| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.06.2012, 14:25
| #1 |
| |  Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 Hallo! Mein Avira hat die Atraps-Viren vor etwa zwei Wochen aufgespürt. Nach einigem Geschmöker im Internet und einigem Herumgespiele mit Malwarebytes Anti-Malware (u.a. mehrere stundenlange Deep-Scans) schien der Schaden bereinigt zu sein. Vorhin habe ich dann den Mediyes entdeckt. Dies lässt mich vermuten, dass meine Viren nie wirklich verschwunden waren. Auf meinem Rechner liegen sehr wertvolle Daten für mich, die etwa das Arbeitspensum von 5 Jahren wiederspiegeln. Sie sind auf einer externen Festplatte abgesichert, aber ich weiß nicht, ob diese nicht ebenfalls vom Virus befallen sind (oder von mehreren Viren, je nachdem). Ich war schon einmal ein bisschen erleichtert, als ich gesehen habe, dass auch andere die Probleme mit Atraps haben (siehe Nachbarthread). Ich würde mich sehr freuen, wenn ich den Dreck wieder sauber von der Platte bekäme. Ich gebe mir jetzt erst einmal Mühe, alle Schritte im Threaderstellungsthread zu befolgen und editieren den Thread dann, um die Scans und Daten einzufügen. Vielen Dank im Voraus! Hier kommt das OTL LogfileOTL Logfile: OTL EXTRAS Logfile: Code:
ATTFilter OTL logfile created on: 13.06.2012 15:26:34 - Run 1 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Martin\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,04% Memory free 16,00 Gb Paging File | 14,06 Gb Available in Paging File | 87,89% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 298,08 Gb Total Space | 30,82 Gb Free Space | 10,34% Space Free | Partition Type: NTFS Computer Name: PC | User Name: Martin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.13 15:19:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe PRC - [2012.05.17 14:05:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Tools\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\tools)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\tools)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2011.11.11 14:08:06 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Tools\webcam logitech\LWS\Webcam Software\LWS.exe PRC - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\CameraHelperShell.exe PRC - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe PRC - [2011.01.05 10:18:50 | 000,133,432 | ---- | M] (ICQ, LLC.) -- C:\Tools\ICQLite\ICQ7.2\ICQ.exe PRC - [2010.07.23 04:09:20 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Tools\Mozilla Firefox\firefox.exe PRC - [2009.03.30 15:00:54 | 000,221,184 | ---- | M] (Brother Industries, Ltd.) -- C:\Program Files (x86)\Brother\Brmfcmon\BrMfcmon.exe ========== Modules (No Company Name) ========== MOD - [2011.11.11 14:09:20 | 000,336,408 | ---- | M] () -- C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll MOD - [2011.11.11 14:08:18 | 007,956,504 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\QTGui4.dll MOD - [2011.11.11 14:08:18 | 000,342,552 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\QTXml4.dll MOD - [2011.11.11 14:08:18 | 000,128,536 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\ImageFormats\QJpeg4.dll MOD - [2011.11.11 14:08:18 | 000,029,208 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\ImageFormats\QGif4.dll MOD - [2011.11.11 14:08:06 | 002,145,304 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\QTCore4.dll MOD - [2011.11.11 14:07:54 | 000,265,240 | ---- | M] () -- C:\Tools\webcam logitech\LWS\Webcam Software\CameraHelperShell.exe MOD - [2011.08.12 12:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files (x86)\Common Files\Logishrd\LQCVFX\COCIManager.exe MOD - [2011.01.05 10:18:56 | 000,733,184 | ---- | M] () -- C:\Tools\ICQLite\ICQ7.2\MDb.dll MOD - [2010.07.23 04:09:20 | 001,015,768 | ---- | M] () -- C:\Tools\Mozilla Firefox\js3250.dll MOD - [2009.02.27 16:38:22 | 000,139,264 | R--- | M] () -- C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.06.02 17:18:14 | 000,354,304 | ---- | M] (Parental Solutions Inc.) [Auto | Running] -- C:\Windows\SysNative\poua28um7.dll -- (Dnscache) SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.04.05 21:57:34 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.05.26 23:14:50 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.05.17 14:05:42 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Tools\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Tools\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.04.29 22:37:00 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\tools)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.12.22 17:38:30 | 000,114,000 | ---- | M] (Joosoft.com GmbH) [Auto | Running] -- C:\Windows\SysWOW64\UpdSvc.dll -- (Update-Service) SRV - [2010.04.09 14:31:26 | 000,567,808 | ---- | M] (Sphinx Software) [Auto | Running] -- C:\Tools\Windows7FirewallControl\Windows7FirewallService.exe -- (Windows7FirewallService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 14:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.18 08:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2011.09.21 11:25:54 | 000,021,992 | ---- | M] (CPUID) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\cpuz135_x64.sys -- (cpuz135) DRV:64bit: - [2010.12.16 16:01:09 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 15:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.12 21:51:51 | 000,230,352 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt) DRV:64bit: - [2010.02.18 10:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2005.03.29 02:30:38 | 000,008,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.icq.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6552C7DD-90A4-4387-B795-F8F96747DE19} IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "www.spiegel.de" FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.4.3 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.1 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.0.900 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.0.900 FF - prefs.js..extensions.enabledItems: crossriderapp3491@crossrider.com:0.81.20 FF - prefs.js..keyword.URL: "hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=2.0.0.4&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_233.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@gametap.com/npdd,version=1.0: C:\tools\Gamersplanet Downloader\npdd.dll (Metaboli) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\html5video [2011.01.01 22:10:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\wpa [2011.01.01 22:10:46 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Components: C:\Tools\Mozilla Firefox\components [2010.08.11 18:06:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.8\extensions\\Plugins: C:\Tools\Mozilla Firefox\plugins [2011.01.01 22:10:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Components: C:\Tools\Mozilla Thunderbird\components [2010.08.11 19:50:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.2\extensions\\Plugins: C:\Tools\Mozilla Thunderbird\plugins [2011.01.01 22:10:45 | 000,000,000 | ---D | M] [2010.08.11 19:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions [2010.08.11 19:50:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.12 22:37:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions [2012.05.28 22:56:52 | 000,000,000 | ---D | M] (NoScript) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232} [2011.12.16 07:29:28 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d} [2012.05.31 22:12:22 | 000,000,000 | ---D | M] ("Vid-Saver") -- C:\Users\Martin\AppData\Roaming\mozilla\Firefox\Profiles\vcre8wbi.default\extensions\crossriderapp3491@crossrider.com [2012.01.13 15:48:00 | 000,002,005 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vcre8wbi.default\searchplugins\sternde-suche.xml [2010.08.12 11:59:54 | 000,004,140 | ---- | M] () -- C:\Users\Martin\AppData\Roaming\Mozilla\Firefox\Profiles\vcre8wbi.default\searchplugins\youtube.xml [2011.01.01 22:10:45 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\HTML5VIDEO [2011.01.01 22:10:46 | 000,000,000 | ---D | M] (DivX HiQ) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\WPA [2009.03.18 16:29:31 | 000,000,000 | ---D | M] (Java Console) -- C:\TOOLS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} [2010.08.15 22:38:19 | 000,000,000 | ---D | M] (Java Console) -- C:\TOOLS\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O2 - BHO: (Vid-Saver) - {11111111-1111-1111-1111-110011341191} - C:\Program Files (x86)\Vid-Saver\Vid-Saver.dll (215 Apps) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices) O4:64bit: - HKLM..\Run: [Windows7FirewallControl] C:\Tools\Windows7FirewallControl\Windows7FirewallControl.exe (Sphinx Software) O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [avgnt] C:\Tools\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [LWS] C:\tools\webcam logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\tools)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~3\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~3\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~3\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Tools\ICQLite\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Tools\ICQLite\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~3\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Windows\system32\d3dyu8nt9.dll File not found O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Windows\system32\nsp8ca5s.dll File not found O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_15-windows-i586.cab (Java Plug-in 1.6.0_15) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80ACCFED-1E68-48DB-A727-E15E765083D0}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~3\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.03.10 13:53:15 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O33 - MountPoints2\{1a563e08-091d-11e0-93f4-00248c1f690d}\Shell - "" = AutoRun O33 - MountPoints2\{1a563e08-091d-11e0-93f4-00248c1f690d}\Shell\AutoRun\command - "" = G:\Setup.exe O33 - MountPoints2\{a6d3d7fc-583f-11e0-b8d2-00248c1f690d}\Shell - "" = AutoRun O33 - MountPoints2\{a6d3d7fc-583f-11e0-b8d2-00248c1f690d}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.13 15:19:03 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2012.06.10 22:04:24 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\directx [2012.06.02 20:15:50 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\Avira [2012.06.02 20:10:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.06.02 20:10:05 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.06.02 20:10:04 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.06.02 20:10:04 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.06.02 20:09:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.06.02 17:18:14 | 000,354,304 | ---- | C] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua28um7.dll [2012.06.02 09:19:31 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\MediaProSoft Free HD Video Converter [2012.06.02 09:19:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaProSoft Free HD Video Converter [2012.05.31 22:12:22 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Local\Vid-Saver [2012.05.31 22:12:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Vid-Saver [2012.05.31 22:11:05 | 000,000,000 | ---D | C] -- C:\Users\Martin\AppData\Roaming\uTorrent [2012.05.27 11:08:36 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\Größenvergleich Planeten [2012.05.26 23:37:46 | 000,000,000 | ---D | C] -- C:\ProgramData\ATI [2012.05.26 23:37:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD AVT [2012.05.26 23:37:39 | 000,000,000 | ---D | C] -- C:\Program Files\AMD [2012.05.26 23:37:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD APP [2012.05.26 23:37:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD VISION Engine Control Center [2012.05.26 23:35:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.26 23:33:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ATI Technologies [2012.05.26 23:32:24 | 000,000,000 | ---D | C] -- C:\Program Files\ATI Technologies [2012.05.19 22:16:26 | 000,000,000 | ---D | C] -- C:\Users\Martin\Desktop\satc [2012.05.14 20:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Diablo III [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.13 15:19:05 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Martin\Desktop\OTL.exe [2012.06.13 15:16:12 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 15:16:12 | 000,014,832 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.13 15:09:04 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.13 15:08:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.13 15:08:39 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 15:07:31 | 000,000,020 | ---- | M] () -- C:\Users\Martin\defogger_reenable [2012.06.13 15:06:39 | 000,050,477 | ---- | M] () -- C:\Users\Martin\Desktop\Defogger.exe [2012.06.13 14:49:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.13 14:43:27 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.11 20:28:30 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.11 20:28:30 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.11 20:28:30 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.11 20:28:30 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.11 20:28:30 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.06 17:56:22 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.06.02 17:18:14 | 000,354,304 | ---- | M] (Parental Solutions Inc.) -- C:\Windows\SysNative\poua28um7.dll [2012.05.31 17:52:05 | 000,005,639 | ---- | M] () -- C:\Users\Martin\Desktop\Illustrationen_Übersicht_Geisterjahrmarkt_Hinter dem Spiegel.rtf [2012.05.31 16:38:18 | 000,505,866 | ---- | M] () -- C:\Users\Martin\Desktop\Dämmerstunden_6_HinterdemSpiegel.rtf [2012.05.30 13:23:36 | 000,051,739 | ---- | M] () -- C:\Users\Martin\helden.zip.hld.ok [2012.05.30 13:23:36 | 000,000,319 | ---- | M] () -- C:\Users\Martin\.dsa4.properties [2012.05.26 23:18:31 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2012.05.26 23:18:31 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.05.26 23:17:31 | 000,269,288 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.05.23 21:44:42 | 000,033,369 | ---- | M] () -- C:\Users\Martin\Desktop\Skizze_Toter Baum.PDF [2012.05.23 21:44:15 | 000,505,584 | ---- | M] () -- C:\Users\Martin\Desktop\20120420 Hinter dem Spiegel.rtf [2012.05.17 14:05:42 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.05.16 22:02:24 | 000,000,722 | ---- | M] () -- C:\Users\Martin\Desktop\SpeedFan.lnk [2012.05.16 22:02:23 | 000,000,045 | ---- | M] () -- C:\Windows\SysWow64\initdebug.nfo [3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.13 15:07:30 | 000,000,020 | ---- | C] () -- C:\Users\Martin\defogger_reenable [2012.06.13 15:06:38 | 000,050,477 | ---- | C] () -- C:\Users\Martin\Desktop\Defogger.exe [2012.05.31 17:52:05 | 000,005,639 | ---- | C] () -- C:\Users\Martin\Desktop\Illustrationen_Übersicht_Geisterjahrmarkt_Hinter dem Spiegel.rtf [2012.05.31 17:18:13 | 000,505,866 | ---- | C] () -- C:\Users\Martin\Desktop\Dämmerstunden_6_HinterdemSpiegel.rtf [2012.05.31 17:18:13 | 000,505,584 | ---- | C] () -- C:\Users\Martin\Desktop\20120420 Hinter dem Spiegel.rtf [2012.05.23 21:44:41 | 000,033,369 | ---- | C] () -- C:\Users\Martin\Desktop\Skizze_Toter Baum.PDF [2012.05.16 22:02:24 | 000,000,722 | ---- | C] () -- C:\Users\Martin\Desktop\SpeedFan.lnk [2012.05.16 22:02:22 | 000,000,045 | ---- | C] () -- C:\Windows\SysWow64\initdebug.nfo [2012.05.14 20:05:43 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\Diablo III.lnk [2012.05.09 16:44:33 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.03.09 14:06:14 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2012.02.15 16:46:11 | 000,000,000 | ---- | C] () -- C:\Users\Martin\AppData\Local\{412D365E-21B7-43BA-A8AA-37D608E27B29} [2012.02.15 04:36:36 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.02.15 04:36:36 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll [2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.07.04 15:59:35 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2011.04.16 17:13:23 | 000,001,358 | ---- | C] () -- C:\Windows\eReg.dat [2011.03.26 09:43:06 | 000,000,108 | ---- | C] () -- C:\Users\Martin\AppData\Roaming\42219ba0.dat [2010.11.29 19:40:40 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2010.11.29 19:40:33 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2010.11.09 20:46:07 | 000,001,482 | ---- | C] () -- C:\Users\Martin\AppData\Local\RecConfig.xml [2010.09.09 13:30:58 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini [2010.08.18 19:48:00 | 000,000,165 | -HS- | C] () -- C:\ProgramData\.zreglib [2010.08.13 10:25:46 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.08.13 10:25:46 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2010.08.12 15:54:35 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat [2010.08.11 17:20:20 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2011.06.02 14:03:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\.ABC [2011.09.12 21:57:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\46developments [2011.04.23 15:32:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AAV [2012.02.24 20:28:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Artweaver Free [2011.04.04 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\AtomZombieDemoData [2011.06.05 14:45:06 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Cobra Mobile [2012.04.07 13:12:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Code Force Limited [2012.04.29 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Lite [2012.04.29 13:14:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\DAEMON Tools Pro [2011.05.07 20:23:49 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Dwarfs [2010.11.12 16:53:10 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Fortix [2010.10.28 18:23:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\FreeOrion [2012.05.01 19:17:34 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GetRightToGo [2011.05.01 19:25:48 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\GoPal Assistant [2010.08.18 19:37:25 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Gutscheinmieze [2012.04.08 12:27:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\HackSlashLoot [2012.06.13 15:11:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ICQ [2011.08.27 22:00:17 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Kalypso Media [2012.05.09 16:42:46 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Leadertech [2011.01.01 22:10:47 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Local [2012.01.23 17:32:14 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\LucasArts [2012.06.02 09:19:31 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\MediaProSoft Free HD Video Converter [2011.10.03 17:54:22 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Might & Magic Heroes VI - Game Official Demo [2011.09.18 14:06:24 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Mount&Blade With Fire and Sword [2012.04.07 12:18:26 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\qBittorrent [2010.11.07 14:23:30 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ReactGames [2011.02.12 22:01:50 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\System [2010.08.12 11:16:55 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\The Creative Assembly [2010.08.11 19:50:11 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Thunderbird [2012.05.03 12:58:41 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 4 [2011.08.11 18:08:40 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Tropico 4 Demo [2011.02.19 23:38:58 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TrueCrypt [2010.12.05 17:39:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\TS3Client [2011.10.16 20:24:42 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\Unigraphics Solutions [2012.06.01 22:56:29 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\uTorrent [2011.04.30 15:21:45 | 000,000,000 | -HSD | M] -- C:\Users\Martin\AppData\Roaming\wyUpdate AU [2010.11.17 15:46:44 | 000,000,000 | ---D | M] -- C:\Users\Martin\AppData\Roaming\ZombieDriver [2012.05.28 22:55:25 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > --- --- --- Und jetzt noch der Text aus dem Extra-File:OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 13.06.2012 15:26:34 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Martin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,32 Gb Available Physical Memory | 79,04% Memory free
16,00 Gb Paging File | 14,06 Gb Available in Paging File | 87,89% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 298,08 Gb Total Space | 30,82 Gb Free Space | 10,34% Space Free | Partition Type: NTFS
Computer Name: PC | User Name: Martin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Key error. File not found
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Tools\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- Reg Error: Key error.
htmlfile [opennew] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
https [open] -- "C:\Program Files (x86)\Internet Explorer\iexplore.exe" -nohome
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~3\MICROS~1\Office12\ONENOTE.EXE "%L"
Directory [PlayWithVLC] -- "C:\tools\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- Reg Error: Key error.
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- Reg Error: Key error.
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{067AA401-88CE-4610-8AED-197E85A82DED}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1A148FE4-9A6C-4C1D-80D9-9CE5E25A6357}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2E4A7E11-6344-4EEB-B489-D3B84325B0C1}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2FEE9845-4AE9-477C-9611-BC21B69156B8}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{30ED9801-8646-4975-BB6E-137A5082630C}" = lport=137 | protocol=17 | dir=in | app=system |
"{45456EBA-CDED-4344-B37D-AEB16AE39E6B}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{4D7127EA-0EBD-4133-9F5E-04E3543ED832}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{542F1E03-73AF-4AD7-9309-5688D2DB841D}" = lport=3724 | protocol=6 | dir=in | name=blizzard downloader: 3724 |
"{607CC2DB-DE6E-45FC-BFC9-E94A75770672}" = lport=139 | protocol=6 | dir=in | app=system |
"{62164EFA-68CB-4C16-A890-DB144AAD6235}" = rport=138 | protocol=17 | dir=out | app=system |
"{63F38187-5C3C-46CC-A49D-155356A7CC02}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65B0A963-7EF5-469C-A581-62807780C4EF}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\outlook.exe |
"{6644FB85-AFCA-4DB7-9F76-7F6CEE9D00B2}" = rport=445 | protocol=6 | dir=out | app=system |
"{66A4E24C-1E6F-4E56-91CF-ADC4DEDBEC5E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{73A3BFD4-B9AC-4475-8854-C7ACF3BF5EC2}" = rport=137 | protocol=17 | dir=out | app=system |
"{74D1F3C7-6F20-41BB-80EE-9C964BF6C8ED}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9158F732-3862-4CDC-9D1E-4204F5381762}" = lport=445 | protocol=6 | dir=in | app=system |
"{AA79A375-7FC5-446D-A399-243A0DFB6AC5}" = lport=138 | protocol=17 | dir=in | app=system |
"{B2561534-DAFC-4978-B90A-D5263C9ECF05}" = lport=10243 | protocol=6 | dir=in | app=system |
"{C84E42B6-4B38-443E-A74B-C858F6814489}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{CE948C8C-78B7-4707-BEC3-C923651593B1}" = rport=10243 | protocol=6 | dir=out | app=system |
"{D04A92F4-1B08-4DB2-8467-312A8F54DC75}" = rport=139 | protocol=6 | dir=out | app=system |
"{E0380FA8-FD91-446D-A7B4-4EDA374E6773}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{F11D011E-F421-461E-A6AC-7F787DE55C08}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{FEF3B0D6-047E-478A-B8EC-6DFB423A6AC6}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0115BC29-9E09-4E5F-8475-1F26888BF170}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{0248C3F3-FD0D-4CF5-9EA7-267DB1CEEC93}" = protocol=6 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"{02CCAE79-8EF1-4294-8563-CB5AB02F5D7E}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{07EF4981-CBAC-4A03-AC71-C1C1D5239341}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{08CC9751-2FDC-4451-A3CA-015673054EFF}" = protocol=17 | dir=in | app=c:\tools\steam\steam.exe |
"{0A5E4996-6707-42EB-ADF2-1EDC42A20EF1}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{119AB236-22E7-4EC1-9F92-A8A571215C31}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{17092FFB-2BA7-48A8-A498-A7536CFD5881}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\left 4 dead 2\left4dead2.exe |
"{173419A7-BB15-4DF7-AC21-1B81B57695F4}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\support\blizzarddownloader.exe |
"{1739ECF1-7317-4869-9C79-7D6BA42BABB8}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\blood bowl legendary edition\bb_le.exe |
"{18A0A384-ACB2-4B0D-83B9-D4DD7FBFD0DB}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe |
"{1C6395AD-E6CE-4FAC-8FC0-CB55262CFED4}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{219E481A-2E59-4851-A915-AC442D6F98C4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{298CEA2F-793A-47FD-85D6-C7BF6FE81A6C}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{33A7A45E-BC1C-4670-9626-2279526DB545}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{33C153D6-979C-4BAB-9884-BEDB440D7B05}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"{3C99F5CA-6B97-45B6-85C3-815BCFF00E18}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{44574D89-B49D-4CF8-926F-BF38C8BB2731}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{469A57D2-2A34-4029-B5D5-C4857C8B9269}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\support\blizzarddownloader.exe |
"{48A01686-AB21-4F69-BF90-6272F18B33A7}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4AB650FD-3C96-4C49-967F-596607B7FD02}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{4D2745D5-1D50-43D5-BF1D-A918018CDED3}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe |
"{4D7DD0E3-169B-4E26-8A56-9C7FA70304BA}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{51932C8F-E5F9-4B0D-BE29-921EB33FC756}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{54721509-6015-45AD-B7F1-2333EC294EB6}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\magic the gathering dotp 2012\magic_2012.exe |
"{598BB8CA-FD92-4681-81E0-E780B396ACD3}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\onenote.exe |
"{5B89CD35-81C3-4F7C-A859-A060E048B859}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{5E625CDE-E544-4830-B933-E23814FC5546}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{5F80919A-99B0-4A46-A8D1-B4339AEE635D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{60AB3FC1-BADD-4533-84A6-F97BFE80C9C3}" = protocol=17 | dir=in | app=c:\tools\utorrent\utorrent.exe |
"{6EB9B7E5-2103-4A23-9425-F86D1B02456A}" = protocol=6 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"{6ED5A525-AAA3-48B5-9E08-5FD039983CAB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{70DE11EB-D635-4988-942D-4D1619ADA4B6}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{741B7A62-4BFE-4FDE-BC4C-DC4F437AE0D3}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{751DAB5A-FBFD-4F5A-8490-48C84831476F}" = protocol=6 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{7918AB11-90D9-4A29-A987-E860DD8F9227}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\gotham city impostors\engine.exe |
"{7B8268D3-CED1-4793-A100-695A3C30A6E2}" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe |
"{7F6DE4DA-7477-449E-BC8B-8B1F9D3BBF06}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\gotham city impostors\engine.exe |
"{8024277F-17D3-440F-BFA7-163E0BDF63DB}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe |
"{80826BA4-A0AF-4C23-B18E-2DBCDB78F853}" = protocol=17 | dir=in | app=c:\program files (x86)\diablo iii beta\diablo iii.exe |
"{819D0E54-3B97-48F7-BA9D-6142C72319C4}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{840DCEE0-03EC-4AC1-9F61-973D7804B929}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe |
"{8C356876-A891-441E-88CA-1C95CAFDAF5A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{8E6532B5-3930-4622-958E-D3F48314716C}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{8F7AAF9C-8FF5-4E9C-BD26-6BC27A028B95}" = protocol=6 | dir=in | app=c:\tools\utorrent\utorrent.exe |
"{9412F3B6-9EB2-48A8-95F4-DB058B6153D4}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3sp.exe |
"{941B5110-97B3-4CCF-9EEC-22A8408588B0}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe |
"{96DA6E65-6630-475D-B670-5E937A5FE8FE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{98DAD6C6-6287-4FE7-97E1-7831A1022229}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\plants vs zombies\plantsvszombies.exe |
"{9B204490-7416-4C3F-B220-9F23C14DE9FF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"{9D60A960-05D9-4EA9-8FD0-0257591E73E5}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\call of duty 4\iw3mp.exe |
"{9F57C9F4-2AFC-409B-B598-F8F9D0B44067}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{A25DA269-C48C-4486-B69E-E2DD88F0F146}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{A8B22474-A2BC-4CA9-878D-988613F29F9B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{AA4D4051-AFF0-404E-B641-43934583A6B4}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\launcher.exe |
"{AA9A02EF-28E5-4CB7-961C-ED5EAAAA511B}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B298CACF-75E9-464D-9008-D4C2C10BB434}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe |
"{B381DA33-AB72-4AD2-8343-4122D01E1B12}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B41EC812-2E02-4858-B8BF-9B83D9CAE870}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe |
"{B5437E00-12A7-4182-8D2E-D94731DBA1C4}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{B5444F37-8098-426C-8ABE-F2EAE0712699}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\relicdownloader\relicdownloader.exe |
"{B687A2E0-1A65-40F3-A54F-E92E23613AFF}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\amd driver updater, vista and 7, 64 bit\setup.exe |
"{B698AA6A-F838-4DB2-95DC-64875F7D4D1C}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\galactic civilizations ii - ultimate edition\twilight\gc2twilightofthearnor.exe |
"{B7DF9139-E48E-4749-B608-428847874914}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{BD43A490-8BC2-4D02-A040-213810EC510E}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BE4C9387-57DC-4A43-A2D4-BDFCEF6761E0}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\bfbc2game.exe |
"{C2E6E10E-1C80-483A-BEE0-16CE313D5183}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office12\groove.exe |
"{C47E7039-BBAA-4137-8AD7-77660B8965D7}" = protocol=6 | dir=out | app=system |
"{C5587C83-6E08-4426-A2C2-063A012681AF}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe |
"{C6A6E45C-187F-4F2B-811E-6DF7DD72F81C}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C6D1EAA8-D9D9-4F62-84DE-B57A561E1424}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{CDAF2418-63BF-49D2-8087-E9BF4BD83A63}" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\crusader kings ii\ck2game.exe |
"{D137A8FD-3565-4DBD-B886-A6C9A8992D75}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{D48464BD-38B8-476D-A750-755F5447F5C3}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\blood bowl legendary edition\bb_le.exe |
"{DA4F2E82-5EE1-45BC-8F12-ED9723AB5340}" = protocol=17 | dir=in | app=c:\tools\icqlite\icq7.2\aolload.exe |
"{DD9889B2-7D9B-470C-B12E-F5AD72DA133F}" = protocol=6 | dir=in | app=c:\tools\icqlite\icq7.2\icq.exe |
"{DDE4A5A1-DD07-4E98-AEFC-578D19F4578D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DE436697-B7FF-41C3-A171-2AC42471A15B}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{DF2A522C-65AB-4901-80F1-F7A17EF78282}" = protocol=17 | dir=in | app=c:\spiele\diablo iii\diablo iii.exe |
"{E0CFBB91-0E34-4817-B634-750176E9A0D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E3CF9005-DD8D-41DE-BBEC-590BEEA1B3A6}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{E574B836-932D-403F-B82A-913E9CEC7EEE}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\battlefield bad company 2\support\ea help\electronic_arts_technical_support.htm |
"{E5DD28B0-C0D5-47C1-94B3-73BCF9DD803D}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe |
"{EA7670C6-2CD6-4C48-B057-85527BA1D715}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe |
"{EDBF5593-6D32-4336-BBB5-2438F1A1C156}" = protocol=6 | dir=in | app=c:\tools\steam\steam.exe |
"{EE976180-896C-427F-A63C-B4C2EEA62755}" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\sid meier's civilization v\civilizationv.exe |
"{EFF6BD10-BF8C-45C0-906D-173A4D3E1F7C}" = protocol=17 | dir=in | app=c:\spiele\company of heroes\reliccoh.exe |
"{F1D620BF-6E99-444A-8A3F-1DD5AEAEE1F8}" = dir=in | app=c:\tools\skype\phone\skype.exe |
"{F94B8B7A-73E5-4EB2-B9B8-05C278534B77}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{FD593EE1-A28A-4E92-8498-7737C95EB8D6}" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\starcraft ii.exe |
"{FF6C5316-B057-4584-A6E4-636A61E73344}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe |
"{FFDA6CBD-8146-4751-821F-B657CCF1C9FA}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe |
"TCP Query User{0512090C-7A20-4A4C-8176-240253185367}C:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base21029\sc2.exe |
"TCP Query User{1D4FDD35-1A7E-4234-8E1E-852DEA924A46}C:\spiele\starcraft ii\versions\base18092\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base18092\sc2.exe |
"TCP Query User{250F2C06-4867-415B-8800-296BF71E1E57}C:\tools\steam\steamapps\common\defcon\defcon.exe" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\common\defcon\defcon.exe |
"TCP Query User{3D8F6E97-6A1C-4ED5-A3A0-F0C0262FEF60}C:\spiele\starcraft ii\versions\base18574\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base18574\sc2.exe |
"TCP Query User{46EB9CDC-5329-4B05-9A39-718B777781BF}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"TCP Query User{4AF2BDF1-E8B6-48C9-84C2-6B86AFCD971B}C:\rest\download\diablo-iii-8370-engb-installer-downloader.exe" = protocol=6 | dir=in | app=c:\rest\download\diablo-iii-8370-engb-installer-downloader.exe |
"TCP Query User{4BF1F5B4-AA34-423E-8C1C-F1A4FBE4EDB9}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"TCP Query User{52A91874-BCF8-4303-AF5F-FD92A9DF176F}C:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe |
"TCP Query User{53DE086B-D596-488C-A965-D0EB9F68B52F}C:\spiele\starcraft ii\versions\base16605\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16605\sc2.exe |
"TCP Query User{6E491F5E-3D63-4803-9F5A-FB67C18FBECB}C:\spiele\starcraft ii\versions\base16755\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16755\sc2.exe |
"TCP Query User{8B3A43A8-B939-4454-88D3-D9A5AF3768D7}C:\tools\abc\abc.exe" = protocol=6 | dir=in | app=c:\tools\abc\abc.exe |
"TCP Query User{A3DB0051-4A1D-41C0-A806-38618A4FCD8C}C:\spiele\starcraft ii\versions\base16561\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16561\sc2.exe |
"TCP Query User{A51A3C98-5D81-4B0E-BCC6-85F4ED0786B6}C:\spiele\starcraft ii\versions\base16939\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base16939\sc2.exe |
"TCP Query User{AEFCA898-5BAD-439E-9CA2-B0BFE683E1EF}C:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base17326\sc2.exe |
"TCP Query User{B8A28EC5-3038-4C35-BE56-276EDEABAA6A}C:\rest\download\utorrent.exe" = protocol=6 | dir=in | app=c:\rest\download\utorrent.exe |
"TCP Query User{BC2E84B8-3AA3-4F18-BFAC-6776E50E1692}C:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe |
"TCP Query User{D6615BB0-1448-4C0B-A801-ED54C009960B}C:\spiele\starcraft ii\versions\base19132\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base19132\sc2.exe |
"TCP Query User{F3807209-7EB8-4F38-AE42-B5A73E9FA1DE}C:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base19679\sc2.exe |
"TCP Query User{FEF2798C-D79A-4A5C-AF7C-52653BC70504}C:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=6 | dir=in | app=c:\spiele\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{1EAD77CC-0715-4AA5-B054-8040CF043372}C:\rest\download\utorrent.exe" = protocol=17 | dir=in | app=c:\rest\download\utorrent.exe |
"UDP Query User{21ECE2E6-E97A-4951-AD82-09E39493DE65}C:\spiele\starcraft ii\versions\base15405\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base15405\sc2.exe |
"UDP Query User{225EA3C3-DD89-41EB-B0AC-7FCBCE26B0ED}C:\spiele\starcraft ii\versions\base16755\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16755\sc2.exe |
"UDP Query User{28CDC7CA-79CB-421E-A11C-C9F191015950}C:\spiele\starcraft ii\versions\base21029\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base21029\sc2.exe |
"UDP Query User{4AFBF616-6B2B-465E-8F18-9BD9A2EC9156}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe |
"UDP Query User{4BD244BA-09C7-48B8-ACB8-6A8C6EC18BB8}C:\spiele\starcraft ii\versions\base17326\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base17326\sc2.exe |
"UDP Query User{6164D213-6894-4E49-86E2-A469857933E4}C:\spiele\starcraft ii\versions\base18574\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base18574\sc2.exe |
"UDP Query User{75720B9E-A63A-4AB5-8B79-90884DA38EFB}C:\spiele\starcraft ii\versions\base16561\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16561\sc2.exe |
"UDP Query User{8BA04B10-9F88-4730-8E6D-94E4595A847D}C:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\xborbaradx\team fortress 2\hl2.exe |
"UDP Query User{9DCB25D8-CA34-4EF5-BC83-6C04BF37E96C}C:\spiele\starcraft ii\versions\base18092\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base18092\sc2.exe |
"UDP Query User{9ED1B86C-D908-4AF9-932E-D23426E02087}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe |
"UDP Query User{A9327352-E236-4B59-A50F-ADFDC6B9B0E6}C:\rest\download\diablo-iii-8370-engb-installer-downloader.exe" = protocol=17 | dir=in | app=c:\rest\download\diablo-iii-8370-engb-installer-downloader.exe |
"UDP Query User{C182E455-5777-47CD-9106-DFEBD7533B21}C:\spiele\starcraft ii\versions\base19132\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base19132\sc2.exe |
"UDP Query User{D3E0611F-BA59-459A-8906-F35BCF487554}C:\spiele\starcraft ii\versions\base19679\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base19679\sc2.exe |
"UDP Query User{D75B5ABC-F538-41E9-B0F7-CC884FA79915}C:\spiele\starcraft ii\versions\base16939\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16939\sc2.exe |
"UDP Query User{D76F320F-0E7F-4DE5-9E6B-15128F6E7B12}C:\spiele\starcraft ii\versions\base16605\sc2.exe" = protocol=17 | dir=in | app=c:\spiele\starcraft ii\versions\base16605\sc2.exe |
"UDP Query User{DA3755B6-A690-4D7E-98BD-627600658791}C:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\martin\documents\icq\117659198\receivedfiles\51305661 christian\diablo-iii-8370-dede-installer-downloader.exe |
"UDP Query User{FD752B95-6254-48CD-9AAE-E72F4FBE541F}C:\tools\abc\abc.exe" = protocol=17 | dir=in | app=c:\tools\abc\abc.exe |
"UDP Query User{FDF8A885-F0D1-4E14-BE5A-907CC85B006E}C:\tools\steam\steamapps\common\defcon\defcon.exe" = protocol=17 | dir=in | app=c:\tools\steam\steamapps\common\defcon\defcon.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0CC4F67D-D41D-8C1A-C605-39154DDEAC63}" = AMD Fuel
"{119B2F5A-2A06-DB96-FF28-992EC2A10BDF}" = AMD Accelerated Video Transcoding
"{138A4072-9E64-46BD-B5F9-DB2BB395391F}" = LWS VideoEffects
"{2E8D6204-D656-8355-1ED3-2988AC52EB0F}" = ccc-utility64
"{338CE2A1-7BD6-AC18-0069-4A90F7C3D836}" = AMD Steady Video Plug-In
"{350AA351-21FA-3270-8B7A-835434E766AD}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.21022
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5831C6D6-309D-DBB5-14F7-FEE57086CEE7}" = AMD Catalyst Install Manager
"{5F92DAD2-FD95-DD12-50DF-A6F66C7E67C8}" = AMD Drag and Drop Transcoding
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{90120000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2007
"{90120000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2007
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{EF393943-0CCE-9CD9-6181-96DF4E4428EF}" = AMD Media Foundation Decoders
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"CPUID CPU-Z_is1" = CPUID CPU-Z 1.60
"NVIDIA Drivers" = NVIDIA Drivers
"Windows7FirewallControl_is1" = Windows7FirewallControl (x64) 3.5.1.131
"WinRAR archiver" = WinRAR
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03D4C700-2BFE-43E0-A0B4-9512B43C5B9F}" = Catalyst Control Center - Branding
"{08610298-29AE-445B-B37D-EFBE05802967}" = LWS Pictures And Video
"{14574B7F-75D1-4718-B7F2-EBF6E2862A35}" = Company of Heroes - FAKEMSI
"{15634701-BACE-4449-8B25-1567DA8C9FD3}" = CameraHelperMsi
"{1632FD86-1BA4-4FC4-8B25-A8C655D63F68}" = Sid Meier's Pirates!
"{1651216E-E7AD-4250-92A1-FB8ED61391C9}" = LWS Help_main
"{174A3B31-4C43-43DD-866F-73C9DB887B48}" = LWS Twitter
"{199E6632-EB28-4F73-AECB-3E192EB92D18}" = Company of Heroes - FAKEMSI
"{19D614EB-D62A-AEE7-2391-E74126601D59}" = CCC Help Italian
"{1C373820-B9C8-0F7F-8F84-FC1B76A85F27}" = CCC Help Portuguese
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21DF0294-6B9D-4741-AB6F-B2ABFBD2387E}" = LWS YouTube Plugin
"{25724802-CC14-4B90-9F3B-3D6955EE27B1}" = Company of Heroes - FAKEMSI
"{26A24AE4-039D-4CA4-87B4-2F83216015FF}" = Java(TM) 6 Update 15
"{2D35BC33-7D08-D529-DF91-8A15FBF2600E}" = CCC Help Polish
"{30D1F3D2-54CF-481D-A005-F94B0E98FEEC}" = Sid Meier's Civilization 4 Complete
"{32C4A4EB-C97D-414E-99C5-38F8DFD31D5D}" = Company of Heroes - FAKEMSI
"{32E4F0D2-C135-475E-A841-1D59A0D22989}" = Sid Meier's Civilization 4 - Beyond the Sword
"{337788D1-43D1-9A0F-9787-DD00DB512D41}" = Catalyst Control Center Localization All
"{3921A67A-5AB1-4E48-9444-C71814CF3027}" = VCRedistSetup
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = erLT
"{4725833D-4325-5C34-57D4-1FE23E5AE578}" = CCC Help Chinese Standard
"{4B271648-43CB-DD31-FF24-E7B06D3EE72A}" = Catalyst Control Center InstallProxy
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DC37F33-7AEC-A4CB-56B1-69A402828763}" = CCC Help Japanese
"{50193078-F553-4EBA-AA77-64C9FAA12F98}" = Company of Heroes - FAKEMSI
"{51D718D1-DA81-4FAD-919F-5C1CE3C33379}" = Company of Heroes - FAKEMSI
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5710DAC2-8F2A-503C-CFC2-A973ADE0EA4C}" = CCC Help Czech
"{59C80C5E-8C92-40FF-B910-2BB5C7281F61}" = Europa Universalis III
"{5C763682-4C40-86DA-9C46-31924D7D2C34}" = CCC Help Thai
"{5D191524-4976-45F9-94E8-4F6F4A1BD7C0}" = Rund um (2.0) ... Horizonte 8 BY
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FCCD531-1B38-4A94-924C-127F722F1031}" = Nero 8
"{60E5022D-FA4B-C6A2-1E80-B46EC39096F3}" = CCC Help Chinese Traditional
"{60F34FDF-267C-408F-290E-EC90D841C8CB}" = CCC Help German
"{66B79AE1-C6E2-B958-689C-D0812DE86BAB}" = CCC Help Greek
"{66F78C51-D108-4F0C-A93C-1CBE74CE338F}" = Company of Heroes - FAKEMSI
"{6B39BE0F-0F5E-A8FA-33E4-8481AE39D96C}" = CCC Help Russian
"{6F76EC3C-34B1-436E-97FB-48C58D7BEDCD}" = LWS Gallery
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71E66D3F-A009-44AB-8784-75E2819BA4BA}" = LWS Motion Detection
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2
"{7E48AFD3-F28A-4E54-99A8-9F3A4A27DBC4}" = Brother MFL-Pro Suite DCP-130C
"{7F4B1592-222F-4E5F-A100-E5AFD61A0BB3}" = Company of Heroes - FAKEMSI
"{80D03817-7943-4839-8E96-B9F924C5E67D}" = Company of Heroes - FAKEMSI
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 4.1.1
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C8FA3C-F4EA-46C4-8392-D3CE353738D6}" = LWS Launcher
"{8937D274-C281-42E4-8CDB-A0B2DF979189}" = LWS Webcam Software
"{8E19F2AF-7145-51DE-E395-7729A9374973}" = Catalyst Control Center Graphics Previews Common
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002A-0000-1000-0000000FF1CE}_ENTERPRISE_{664655D8-B9BB-455D-8A58-7EAF7B0B2862}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002A-0407-1000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{91CB5B8B-4EC8-DBA1-A88D-99FD480567B0}" = CCC Help English
"{924FBAC4-60D2-7981-3C3E-979DF9CBB346}" = CCC Help Finnish
"{96A9A1C8-FBAD-4703-ABF1-E93AA8FE85A0}_is1" = Artweaver Free 3.0
"{97E5205F-EA4F-438F-B211-F1846419F1C1}" = Company of Heroes - FAKEMSI
"{99A7722D-9ACB-43F3-A222-ABC7133F159E}" = Company of Heroes - FAKEMSI
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9DAEA76B-E50F-4272-A595-0124E826553D}" = LWS WLM Plugin
"{9DC939DC-B7A4-D0E2-C582-A442DF1B3EBE}" = CCC Help Spanish
"{9F5FD796-86F0-4360-85F8-D54C0F5411EB}" = Steuer-Spar-Erklärung 2011
"{9FD6F1A8-5550-46AF-8509-271DF0E768B5}" = Dual-Core Optimizer
"{A1BD938B-F006-6E6D-70B2-47E1DD56F7DE}" = CCC Help Swedish
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-A93000000001}" = Adobe Reader 9.3.3 - Deutsch
"{BA801B94-C28D-46EE-B806-E1E021A3D519}" = Company of Heroes - FAKEMSI
"{BABF7852-C2DD-6A8A-9956-101720C715C7}" = CCC Help Turkish
"{BB7C2A56-9706-43B8-5A8C-210AF5816106}" = CCC Help French
"{CC185D10-5C0E-40C3-91F2-63314BB365AF}" = Solid Edge ST2
"{CCD2BAD2-0919-40CB-80CC-E9538B0E4C2E}" = Steuer-Spar-Erklärung 2012
"{CFC2CB60-5654-05A7-4D30-C661800A3A92}" = CCC Help Korean
"{D04CE005-D1D2-80F3-84C8-B3524FCD39C3}" = CCC Help Norwegian
"{D40EB009-0499-459c-A8AF-C9C110766215}" = Logitech Webcam-Software
"{D4D244D1-05E0-4D24-86A2-B2433C435671}" = Company of Heroes - FAKEMSI
"{D544AE4C-4152-225B-A897-6756C8986B14}" = AMD VISION Engine Control Center
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{D6F879CC-59D6-4D4B-AE9B-D761E48D25ED}" = Skype™ 5.3
"{D81E9069-3CCC-4405-3751-71E4AFEACC52}" = CCC Help Hungarian
"{E66EAC2A-7F41-4316-8277-0A54684BC999}" = Rund um (2.0) ... Horizonte 6
"{E93FF166-DF14-2537-8FB4-96BB5810A96C}" = CCC Help Danish
"{EAF636A9-F664-4703-A659-85A894DA264F}" = Company of Heroes - FAKEMSI
"{ED5AF20A-7155-11D4-AAB3-204C4F4F5020}" = Tiny Personal Firewall 2.0.15
"{EED027B7-0DB6-404B-8F45-6DFEE34A0441}" = LWS Video Mask Maker
"{F0AF5265-0E76-4AC0-AE45-ACA6428D5EDA}" = Pfadfinder 2.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FA9827E1-8A8E-C176-4923-0840A67ED4DE}" = CCC Help Dutch
"{FF167195-9EE4-46C0-8CD7-FBA3457E88AB}" = LWS Facebook
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Avira AntiVir Desktop" = Avira Free Antivirus
"Company of Heroes" = Company of Heroes
"Diablo III" = Diablo III
"Divine Wind_is1" = Divine Wind version 5.1
"DivX Setup.divx.com" = DivX-Setup
"Downloader" = Downloader
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVD Shrink_is1" = DVD Shrink 3.2
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EVEREST Home Edition_is1" = EVEREST Home Edition v2.20
"FLV Player" = FLV Player 2.0 (build 25)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"MediaProSoft Free HD Video Converter_is1" = MediaProSoft Free HD Video Converter 5.9.5
"Medion GoPal Assistant" = Medion GoPal Assistant 4.01.028
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox (3.6.8)" = Mozilla Firefox (3.6.8)
"Mozilla Thunderbird (3.1.2)" = Mozilla Thunderbird (3.1.2)
"OpenAL" = OpenAL
"PunkBusterSvc" = PunkBuster Services
"Sid Meier's Alpha Centauri" = Sid Meier's Alpha Centauri
"Sid Meier's Alpha Centauri_is1" = Sid Meier's Alpha Centauri
"SpeedFan" = SpeedFan (remove only)
"StarCraft II" = StarCraft II
"Steam App 1520" = DEFCON
"Steam App 202200" = Galactic Civilizations II: Ultimate Edition
"Steam App 203770" = Crusader Kings II
"Steam App 24960" = Battlefield: Bad Company 2
"Steam App 3590" = Plants vs. Zombies: Game of the Year
"Steam App 49470" = Magic: The Gathering — Duels of the Planeswalkers 2012
"Steam App 550" = Left 4 Dead 2
"Steam App 58520" = Blood Bowl: Legendary Edition
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8930" = Sid Meier's Civilization V
"The KMPlayer" = The KMPlayer (remove only)
"TrueCrypt" = TrueCrypt
"uTorrent" = µTorrent
"Vid-Saver" = Vid-Saver
"VLC media player" = VLC media player 1.1.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Tropico 4" = Tropico 4 1.00
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 26.08.2011 05:37:43 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 29.08.2011 04:36:34 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 30.08.2011 14:13:03 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 01.09.2011 02:53:49 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 02.09.2011 08:36:57 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 05.09.2011 17:28:51 | Computer Name = PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RelicCOH.exe, Version: 2.602.0.199,
Zeitstempel: 0x4db843f0 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17514,
Zeitstempel: 0x4ce7ba58 Ausnahmecode: 0xc0000374 Fehleroffset: 0x000ce653 ID des fehlerhaften
Prozesses: 0x63c Startzeit der fehlerhaften Anwendung: 0x01cc6c01e651f640 Pfad der
fehlerhaften Anwendung: C:\Spiele\Company of Heroes\RelicCOH.exe Pfad des fehlerhaften
Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: 0c285c90-d806-11e0-a138-00248c1f690d
Error - 06.09.2011 03:26:57 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 07.09.2011 13:02:48 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 07.09.2011 15:12:43 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Error - 09.09.2011 03:24:50 | Computer Name = PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Tools\Nero\Nero\Nero8\Nero
Toolkit\DiscSpeed.exe". Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine
für die Anwendung erforderliche Komponentenversion steht in Konflikt mit einer anderen,
bereits aktiven Komponentenversion. In Konflikt stehende Komponenten:. Komponente
1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
[ System Events ]
Error - 02.06.2012 13:56:55 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?02.?06.?2012 um 19:55:03 unerwartet heruntergefahren.
Error - 03.06.2012 10:16:41 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 03.06.2012 10:16:41 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 03.06.2012 10:16:42 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 03.06.2012 10:16:42 | Computer Name = PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
Error - 03.06.2012 11:46:43 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?03.?06.?2012 um 17:45:01 unerwartet heruntergefahren.
Error - 06.06.2012 09:50:38 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2012 um 15:48:44 unerwartet heruntergefahren.
Error - 06.06.2012 12:26:34 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?06.?06.?2012 um 18:24:13 unerwartet heruntergefahren.
Error - 11.06.2012 15:29:41 | Computer Name = PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?11.?06.?2012 um 21:16:44 unerwartet heruntergefahren.
Error - 13.06.2012 08:58:32 | Computer Name = PC | Source = VDS Basic Provider | ID = 33554433
Description =
< End of report >
Gmer mache ich nicht, weil ich Win7 mit 64 Bit fahre, wenn ich das richtig verstanden habe. Ich wäre euch für Hilfe wirklich sehr dankbar, da hängt viel dran, dass mein Rechner nicht auf den Müll muss. Geändert von virulent (13.06.2012 um 14:41 Uhr) |
|
14.06.2012, 10:37
| #2 |
| /// Malwareteam    | Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 CkScan
__________________Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
__________________ |
|
16.06.2012, 14:12
| #3 |
| | Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 CKScanner - Additional Security Risks - These are not necessarily bad
__________________c:\spiele\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\shadow_wall_2_cracked.dds c:\spiele\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked.nif c:\spiele\sid meier's civilization 4 complete\beyond the sword\mods\afterworld\assets\art\terrain\features\afterworldwalls\wall_2_cracked_diff.dds c:\tools\steam\steamapps\common\empire total war\data\ui\campaign ui\pips\military-crackdown-repression.tga scanner sequence 3.BB.11.RTCAUA ----- EOF ----- Da steht zwar was von cracked, aber das sind keine Cracks oder so. Bislang hatte ich keine Virenmeldungen mehr, evtl. hat Avira doch alles erwischt. |
|
18.06.2012, 08:21
| #4 |
| /// Malwareteam | Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall < >. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst.[/color] Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
21.06.2012, 15:06
| #5 |
| /// Malwareteam | Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 Hallo, benötigst Du noch weiterhin Hilfe ? Sollte ich innerhalb der nächsten 24 Stunden keine Antwort von dir erhalten, werde ich dein Thema aus meinen Abos nehmen und bekomme dadurch keine Nachricht über neue Antworten. Das Verschwinden der Symptome bedeutet nicht, dass dein System schon sauber ist
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
26.06.2012, 08:58
| #6 |
| /// Malwareteam | Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomm ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen
__________________ --> Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 |
|
27.06.2012, 20:04
| #7 |
| | Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 Hallo! Da ich keine weiteren Fehlermeldungen bekommen habe, gehe ich davon aus, dass meine Virenscanner alles gesäubert haben. Falls sich doch noch was ergibt, dann melde ich mich wieder. Ganz herzlichen Dank für die Hilfe bisher! Dankeschön! |
|
| Themen zu Mediyes, TR/ATRAPS.Gen ; TR/ATRAPS.Gen2 |
| adblock, anti-malware, atraps, avira, battle.net, befallen, call of duty, cpu-z, daten, ebenfalls, editieren, entdeck, festplatte, install.exe, interne, internet, jahre, lange, malwarebytes, mediyes, microsoft office word, nachbar, ntdll.dll, office 2007, pirates, platte, plug-in, probleme, rechner, richtlinie, sauber, searchscopes, tr/atraps.gen, verschwunden, version., virus, wirklich, woche, wochen, würde |
Linear-Darstellung
