwvst01.dll
[2011.12.01 16:03:55 | 000,642,360 | ---- | C] (Hewlett-Packard) -- C:\Windows\SysNative\hpzids40.dll
[2011.12.01 16:03:49 | 000,136,704 | ---- | C] (Hewlett-Packard Company) -- C:\Windows\SysNative\hpf3l092.dll
[2011.12.01 16:03:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2011.12.01 16:03:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\HP
[2011.12.01 16:01:57 | 000,000,000 | ---D | C] -- C:\ProgramData\HP
[2011.12.01 15:31:53 | 000,000,000 | ---D | C] -- C:\rou
[2011.12.01 14:55:10 | 000,200,704 | ---- | C] (C-Media) -- C:\Windows\SysWow64\cmpa102.dll
[2011.12.01 14:54:08 | 000,524,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\difxapi.dll
[2011.12.01 14:53:56 | 001,306,624 | ---- | C] (C-Media Electronics Inc) -- C:\Windows\SysNative\drivers\CM10264.sys
[2011.12.01 14:53:56 | 000,323,584 | ---- | C] (Voyetra Turtle Beach) -- C:\Windows\AAMicroUninstall.exe
[2011.12.01 14:53:56 | 000,315,392 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\System\Fltr102.dll
[2011.12.01 14:53:56 | 000,229,376 | ---- | C] (Voyetra Turtle Beach, Inc.) -- C:\Windows\SysWow64\TBMicro.cpl
[2011.12.01 14:53:56 | 000,032,768 | ---- | C] (C-Media Electronics Inc.) -- C:\Windows\SysWow64\C102Prop.dll
[2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Turtle Beach
[2011.12.01 14:53:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Turtle Beach
[2011.12.01 14:41:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Adobe
[2011.12.01 14:37:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy
[2011.12.01 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy
[2011.12.01 14:26:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2011.12.01 14:06:18 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011.12.01 10:21:04 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\photoOptimizeHistoryDataBase
[2011.12.01 10:21:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Ashampoo Photo Optimizer Medion
[2011.12.01 10:20:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Avira
[2011.12.01 10:19:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\watchmi
[2011.12.01 10:15:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2011.12.01 10:15:34 | 000,130,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.01 10:15:34 | 000,097,312 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2011.12.01 10:15:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2011.12.01 10:15:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2011.12.01 09:41:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Adobe
[2011.12.01 08:39:14 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Intel Corporation
[2011.12.01 08:39:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Medion Reminder
[2011.12.01 08:39:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Power2Go
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\Searches
[2011.12.01 08:38:50 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2011.12.01 08:38:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Identities
[2011.12.01 08:38:41 | 000,000,000 | R--D | C] -- C:\Users\***\Contacts
[2011.12.01 08:38:41 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2011.12.01 08:38:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\VirtualStore
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Vorlagen
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Verlauf
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Temporary Internet Files
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Startmenü
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\SendTo
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Recent
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Netzwerkumgebung
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Lokale Einstellungen
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Videos
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Musik
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Eigene Dateien
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Documents\Eigene Bilder
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Druckumgebung
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Cookies
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\AppData\Local\Anwendungsdaten
[2011.12.01 08:38:34 | 000,000,000 | -HSD | C] -- C:\Users\***\Anwendungsdaten
[2011.12.01 08:38:33 | 000,000,000 | --SD | C] -- C:\Users\***\AppData\Roaming\Microsoft
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Videos
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Saved Games
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Pictures
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Music
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Links
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Favorites
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Downloads
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Documents
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\Desktop
[2011.12.01 08:38:33 | 000,000,000 | R--D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Temp
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Microsoft
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Media Center Programs
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Macromedia
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover
[2011.12.01 08:38:33 | 000,000,000 | ---D | C] -- C:\Users\***\AppData
[2011.12.01 08:35:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mediathek
[2011.12.01 08:34:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Corel
[2011.12.01 08:34:38 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady
[2011.12.01 08:34:28 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Corel
[2011.12.01 08:34:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Protexis
[2011.12.01 08:34:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Corel
[2011.12.01 08:33:54 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Essentials X5
[2011.12.01 08:33:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Corel
[2011.12.01 08:33:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner
[2011.12.01 08:32:27 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal
[2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Recovery
[2011.12.01 08:19:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings
[2011.12.01 08:19:08 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
 
========== Files - Modified Within 30 Days ==========
 
[2011.12.15 13:00:50 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 13:00:50 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2011.12.15 12:58:09 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2011.12.15 12:58:09 | 000,654,372 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2011.12.15 12:58:09 | 000,616,254 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2011.12.15 12:58:09 | 000,129,986 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2011.12.15 12:58:09 | 000,106,376 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2011.12.15 12:54:13 | 000,000,271 | ---- | M] () -- C:\Windows\lgfwup.ini
[2011.12.15 12:53:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2011.12.15 12:53:28 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.15 12:06:41 | 000,001,812 | ---- | M] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.15 12:01:27 | 000,014,380 | ---- | M] () -- C:\Users\***\Documents\cc_20111215_120124.reg
[2011.12.14 11:41:36 | 000,000,630 | ---- | M] () -- C:\Users\***\Documents\bericht.rtf
[2011.12.14 11:36:10 | 000,000,098 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\Hosts
[2011.12.14 10:17:45 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.14 10:10:56 | 000,684,297 | ---- | M] () -- C:\Users\***\Desktop\unhide.exe
[2011.12.12 22:42:56 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111212_224254.reg
[2011.12.12 22:42:47 | 000,010,300 | ---- | M] () -- C:\Users\***\Documents\cc_20111212_224244.reg
[2011.12.11 17:57:42 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111211_175739.reg
[2011.12.11 17:57:14 | 000,021,334 | ---- | M] () -- C:\Users\***\Documents\cc_20111211_175707.reg
[2011.12.11 02:38:04 | 000,001,574 | ---- | M] () -- C:\Users\***\Desktop\eMail.lnk
[2011.12.10 06:35:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.10 03:01:02 | 001,526,060 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.09 12:46:20 | 000,130,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2011.12.09 10:58:00 | 000,391,792 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.08 15:12:27 | 000,000,600 | ---- | M] () -- C:\Users\***\PUTTY.RND
[2011.12.08 02:14:17 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111208_021415.reg
[2011.12.08 02:14:05 | 000,001,378 | ---- | M] () -- C:\Users\***\Documents\cc_20111208_021403.reg
[2011.12.08 00:24:06 | 000,001,161 | ---- | M] () -- C:\prefs.js
[2011.12.06 21:43:52 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111206_214350.reg
[2011.12.06 12:28:52 | 000,001,186 | ---- | M] () -- C:\Users\***\Documents\cc_20111206_122849.reg
[2011.12.05 19:27:06 | 000,001,749 | ---- | M] () -- C:\Users\Public\Desktop\Go Wild Casino.lnk
[2011.12.04 22:07:47 | 000,000,750 | ---- | M] () -- C:\Users\***\Desktop\CasinoClub.lnk
[2011.12.04 18:18:53 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.12.04 01:55:47 | 000,000,740 | ---- | M] () -- C:\Users\***\Documents\cc_20111204_015545.reg
[2011.12.04 01:32:55 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll
[2011.12.04 01:16:28 | 000,279,616 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2011.12.02 18:02:08 | 000,001,884 | ---- | M] () -- C:\Users\Public\Desktop\Slotastic.lnk
[2011.12.02 16:38:24 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_163822.reg
[2011.12.02 16:38:10 | 000,029,470 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_163807.reg
[2011.12.02 15:38:55 | 000,029,480 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3a.dll
[2011.12.02 12:04:11 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120408.reg
[2011.12.02 12:04:00 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120357.reg
[2011.12.02 12:03:49 | 000,000,206 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120347.reg
[2011.12.02 12:03:38 | 000,001,060 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120335.reg
[2011.12.02 12:03:20 | 000,038,304 | ---- | M] () -- C:\Users\***\Documents\cc_20111202_120311.reg
[2011.12.01 21:51:08 | 000,001,221 | ---- | M] () -- C:\Users\***\Desktop\GTA San Andreas.lnk
[2011.12.01 16:45:25 | 000,241,431 | ---- | M] () -- C:\Windows\hpwins28.dat
[2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2011.12.01 16:17:49 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2011.12.01 16:06:39 | 000,001,355 | ---- | M] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.12.01 16:06:05 | 000,002,103 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.12.01 14:55:10 | 000,000,135 | ---- | M] () -- C:\Windows\Cm102.ini.imi
[2011.12.01 14:55:10 | 000,000,133 | ---- | M] () -- C:\Windows\System\Dlap.pfx
[2011.12.01 14:55:10 | 000,000,107 | ---- | M] () -- C:\Windows\Cm102.ini.cfl
[2011.12.01 14:54:25 | 000,000,084 | ---- | M] () -- C:\Windows\System\Cm102.ini
[2011.12.01 14:37:02 | 000,001,262 | ---- | M] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 14:10:03 | 000,093,158 | ---- | M] () -- C:\Users\***\Documents\cc_20111201_140954.reg
[2011.12.01 10:15:38 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
 
========== Files Created - No Company Name ==========
 
[2011.12.15 12:06:41 | 000,001,812 | ---- | C] () -- C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011.12.15 12:01:26 | 000,014,380 | ---- | C] () -- C:\Users\***\Documents\cc_20111215_120124.reg
[2011.12.14 10:17:45 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\Malwarebytes' Anti-Malware.lnk
[2011.12.14 10:16:02 | 000,000,630 | ---- | C] () -- C:\Users\***\Documents\bericht.rtf
[2011.12.14 10:13:16 | 000,002,309 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Office 2010.lnk
[2011.12.14 10:13:16 | 000,002,070 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2011.12.14 10:13:16 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader X.lnk
[2011.12.14 10:13:16 | 000,001,943 | ---- | C] () -- C:\Users\Public\Desktop\MEDION Serviceportal.lnk
[2011.12.14 10:13:16 | 000,001,884 | ---- | C] () -- C:\Users\Public\Desktop\Slotastic.lnk
[2011.12.14 10:13:16 | 000,001,749 | ---- | C] () -- C:\Users\Public\Desktop\Go Wild Casino.lnk
[2011.12.14 10:13:16 | 000,001,355 | ---- | C] () -- C:\Users\Public\Desktop\HP Solution Center.lnk
[2011.12.14 10:13:14 | 000,002,103 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
[2011.12.14 10:13:13 | 000,002,490 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2011.12.14 10:13:13 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2011.12.14 10:13:13 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
[2011.12.14 10:13:13 | 000,002,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2010.lnk
[2011.12.14 10:13:13 | 000,002,102 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
[2011.12.14 10:13:13 | 000,001,970 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk
[2011.12.14 10:13:13 | 000,001,949 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk
[2011.12.14 10:13:13 | 000,001,928 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk
[2011.12.14 10:13:13 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2011.12.14 10:13:13 | 000,001,462 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
[2011.12.14 10:13:13 | 000,001,378 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Photo Gallery.lnk
[2011.12.14 10:13:13 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
[2011.12.14 10:13:13 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2011.12.14 10:13:13 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
[2011.12.14 10:13:13 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2011.12.14 10:13:13 | 000,001,309 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Movie Maker.lnk
[2011.12.14 10:13:13 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
[2011.12.14 10:13:13 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
[2011.12.14 10:13:13 | 000,001,060 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR-Registrierung.lnk
[2011.12.14 10:10:52 | 000,684,297 | ---- | C] () -- C:\Users\***\Desktop\unhide.exe
[2011.12.12 22:42:55 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111212_224254.reg
[2011.12.12 22:42:46 | 000,010,300 | ---- | C] () -- C:\Users\***\Documents\cc_20111212_224244.reg
[2011.12.11 17:57:40 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111211_175739.reg
[2011.12.11 17:57:12 | 000,021,334 | ---- | C] () -- C:\Users\***\Documents\cc_20111211_175707.reg
[2011.12.11 02:38:04 | 000,001,574 | ---- | C] () -- C:\Users\***\Desktop\eMail.lnk
[2011.12.10 06:35:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_09_00.Wdf
[2011.12.09 13:13:19 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.08 15:12:27 | 000,000,600 | ---- | C] () -- C:\Users\***\PUTTY.RND
[2011.12.08 02:14:16 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111208_021415.reg
[2011.12.08 02:14:04 | 000,001,378 | ---- | C] () -- C:\Users\***\Documents\cc_20111208_021403.reg
[2011.12.08 00:24:06 | 000,001,161 | ---- | C] () -- C:\prefs.js
[2011.12.06 21:43:51 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111206_214350.reg
[2011.12.06 12:28:51 | 000,001,186 | ---- | C] () -- C:\Users\***\Documents\cc_20111206_122849.reg
[2011.12.04 22:07:47 | 000,000,750 | ---- | C] () -- C:\Users\***\Desktop\CasinoClub.lnk
[2011.12.04 01:55:46 | 000,000,740 | ---- | C] () -- C:\Users\***\Documents\cc_20111204_015545.reg
[2011.12.02 16:38:23 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_163822.reg
[2011.12.02 16:38:09 | 000,029,470 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_163807.reg
[2011.12.02 15:41:46 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2011.12.02 12:04:09 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120408.reg
[2011.12.02 12:03:59 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120357.reg
[2011.12.02 12:03:48 | 000,000,206 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120347.reg
[2011.12.02 12:03:36 | 000,001,060 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120335.reg
[2011.12.02 12:03:16 | 000,038,304 | ---- | C] () -- C:\Users\***\Documents\cc_20111202_120311.reg
[2011.12.01 21:51:08 | 000,001,221 | ---- | C] () -- C:\Users\***\Desktop\GTA San Andreas.lnk
[2011.12.01 16:13:37 | 3206,787,072 | -HS- | C] () -- C:\hiberfil.sys
[2011.12.01 16:02:09 | 000,241,431 | ---- | C] () -- C:\Windows\hpwins28.dat
[2011.12.01 14:55:10 | 000,787,456 | ---- | C] () -- C:\Windows\SysNative\Cmeau102.exe
[2011.12.01 14:55:10 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix102.dll
[2011.12.01 14:55:10 | 000,000,133 | ---- | C] () -- C:\Windows\System\Dlap.pfx
[2011.12.01 14:55:10 | 000,000,107 | ---- | C] () -- C:\Windows\Cm102.ini.cfl
[2011.12.01 14:54:44 | 000,000,135 | ---- | C] () -- C:\Windows\Cm102.ini.imi
[2011.12.01 14:54:25 | 000,359,424 | ---- | C] () -- C:\Windows\SysNative\CmiInstallResAll64.dll
[2011.12.01 14:54:25 | 000,000,494 | ---- | C] () -- C:\Windows\Cm102.ini.cfg
[2011.12.01 14:54:25 | 000,000,084 | ---- | C] () -- C:\Windows\System\Cm102.ini
[2011.12.01 14:54:07 | 000,000,449 | ---- | C] () -- C:\Windows\cm102.ini
[2011.12.01 14:37:02 | 000,001,262 | ---- | C] () -- C:\Users\***\Desktop\Spybot - Search & Destroy.lnk
[2011.12.01 14:10:01 | 000,093,158 | ---- | C] () -- C:\Users\***\Documents\cc_20111201_140954.reg
[2011.12.01 08:38:56 | 000,001,409 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2011.12.01 08:38:51 | 000,001,260 | ---- | C] () -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2009.08.18 08:18:40 | 000,000,418 | ---- | C] () -- C:\Windows\hpwmdl28.dat
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:59:36 | 000,982,196 | ---- | C] () -- C:\Windows\SysWow64\igkrng500.bin
[2009.07.13 22:59:36 | 000,139,824 | ---- | C] () -- C:\Windows\SysWow64\igfcg500.bin
[2009.07.13 22:59:36 | 000,097,448 | ---- | C] () -- C:\Windows\SysWow64\igfcg500m.bin
[2009.07.13 22:59:35 | 000,417,344 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng500.bin
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2008.10.22 05:29:06 | 000,173,550 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
 
========== LOP Check ==========
 
[2011.12.15 12:00:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Azureus
[2011.12.15 12:00:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2011.12.15 12:00:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Free Download Manager
[2011.12.14 11:22:38 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client
[2011.12.09 13:18:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\T-Online
[2011.12.02 12:14:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.12.09 13:14:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.12.06 21:27:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\VshareComplete
[2011.12.01 16:59:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer
[2011.12.11 01:42:05 | 000,029,506 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 15.12.2011, 16:06   #8
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Und zuletzt Extras.txt:

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.12.2011 15:53:30 - Run 3
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\***\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,98 Gb Total Physical Memory | 2,19 Gb Available Physical Memory | 54,94% Memory free
7,96 Gb Paging File | 6,05 Gb Available in Paging File | 75,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1600,08 Gb Free Space | 88,31% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,49 Gb Free Space | 50,99% Space Free | Partition Type: NTFS
 
Computer Name: ***-PC | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416029FF}" = Java(TM) 6 Update 29 (64-bit)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7E0E61CC-1C99-429D-BEA7-C4DD5B898D2A}" = HP Officejet 4500 G510n-z
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A4DDB2AB-ECCD-4C3A-8633-77D5A1A0E542}" = Network64
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX System Software 9.11.0621
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD Audio Driver 1.2.24.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"HP Document Manager" = HP Document Manager 2.0
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Shop for HP Supplies" = Shop for HP Supplies
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam(TM)
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08B3869E-D282-424C-9AFC-870E04A4BA14}" = Rockstar Games Social Club
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1f7fdd50-deac-46f0-ae3b-beb62f962976}" = Slotastic
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2D2D8FE2-605C-4D3C-B706-36E981E7EEF0}" = CyberLink BD Advisor 2.0
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A4D5E2D-988D-4ee9-8E7F-3AC200A2B8F5}" = 4500G510nz_Software_Min
"{3a4df6e3-5d5b-4d3b-a829-5e4fea186714}" = Lucky18 Casino
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{579BA58C-F33D-4970-9953-B94B43768AC3}" = Grand Theft Auto IV
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5B05FF91-F20C-4832-A8DE-E1912639C17C}" = 4500G510nz
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{6179550A-3E7C-499E-BCC9-9E8113E0A285}" = LG Tool Kit
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{690879A5-18EF-447B-98D6-B699D51008AB}" = 4500_G510nz_Help
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{8467b556-b091-4b48-ac95-c32808a4d3aa}" = iNetBet Casino
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92A51949-EE4C-466D-AAF0-99E74A49A63F}" = DocMgr
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A8F1CA85-C713-4B1F-B3B4-B2B7A6824146}" = LightScribe System Software
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D417C96A-FCC7-4590-A1BB-FAF73F5BC98E}" = GTA San Andreas
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D45EC259-4A19-4656-B588-C2C360DD18EA}" = Half-Life(R) 2
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{d7cb908f-8b0f-48b5-8d71-ef6b226bb434}" = Intertops Casino
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE03E7C3-0250-49DC-A5AA-24FE0555EA22}" = AudioAdvantageMicro
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ec4b6105-e039-42fb-8e18-c8aa393f0018}_is1" = VshareComplete
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{fe986ae8-5283-4177-9178-52ba8d21bb10}" = Jackpot Capital
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira Free Antivirus
"CasinoClub" = CasinoClub
"DAEMON Tools Lite" = DAEMON Tools Lite
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"Free Download Manager_is1" = Free Download Manager 3.0
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware Version 1.51.2.1300
"Mozilla Thunderbird (8.0)" = Mozilla Thunderbird (8.0)
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"VLC media player" = VLC media player 1.1.11
"vShare.tv plugin" = vShare.tv plugin 1.3
"WinLiveSuite" = Windows Liven asennustyökalu
 
========== Last 10 Event Log Errors ==========
 
[ Application Events ]
Error - 15.12.2011 07:03:22 | Computer Name = ***-PC | Source = ESENT | ID = 455
Description = Windows (4076) Windows: Fehler -1811 beim Öffnen von Protokolldatei
 C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0017D.log.
 
Error - 15.12.2011 07:03:22 | Computer Name = ***-PC | Source = Windows Search Service | ID = 9000
Description = 
 
Error - 15.12.2011 07:03:22 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7040
Description = 
 
Error - 15.12.2011 07:03:22 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7042
Description = 
 
Error - 15.12.2011 07:03:22 | Computer Name = ***-PC | Source = Windows Search Service | ID = 9002
Description = 
 
Error - 15.12.2011 07:03:22 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 15.12.2011 07:03:24 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3029
Description = 
 
Error - 15.12.2011 07:03:24 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3028
Description = 
 
Error - 15.12.2011 07:03:24 | Computer Name = ***-PC | Source = Windows Search Service | ID = 3058
Description = 
 
Error - 15.12.2011 07:03:24 | Computer Name = ***-PC | Source = Windows Search Service | ID = 7010
Description = 
 
[ System Events ]
Error - 10.12.2011 21:36:44 | Computer Name = ***-PC | Source = BugCheck | ID = 1001
Description = 
 
Error - 11.12.2011 11:36:25 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 11.12.2011 11:36:25 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 11.12.2011 11:36:26 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 11.12.2011 11:36:26 | Computer Name = ***-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk4\DR4 gefunden.
 
Error - 15.12.2011 07:03:24 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
 Fehler beendet: %%-1073473535.
 
Error - 15.12.2011 07:03:25 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
 1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
 Neustart des Diensts.
 
Error - 15.12.2011 07:03:39 | Computer Name = ***-PC | Source = DCOM | ID = 10005
Description = 
 
Error - 15.12.2011 07:03:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
 Windows Search erreicht.
 
Error - 15.12.2011 07:03:38 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
 gestartet:   %%1053
 
 
< End of report >
         
--- --- ---


Das wars ... wie sieht es nun mit meinem System aus? Mit den Casino-Meldungen kann ich leben, ich hoffe nur, dass es soweit nun besser aussieht?
In jedem Fall schonmal vielen Dank!

Alt 16.12.2011, 08:29   #9
kira
/// Helfer-Team
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Zitat:
Zitat von nameless91 Beitrag anzeigen

1. Habe SpyBot behalten, aber den TeaTimer deaktiviert. Erstmal so lassen? Oder SpyBot nun ganz deinstallieren?
also nochmal um klarzustellen:
► mußt das Programm Spybot nicht deinstallieren (die Entscheidung überlasse ich dir), aber den TeaTimer bitte nie einschalten!

► Wenn Du live Poker spielst, achte darauf, dass Du auf der sicheren Seite bleibst!
blocklisted-Poker-Websites- malwareremoval.com

► Wenn Du keine Probleme mehr hast, können wir damit dann Deinen Thread schließen?
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 16.12.2011, 08:48   #10
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Heißt das, mein System erscheint Dir wieder sauber?
Falls ja, klar, dann kann das hier dicht gemacht werden!
Mein System läuft gut, aber das kann ja nur oberflächlich so sein ... ist wirklich (soweit das aus der Ferne so festzustellen ist) wieder alles in Ordnung, kira?

EDIT: Achso, und was ist mit den Ordnern:

C:\_OTL
C:\Config.Msi
C:\MSOCache

Löschen oder drauflassen?
Und sollen unhide, Malwarebytes und SUPERAntiSpyware FREE Edition nun deinstalliert werden?

Geändert von nameless91 (16.12.2011 um 09:00 Uhr)

Alt 16.12.2011, 09:02   #11
kira
/// Helfer-Team
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



► Wenn Du keine Probleme mehr hast, können wir damit dann Deinen Thread schließen? sieht schon mal gut aus

1.
Programme deinstallieren/entfernen, die wir verwendet haben und nicht brauchst, bis auf:
Code:
ATTFilter
CCleaner
         
- Zeitweise laufen lassen:-> Anleitung

2.
Tool-Bereinigung mit OTL

Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
  • Bitte lade Dir (falls noch nicht vorhanden) OTL von OldTimer herunter.
  • Speichere es auf Deinem Desktop.
  • Doppelklick auf OTL.exe um das Programm auszuführen.
  • Vista und Windows 7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen.
  • Klicke auf den Button "Bereinigung"
  • OTL fragt eventuell nach einem Neustart.
    Sollte es dies tun, so lasse dies bitte zu.
Anmerkung: Nach dem Neustart werden OTL und andere Helferprogramme, die Du im Laufe der Bereinigung heruntergeladen hast, nicht mehr vorhanden sein. Sie wurden entfernt. Es ist daher Ok, wenn diese Programme nicht mehr vorhanden sind. Sollten noch welche übrig geblieben sein, lösche sie manuell.

3.
Wenn alles gut verlaufen und dein System läuft stabil,mache folgendes:
Alle Systemwiederherstellungspunkte löschen, auch den Letzten

4.
Ich würde Dir vorsichtshalber raten, dein Passwort zu ändern
z.B. Login-, Mail- oder Website-Passwörter
Tipps:
Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
auch noch hier unter: Sicheres Kennwort (Password)

Lesestoff Nr.1:
  • Wie erstelle ich ein eingeschränktes Benutzerkonto?
  • Software immer auf dem neuesten Stand halten!:
    ALLE auf dem System installierten Programme und Treiber, sollten regelmäßig upgedatet werden um Sicherheitslücken zu vermeiden und um das reibungslose Arbeitsabläufe zu erreichen!
  • Ein sicherer Browser als IE z.B. *Ein Wechsel des Standardbrowsers zu...von SETI@home* - Firefox - FirefoxWiki/Einstellungen - Erweiterungen für Firefox - Standardbrowser
  • Sichere eMail Clients z.B. Thunderbird-->Erweiterungen für Mozilla Thunderbird
    - Unbekannten E-Mail-Anhang NICHT öffnen!
  • Sichere Paswort - Die sichere Passwort-Wahl - (sollte man eigentlich regelmäßigen Abständen ca. alle 3-5 Monate ändern)
    auch noch hier unter: Sicheres Kennwort (Password)
    Die fünf häufigsten Passwort-Fehler[/b[
  • "Never accept software from strangers" - Installiere grundsätzlich immer nur Programme, die Du auch wirklich benötigst und von denen Du überzeugt bist, dass sie seriös sind.
    Du hast die Wahl!, welche zusätzlichen Komponenten noch installiert werden sollen? -> Bei der Installation immer mitlesen, Sponsoren und Partnerprogramme, Toolbars oder eventuell noch andere extra angebotene Programme möglichst abwählen!
    Sponsor-Programm, Toolbars möglist abwählen (so wird oft Art von Adware/Spyware mitinstalliert)
  • NICHT irgendwelche Programme aus dem Netz laden, wenn nicht zu 100% fest steht, dass es sich dabei um saubere Software handelt. Nette Versprechen der Hersteller garantieren noch lange keine einwandfreie Funktionsweise, also vorher blättere die Seiten bei GOOGLE, da kannst Du Dir wertvolle Informationen holen!!!
  • Programme und Treiber:
    Nur vom Hersteller!
  • Onlinebanking:
    Gib deine Passwörter niemals preis!
    Seriöse Bankinstitute, E- Mail- Provider oder Online- Shops versenden grundsätzlich keine E- Mails, in denen Kunden aufgefordert werden, vertrauliche Daten wie Passwörter, Verfügernummer, PINs oder TANs preiszugeben. Bei dieser Art von E- Mails handelt es sich immer um Betrugsversuche, weshalb entsprechende Anfragen nicht beantwortet werden sollten. Sobald der Verdacht auf Betrug entsteht, melde deinen Verdacht der jeweiligen Bank- Hotline.
  • Comnputer, anderen (Gästen/Freunden) zur Nutzung überlassen überlassen - Nutze nur vertrauenswürdige Computer!
    Vergewissere dich, dass nur Personen deines Vertrauens deinen Computer nutzen oder verwalten und wickel niemals Bankgeschäfte über nicht vertrauenswürdige Computer - beispielsweise aus einem Internetcafé während des Urlaubs - ab
  • Vorsicht bei der Nutzung fremder Computer und anschliessbare Externe Speichermedien wie Festplatte, USB Sticks, Speicherkarten usw![/color] - IT-Betrüger machen keinen Urlaub!/bsi-fuer-buerger.de - auch zeitweise anschließen und scannen lassen (sehe unter `kostenlose Online-Viren-Scanner`)
  • Webseiten ohne Gültiges Impressum nicht besuchen
  • Lizenzkosten sparen? - Vorsicht bei Dateien/Programmen aus nicht vertrauenswürdigen Quellen! - "full Keygen, Crack, Serial, Warez, keygenerators" etc.
    Sind immer verseucht mit diverse Malware/Schadprogramme/Code, es gibt keine seite wo Viren frei ist. (Man sollte nicht absitlich der Teufel holen) Eine weitere höchst unsichere Quelle ist das File-Sharing der sog. (Musik-)Tauschbörsen.
    ► Ausserdem machst Du dich damit strafbar!
  • Nur eine Firewall sowie ein Antiviren Programm verwenden, welche sich immer auf dem aktuellsten Stand befinden sollten!
    Das Installieren von `zuviel` Software beeinträchtigt die Systemleistung und Sicherheit, verlangsamt den Start-Vorgang enorm und belastet den Arbeitsspeicher (weil laufen ja die Programme nebeneinander gleichzeitig, die viel Performance fressen, aber wenig Qualität bringen). Im Laufe der Zeit wird der rechner durch zu viel unnötigen Ballast immer langsamer, und unsicherer. Um so mehr Programme installiert sind, um so häufiger treten Probleme auf, die dann unter Umständen nur schwer lösen können. Dazu kommt noch, das einige Programme große Sicherheitsrisiken mit sich bringen
  • Virenscanner
  • BSI für Bürger
  • SETI@home - [Sicherheit] Sicherheitskonzept
  • Entwicklung schädlicher Websites/viruslist.com
  • Brennpunkt: Bilder und Töne
    Gefährliche Bilder, schräge Töne/BSI

** Der gesunde Menschenverstand, Windows und Internet-Software sicher konfigurieren ist der beste Weg zur Sicherheit im Webverkehr ist !!
Zitat:
Da der Bestand der Datenbank wird täglich ergänzt und erweitert bzw werden mit der aktuellen Virendefinition die Informationen über den betroffenen Virus aufgenommen, empfehle ich dir mindestens einmal pro Woche (später genügt es sicherlich einmal im Monat) dein System Online Scannen lassen (immer mit einen anderen Scanner), um eine zweite Meinung einzuholen - Die auf dem Speichermedium gesicherten Daten sollten auch mit einbezogen werden!
(benutzen meist ActiveX und/oder Java): Kostenlose Online Scanner -
Lesestoff Nr.2:
► Kann sich auf Dauer eine Menge Datenmüll ansammeln, sich Fehlermeldungen häufen, der PC ist wahrscheinlich nicht mehr so schnell, wie früher:wünsch Dir alles Gute

Wenn Du uns unterstützen möchtest→ Spendekonto

gruß
kira
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 16.12.2011, 12:26   #12
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Hat alles perfekt geklappt, mensch kira, vielen Dank für all Deine Mühe!

Letzte Frage: Was ist nun mit den Ordnern:

C:\Config.Msi
C:\MSOCache

Die sind noch geblieben ... beide kann ich nur als Admin öffnen, Config.Msi ist leer, MSOCache beinhaltet einen Ordner namens "microsoft.watson.watsonrc14.data" in dem die Datei "WatsonRC.dat" (128kb) liegt.
Was ist mit den Ordnern? Kann ich die löschen?

Alt 17.12.2011, 07:05   #13
kira
/// Helfer-Team
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Versteckte - und Systemdateien vlt sichtbar gemacht? ggf rückgängig machen:
System-Dateien und -Ordner unter XP und Vista sichtbar machen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Alt 17.12.2011, 12:51   #14
nameless91
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



Da tut sich leider nichts ... ist aber auch nicht so schlimm, in jedem Fall nochmals: Dankeschön!

Alt 17.12.2011, 17:13   #15
kira
/// Helfer-Team
 
Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Standard

Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!



dürfte ein Bericht von Watson sein...ich würde zunächst umbennen
Kannst Du Sie in einer Erweiterung von .BAD (Beispiel: "MSOCache.BAD"
Wenn sie nicht benötigt werden und alles läuft einwandfrei, kannst Du nach einiger Zeit einfach löschen
__________________

Warnung!:
Vorsicht beim Rechnungen per Email mit ZIP-Datei als Anhang! Kann mit einen Verschlüsselungs-Trojaner infiziert sein!
Anhang nicht öffnen, in unserem Forum erst nachfragen!

Sichere regelmäßig deine Daten, auf CD/DVD, USB-Sticks oder externe Festplatten, am besten 2x an verschiedenen Orten!
Bitte diese Warnung weitergeben, wo Du nur kannst!

Antwort

Themen zu Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!
64-bit, abgebrochen, automatisch, avira, babylon, babylon toolbar, blau, c:\windows\system32\rundll32.exe, computer, crypt.xpack.gen, dateiordner, desktop, e2give, entfernen, explorer, folge, free download, funktioniert, grand theft auto, herunterfahren, internet, internet explorer, logfiles, microsoft office starter 2010, mozilla thunderbird, nvidia update, officejet, plug-in, programm, safer networking, scan, sched.exe, sich automatisch, spybot, surfen, systemsteuerung, systemwiederherstellung, taskleiste, tr/crypt.xpack.ge, tr/crypt.xpack.gen, usb 3.0, version=1.0, webcheck, windows, windows media player



Ähnliche Themen: Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!


  1. Alle Dateien vom Desktop verschwunden - bis auf 4 Verknüpfungen (Windows 7 Pro)
    Log-Analyse und Auswertung - 05.09.2015 (26)
  2. Alle Dateien vom Desktop verschwunden - bis auf 4 Verknüpfungen (Windows 7 Pro)
    Alles rund um Windows - 03.09.2015 (8)
  3. TR/Crypt.XPACK.Gen3 alle dateien verschwunden
    Plagegeister aller Art und deren Bekämpfung - 06.01.2014 (7)
  4. TR/Dropper.Gen und TR/Crypt.XPack.Gen ( Dateien verschwunden )
    Log-Analyse und Auswertung - 09.12.2013 (35)
  5. Desktop "verschwunden", schwarz, Verknüpfungen fehlen, Daten scheinen sonst vorhanden
    Plagegeister aller Art und deren Bekämpfung - 16.11.2013 (1)
  6. Avira hat TR/Crypt:Xpack.gen entdeckt
    Log-Analyse und Auswertung - 12.06.2013 (10)
  7. Avira hat TR/Crypt-XPACK.Gen7 entdeckt.
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (5)
  8. TR/Crypt.XPACK.gen im WinAmp Ordner entdeckt
    Plagegeister aller Art und deren Bekämpfung - 28.09.2012 (5)
  9. TR/crypt.xpack.gen soeben entdeckt.was tun?
    Plagegeister aller Art und deren Bekämpfung - 15.08.2012 (1)
  10. TR/Crypt.XPACK.Gen nachdem Antivirus live entfernt wurde
    Plagegeister aller Art und deren Bekämpfung - 10.01.2010 (1)
  11. TR/Crypt.XPACK.Gen entdeckt :-(
    Plagegeister aller Art und deren Bekämpfung - 26.11.2009 (9)
  12. TR/Crypt.XPACK.Gen von Antivir entdeckt
    Plagegeister aller Art und deren Bekämpfung - 15.03.2009 (11)
  13. tr/crypt.xpack.gen entdeckt
    Log-Analyse und Auswertung - 16.12.2008 (7)
  14. Trojaner entdeckt: TR/Crypt.XPACK.Gen
    Log-Analyse und Auswertung - 06.12.2008 (0)
  15. Trojaner TR/Crypt.XPACK.Gen von Antivir entdeckt
    Plagegeister aller Art und deren Bekämpfung - 18.09.2008 (24)
  16. Antivir entdeckt Trojaner 'TR/Crypt.XPACK.Gen'
    Log-Analyse und Auswertung - 07.08.2008 (4)
  17. TR/Crypt.XPACK.Gen entdeckt
    Log-Analyse und Auswertung - 31.12.2007 (0)

Zum Thema Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! - Hallo Leute, ich nutze Windows 7 64 Bit. Gestern meldete SpyBot oder/und Avira (bin da nicht mehr ganz sicher) beim surfen, dass etwas gefunden/verändert wurde, in dem Moment öffneten sich - Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde!...
Archiv
Du betrachtest: Desktop Verknüpfungen verschwunden nachdem Crypt.XPACK.Gen entdeckt wurde! auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.