Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Avira findet 2 TR/ATRAPS.Gen2 Trojaner

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 14.06.2012, 22:19   #1
hansefred
 
Avira findet 2 TR/ATRAPS.Gen2 Trojaner - Standard

Avira findet 2 TR/ATRAPS.Gen2 Trojaner



Hallo Trojaner-Board-Team,

Mein Antivieren Programm Avira meldet immer wieder das ich von dem Trojaner TR/ATRAPS.Gen2 befallen bin. Entfernen funktioniert mit Avira nicht, der Trojaner taucht immer wieder auf.

Ich wollte hier um Rat fragen die geforderten Dateien sind beigefügt:

Ich habe Malewarebytes ausgeführt:

Malwarebytes Anti-Malware (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.14.09

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Mark :: MARK-PC [Administrator]

Schutz: Aktiviert

14.06.2012 21:47:24
mbam-log-2012-06-14 (21-47-24).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 227252
Laufzeit: 2 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Mark\AppData\Roaming\WinDefender (Rogue.WinDefender) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 1
C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\00000008.@ (Trojan.Dropper.BCMiner) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)





deflogger:

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 21:56 on 14/06/2012 (Mark)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-





Und OTL:

OTL.txt:
OTL logfile created on: 14.06.2012 22:00:13 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mark\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,98 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,71% Memory free
7,96 Gb Paging File | 5,46 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1560,15 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,54 Gb Free Space | 51,07% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012.06.14 21:36:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Mark\Downloads\OTL.exe
PRC - [2012.06.09 11:55:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.05.20 17:38:38 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
PRC - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.05.08 13:25:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 13:25:29 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
PRC - [2012.05.08 13:25:28 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 13:25:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 00:31:08 | 003,331,872 | ---- | M] (Akamai Technologies, Inc) -- C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe
PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.04.04 15:56:38 | 000,462,408 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.02.02 15:32:52 | 000,018,432 | ---- | M] () -- C:\Users\Mark\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe
PRC - [2011.12.24 23:08:47 | 001,242,448 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\Steam.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.30 09:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.12.23 12:41:36 | 003,304,768 | ---- | M] (devolo AG) -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe


========== Modules (No Company Name) ==========

MOD - [2012.06.14 20:44:07 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\ee4fdc337197b594fd956afe5ceb13df\IAStorUtil.ni.dll
MOD - [2012.06.14 17:34:22 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a501b7960f6c6e2e39162b83f3303aaa\System.Web.ni.dll
MOD - [2012.06.14 17:33:59 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 17:33:53 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.20 17:38:34 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.05.20 17:38:34 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.05.20 17:38:34 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.05.11 13:59:09 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\40d11f10564dae7eb52b7b9a71f61a1a\IAStorCommon.ni.dll
MOD - [2012.05.10 18:17:59 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.10 18:17:21 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.10 18:17:17 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.10 18:17:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.10 18:17:14 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.10 18:17:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.09 05:04:52 | 000,441,840 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
MOD - [2012.05.09 05:04:51 | 003,921,904 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
MOD - [2012.05.09 05:03:36 | 000,553,456 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\libglesv2.dll
MOD - [2012.05.09 05:03:35 | 000,117,744 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\libegl.dll
MOD - [2012.05.09 05:03:25 | 000,134,656 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\avutil-51.dll
MOD - [2012.05.09 05:03:24 | 000,250,368 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\avformat-54.dll
MOD - [2012.05.09 05:03:23 | 002,375,680 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\avcodec-54.dll
MOD - [2012.05.09 04:09:13 | 008,743,584 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
MOD - [2012.05.09 04:09:13 | 008,743,584 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\APPLIC~1\190108~1.46\gcswf32.dll
MOD - [2012.03.30 13:29:22 | 000,097,072 | ---- | M] () -- C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
MOD - [2011.05.16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2010.11.21 05:24:09 | 000,232,448 | ---- | M] () -- \\?\globalroot\systemroot\syswow64\mswsock.DLL
MOD - [2010.11.21 05:24:09 | 000,232,448 | ---- | M] () -- \\.\globalroot\systemroot\syswow64\mswsock.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll


========== Win32 Services (SafeList) ==========

SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2012.06.09 11:55:05 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.05.23 17:46:34 | 003,417,376 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_80c2ffa.dll -- (Akamai)
SRV - [2012.05.20 17:38:38 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.05.15 12:48:00 | 001,262,400 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.05.15 02:21:40 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.05.08 13:25:32 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 13:25:29 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2012.05.08 13:25:28 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.05.05 20:22:30 | 000,257,696 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.02.28 18:38:54 | 002,343,816 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.02.07 21:02:08 | 000,017,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Overwolf\\OverwolfUpdater.exe -- (OverwolfUpdaterService)
SRV - [2012.02.02 15:32:52 | 000,018,432 | ---- | M] () [Auto | Running] -- C:\Users\Mark\AppData\LocalLow\ReminderFox\IE\ReminderFoxUpdater.exe -- (ReminderFoxUpdater)
SRV - [2012.01.31 16:09:34 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.09.15 12:06:04 | 000,088,576 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2011.08.01 18:24:00 | 003,889,424 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.30 09:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2011.03.11 14:08:32 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2011.03.11 14:08:31 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010.12.23 12:41:36 | 003,304,768 | ---- | M] (devolo AG) [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010.12.06 13:52:40 | 000,062,464 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Auto | Running] -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)


========== Driver Services (SafeList) ==========

DRV:64bit: - [2012.05.08 13:25:33 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 13:25:33 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 19:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.01 12:04:01 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.01.01 12:04:01 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.12.01 12:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol)
DRV:64bit: - [2011.12.01 12:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp)
DRV:64bit: - [2011.10.24 18:39:54 | 000,066,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGSHidFilt.Sys -- (LGSHidFilt)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.09.16 16:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.08.02 18:38:56 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.06.02 19:32:50 | 000,401,896 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.06.02 19:32:50 | 000,128,488 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.05.17 07:55:28 | 000,533,096 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.26 20:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.03.11 14:08:31 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su)
DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd)
DRV:64bit: - [2010.08.12 19:26:00 | 001,310,720 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CM10864.sys -- (USBPNPA)
DRV:64bit: - [2010.06.25 16:08:10 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\htcnprot.sys -- (htcnprot)
DRV:64bit: - [2009.11.24 03:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 03:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.11.02 18:16:50 | 000,033,736 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys -- (HTCAND64)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 18:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2010.06.10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo) NetGroup Packet Filter Driver (devolo)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2005.01.01 11:43:08 | 000,004,682 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2851647
IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {2025AD0A-1749-478B-80C0-A90D3A20FFA3}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=111015&mntrId=204c3cc00000000000008c89a56d75a2
IE - HKCU\..\SearchScopes\{2025AD0A-1749-478B-80C0-A90D3A20FFA3}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=382950&p={searchTerms}
IE - HKCU\..\SearchScopes\{3D6BD48C-B4FF-45F4-8360-12AF72146AC1}: "URL" = hxxp://searchya.com/?chnl=ft-100&s=1&cr=1207199799&cd=2XzutAtN2Y1L1Qzu0EtD0Bzy0AyD0ByE0A0AtD0F0CtA0C0CtDtN0D0TzutBtDtCtBtDtBtCtB&q={searchTerms}
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\..\SearchScopes\{99BF533D-63AB-4E20-8D6A-76C0930A2545}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNE_deDE463DE464
IE - HKCU\..\SearchScopes\{A6E9001E-3991-4B90-BD35-4A4D908A8051}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2851647
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950&ilc=12"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=382950&ilc=12&p="


FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files (x86)\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Mark\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\virtualKeyboard@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\KavAntiBanner@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2011\FFExt\linkfilter@kaspersky.ru
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.04.17 18:06:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins

[2012.02.04 11:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions
[2012.02.04 11:01:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Extensions\songbird@songbirdnest.com
[2011.12.25 20:43:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\extensions
[2011.12.25 20:43:12 | 000,000,000 | ---D | M] (uTorrentBar_DE Community Toolbar) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
[2012.05.15 20:48:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\jh5ypwid.default\extensions
[2012.03.25 18:44:10 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Mark\AppData\Roaming\mozilla\Firefox\Profiles\jh5ypwid.default\extensions\toolbar@ask.com
[2012.04.17 18:06:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.03.13 06:38:06 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{googleriginalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFiel dTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\Application\19.0.1084.46\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: registryAccess (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\background/registryAccess.dll
CHR - plugin: (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\chromeNPAPI.dll
CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\npSkypeChromePlugin.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 7.0.0.147 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\1.118.0\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Unity Player (Enabled) = C:\Users\Mark\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Avira Toolbar = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaangmfdabjilefmognkgcebjgcojek\7.14.1.20932_0\
CHR - Extension: YouTube = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Browser Companion Helper = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\clbfjfbnelcflpgpklppgplejolacbej\1.0.5_0\
CHR - Extension: Google-Suche = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Skype Click to Call = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: ReminderFox = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\mpejamdehjfchbpcpblhacbebhiopkom\1.99.5_0\
CHR - Extension: Google Mail = C:\Users\Mark\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2012.01.29 11:50:37 | 000,000,896 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 secure.nero.com/us/secure.asp
O1 - Hosts: 127.0.0.1 activation@nero.com
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Chatvibes Browser Helper) - {00cbb66b-1d3b-46d3-9577-323a336acb50} - C:\Program Files (x86)\BrowserCompanion\jsloader.dll ( )
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ReminderFox) - {7C9B39E6-6606-4ED2-8A3F-36E39C78CBDC} - C:\Users\Mark\AppData\LocalLow\ReminderFox\IE\ReminderFox.dll (Tom Mutdosch)
O2 - BHO: (Chatvibes Browser Helper Verifier) - {963B125B-8B21-49A2-A3A8-E37092276531} - C:\Program Files (x86)\BrowserCompanion\updatebhoWin32.dll ( )
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files (x86)\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll File not found
O3 - HKLM\..\Toolbar: (uTorrentBar_DE Toolbar) - {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (uTorrentBar_DE Toolbar) - {C840E246-6B95-475E-9BD7-CAA1C7ECA9F2} - C:\Program Files (x86)\uTorrentBar_DE\prxtbuTor.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [Cm108Sound] C:\Windows\Syswow64\cm108.dll (C-Media Corporation)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mark\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000009 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000010 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000011 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000014 - mmswsock.dll File not found
O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Program Files (x86)\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5B90CD70-E56C-4456-B65F-11601705E13B}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{63A3E769-8B26-4CC2-8F44-87F53971FE65}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\base64 - No CLSID value found
O18:64bit: - Protocol\Handler\chrome - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\prox - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\base64 {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\chrome {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\prox {5ACE96C0-C70A-4A4D-AF14-2E7B869345E1} - C:\Program Files (x86)\BrowserCompanion\tdataprotocol.dll (Blabbers Communications Ltd)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

File not found -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Neue Funktion 1
[2012.06.14 21:56:08 | 000,000,000 | ---D | C] -- C:\Users\Mark\Desktop\Logfiles
[2012.06.14 21:44:35 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Malwarebytes
[2012.06.14 21:44:31 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.14 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.14 21:44:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.14 21:44:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.14 17:53:12 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\LolClient2
[2012.06.14 17:18:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.06.14 17:18:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.06.14 17:18:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.06.14 17:18:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.06.14 17:18:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.06.14 17:18:11 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.06.14 17:18:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.06.14 17:18:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.06.14 17:18:10 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.06.14 17:18:09 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.06.14 17:18:09 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.06.14 17:18:09 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.06.14 17:18:09 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.06.14 17:09:31 | 003,851,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_39.dll
[2012.06.14 17:09:31 | 001,493,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_39.dll
[2012.06.14 17:09:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_39.dll
[2012.06.14 17:02:29 | 000,000,000 | ---D | C] -- C:\Riot Games
[2012.06.14 16:25:21 | 000,000,000 | -HSD | C] -- C:\Windows\SysWow64\%APPDATA%
[2012.06.14 14:36:26 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll
[2012.06.14 14:36:26 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll
[2012.06.14 14:36:26 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe
[2012.06.14 14:33:51 | 005,559,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2012.06.14 14:33:50 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2012.06.14 14:33:50 | 003,913,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2012.06.14 14:33:43 | 003,216,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msi.dll
[2012.06.14 14:33:39 | 001,462,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\crypt32.dll
[2012.06.14 14:33:39 | 000,140,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cryptnet.dll
[2012.06.14 14:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Neuer Ordner
[2012.06.14 14:32:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\League of Legends
[2012.06.08 11:02:06 | 000,000,000 | ---D | C] -- C:\Users\Mark\Documents\Imperial Glory Savegames
[2012.06.08 10:57:44 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.06.08 10:57:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GameSpy Arcade
[2012.06.08 10:57:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameSpy Arcade
[2012.06.08 10:56:49 | 000,000,000 | ---D | C] -- C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\GameShadow
[2012.06.08 10:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MSSoap
[2012.06.08 10:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GameShadow
[2012.06.08 10:55:51 | 000,000,000 | ---D | C] -- C:\Windows\Downloaded Installations
[2012.06.08 10:50:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pyro Studios
[2012.06.08 10:50:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Pyro Studios
[2012.06.04 19:43:07 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2012.06.04 19:32:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
[2012.06.04 19:29:50 | 025,248,064 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcompiler.dll
[2012.06.04 19:29:50 | 019,607,872 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvoglv32.dll
[2012.06.04 19:29:50 | 018,044,224 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvd3dumx.dll
[2012.06.04 19:29:50 | 017,551,680 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcompiler.dll
[2012.06.04 19:29:50 | 008,139,072 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuda.dll
[2012.06.04 19:29:50 | 008,105,280 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvwgf2um.dll
[2012.06.04 19:29:50 | 005,982,528 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuda.dll
[2012.06.04 19:29:50 | 002,881,856 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvenc.dll
[2012.06.04 19:29:50 | 002,681,664 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvcuvid.dll
[2012.06.04 19:29:50 | 002,524,992 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvid.dll
[2012.06.04 19:29:50 | 002,445,120 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvcuvenc.dll
[2012.06.04 19:29:50 | 002,368,832 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvapi.dll
[2012.06.04 19:29:50 | 000,818,496 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvumdshim.dll
[2012.06.04 19:29:50 | 000,364,352 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvdecodemft.dll
[2012.06.04 19:29:50 | 000,301,376 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvdecodemft.dll
[2012.06.04 19:29:50 | 000,246,592 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvinitx.dll
[2012.06.04 19:29:50 | 000,202,048 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysWow64\nvinit.dll
[2012.06.04 19:29:50 | 000,188,736 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\drivers\nvhda64v.sys
[2012.06.04 19:29:50 | 000,031,040 | ---- | C] (NVIDIA Corporation) -- C:\Windows\SysNative\nvhdap64.dll
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.06.14 22:01:19 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 22:01:19 | 000,017,152 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.14 22:01:00 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.14 21:53:23 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.14 21:53:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.14 21:53:14 | 3206,787,072 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.14 21:44:32 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 21:37:42 | 000,065,396 | ---- | M] () -- C:\Users\Mark\Desktop\Anhang.png
[2012.06.14 21:29:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078937058-454183605-2439963766-1003UA.job
[2012.06.14 21:22:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.14 21:16:49 | 000,000,000 | ---- | M] () -- C:\Users\Mark\defogger_reenable
[2012.06.14 21:15:54 | 000,050,477 | ---- | M] () -- C:\Users\Mark\Desktop\Defogger.exe
[2012.06.14 18:55:09 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.06.14 18:55:09 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.06.14 18:51:18 | 000,282,472 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.06.14 18:14:19 | 000,170,648 | ---- | M] () -- C:\Users\Mark\Documents\ts3_clientui-win32-1334913258-2012-06-14 18_14_16.825931.dmp
[2012.06.14 17:29:16 | 000,394,760 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.06.14 17:25:38 | 001,846,396 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 17:25:38 | 000,772,250 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 17:25:38 | 000,726,116 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 17:25:38 | 000,177,432 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 17:25:38 | 000,149,866 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 17:09:32 | 000,001,726 | ---- | M] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.06.12 13:29:00 | 000,001,064 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-4078937058-454183605-2439963766-1003Core.job
[2012.06.09 11:55:05 | 000,076,888 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2012.06.08 20:32:33 | 000,674,600 | ---- | M] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.06.08 10:56:49 | 000,003,151 | ---- | M] () -- C:\Users\Mark\Desktop\GameShadow.lnk
[2012.06.08 10:55:45 | 000,002,163 | ---- | M] () -- C:\Users\Public\Desktop\Imperial Glory.lnk
[2012.05.18 04:06:48 | 002,311,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.05.18 03:58:39 | 001,494,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.05.18 03:58:15 | 000,237,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.05.18 03:55:22 | 000,173,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.05.18 03:55:06 | 000,818,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.05.18 03:51:49 | 000,096,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.05.18 03:47:42 | 000,248,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.05.18 00:35:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.05.18 00:33:08 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.05.18 00:29:45 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.05.18 00:29:30 | 000,716,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.05.18 00:25:17 | 000,073,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.05.18 00:20:42 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[26 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.06.14 22:01:49 | 000,093,696 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\80000032.@
[2012.06.14 22:01:49 | 000,076,800 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\80000064.@
[2012.06.14 21:54:14 | 000,232,960 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\00000008.@
[2012.06.14 21:44:32 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.14 21:38:56 | 000,050,477 | ---- | C] () -- C:\Users\Mark\Desktop\Defogger.exe
[2012.06.14 21:37:48 | 000,065,396 | ---- | C] () -- C:\Users\Mark\Desktop\Anhang.png
[2012.06.14 21:16:49 | 000,000,000 | ---- | C] () -- C:\Users\Mark\defogger_reenable
[2012.06.14 18:14:16 | 000,170,648 | ---- | C] () -- C:\Users\Mark\Documents\ts3_clientui-win32-1334913258-2012-06-14 18_14_16.825931.dmp
[2012.06.14 17:09:32 | 000,001,726 | ---- | C] () -- C:\Users\Public\Desktop\League of Legends spielen .lnk
[2012.06.14 16:11:00 | 000,000,773 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\L\00000004.@
[2012.06.14 16:10:59 | 000,016,896 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\80000000.@
[2012.06.14 16:10:57 | 000,002,048 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\00000004.@
[2012.06.14 16:10:57 | 000,001,584 | ---- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\U\000000cb.@
[2012.06.08 10:56:49 | 000,003,151 | ---- | C] () -- C:\Users\Mark\Desktop\GameShadow.lnk
[2012.06.08 10:55:45 | 000,002,163 | ---- | C] () -- C:\Users\Public\Desktop\Imperial Glory.lnk
[2012.06.08 10:55:05 | 000,040,960 | R--- | C] () -- C:\Windows\IGLobbyReg.exe
[2012.05.15 02:21:50 | 000,423,744 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2012.04.17 17:28:17 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2012.04.15 14:02:31 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat
[2012.03.04 14:55:49 | 000,000,030 | ---- | C] () -- C:\Windows\Q3version.ini
[2012.03.04 14:53:43 | 000,180,224 | ---- | C] () -- C:\Windows\IsUninst.exe
[2012.03.04 14:47:12 | 000,000,927 | ---- | C] () -- C:\Windows\Qiii.INI
[2012.03.01 15:45:59 | 000,070,483 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\icarus-dxdiag.xml
[2012.02.15 18:29:24 | 000,000,092 | ---- | C] () -- C:\Users\Mark\AppData\Local\fusioncache.dat
[2012.02.15 16:41:17 | 000,000,116 | ---- | C] () -- C:\Users\Mark\AppData\Roaming\Melt.bat
[2012.02.13 18:45:02 | 000,674,600 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2012.02.12 17:05:55 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2012.02.04 11:50:37 | 000,007,597 | ---- | C] () -- C:\Users\Mark\AppData\Local\Resmon.ResmonCfg
[2012.01.11 16:12:33 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{93832d05-75e6-fdfc-982d-8cf84e7110f2}\@
[2011.12.30 20:52:28 | 001,809,650 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.26 19:54:00 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix108.dll
[2011.12.26 19:53:59 | 000,000,169 | ---- | C] () -- C:\Windows\Cm108.ini.cfl
[2011.12.26 19:53:08 | 000,002,029 | ---- | C] () -- C:\Windows\Cm108.ini.cfg
[2011.12.26 19:53:08 | 000,000,579 | ---- | C] () -- C:\Windows\Cm108.ini.imi
[2011.12.26 19:53:06 | 000,001,373 | ---- | C] () -- C:\Windows\cm108.ini
[2011.12.25 01:21:33 | 000,282,472 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.25 01:21:23 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe

========== LOP Check ==========

[2012.06.08 20:17:22 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.minecraft
[2012.04.12 18:43:34 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\.Nitrous
[2012.02.12 17:09:57 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\AnvSoft
[2012.01.22 12:24:44 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ashampoo
[2012.05.01 16:45:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Azureus
[2012.02.12 17:00:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Babylon
[2012.02.13 15:15:55 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Blender Foundation
[2012.01.14 15:03:10 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Canneverbe Limited
[2012.02.18 21:32:24 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\FOG Downloader
[2012.03.18 12:00:30 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\GetRightToGo
[2012.03.05 17:29:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\gtk-2.0
[2012.02.12 20:03:19 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HandBrake
[2012.04.01 11:27:02 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HTC
[2012.04.01 11:32:59 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1
[2012.03.18 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Klett
[2011.12.30 20:35:17 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Leadertech
[2012.06.14 17:53:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\LolClient2
[2012.06.04 20:23:14 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\MonoDevelop-Unity
[2012.03.04 13:44:50 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenArena
[2012.02.06 20:29:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\OpenOffice.org
[2012.01.04 19:01:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Origin
[2012.02.24 11:39:31 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\PACE Anti-Piracy
[2012.02.04 11:01:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Philips-Songbird
[2011.12.25 00:05:27 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Publish Providers
[2012.03.03 20:56:48 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\RadiantSettings
[2012.05.06 11:33:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\smiledaten
[2012.06.12 18:13:21 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\SoftGrid Client
[2012.03.15 20:29:12 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Sony
[2012.01.22 14:25:41 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TeamViewer
[2011.12.31 12:16:45 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TP
[2012.06.14 17:55:26 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\TS3Client
[2012.01.31 18:08:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\ts3overlay
[2012.01.01 13:36:10 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Ubisoft
[2012.02.24 11:40:09 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Unity
[2012.06.14 18:52:42 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\uTorrent
[2012.03.07 19:01:47 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\VisualAssist
[2012.04.18 17:38:47 | 000,000,000 | ---D | M] -- C:\Users\Mark\AppData\Roaming\Windows Live Writer
[2012.05.26 19:19:20 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 1174 bytes -> C:\ProgramData\Microsoft:gzefR8dB66ib31AFqqCf1MUmj
@Alternate Data Stream - 1154 bytes -> C:\Program Files (x86)\Common Files\System:u0Xn8B4ypHWH2unDjz
@Alternate Data Stream - 1053 bytes -> C:\ProgramData\Microsoft:eJmUPMr84RXGCSnw7JvGM
@Alternate Data Stream - 1009 bytes -> C:\Users\Mark\AppData\Local\w6wVQCVxk:YmNuXCAqEq1OKxhLoVbQBx8

< End of report >


Etras.txt:
OTL Extras logfile created on: 14.06.2012 22:00:13 - Run 1
OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Mark\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3,98 Gb Total Physical Memory | 2,06 Gb Available Physical Memory | 51,71% Memory free
7,96 Gb Paging File | 5,46 Gb Available in Paging File | 68,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 1811,92 Gb Total Space | 1560,15 Gb Free Space | 86,10% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 25,54 Gb Free Space | 51,07% Space Free | Partition Type: NTFS

Computer Name: MARK-PC | User Name: Mark | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- "C:\Windows\system32\rundll32.exe" "C:\Windows\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

========== Authorized Applications List ==========


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{09782D89-1CA6-4B7D-82C5-2DE01AF5601B}" = Microsoft SQL Server 2008 Common Files
"{0ADF605D-2D94-4467-91F7-D75C71CF328D}" = Microsoft SQL Server 2008 Database Engine Shared
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{11EB3D68-A5BE-43EA-8D31-43B08ADB0DA4}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de
"{1685AE50-97ED-485B-80F6-145071EE14B0}" = Windows Live Remote Service Resources
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1CB6C387-65A7-327F-B4A5-7DDC75A291AF}" = Microsoft Visual Studio 2010 Office Developer Tools (x64)
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{28D06854-572C-4A65-83E5-F8CAF26B9FDC}" = Microsoft SQL Server VSS Writer
"{29AFE1B0-26A4-11E1-BFD4-F04DA23A5C58}" = MSVCRT Redists
"{2C1A6191-9804-4FDC-AB01-6F9183C91A13}" = Windows Live Remote Client Resources
"{2DF4C5DD-7417-301D-935D-939D3B7B5997}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{2F14965D-567B-4E59-ADEB-0A2CC1E3ADDF}" = Sql Server Customer Experience Improvement Program
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{31A6FA40-E935-11E0-95F9-F04DA23A5C58}" = Vegas Pro 11.0 (64-bit)
"{33C19CDE-E935-11E0-A0DA-F04DA23A5C58}" = MSVCRT Redists
"{3C983A67-DFB2-3D3D-AD9E-CA1A5A09FD18}" = Microsoft Visual Studio 2010 Express Prerequisites x64 - DEU
"{440668AA-7524-40DB-966A-60BE535E1B3F}" = Microsoft SQL Server 2008 Database Engine Services
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{47BA3A3A-6B4E-307F-A43B-724079FE90C6}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{4A8CE6D7-4D52-43B9-970B-03FC75FAD667}" = Microsoft SQL Server System CLR Types (x64)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4C2E49C0-9276-4324-841D-774CCCE5DB48}" = Windows Live Remote Client Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{51DDB4F9-7FFF-4970-AED4-DB3C22A5C522}" = Corel Graphics - Windows Shell Extension 64 Bit
"{5340A3B5-3853-4745-BED2-DD9FF5371331}" = Microsoft SQL Server 2008 Common Files
"{53952792-BF16-300E-ADF2-E7E4367E00CF}" = Visual Studio 2010 Prerequisites - English
"{57F2BD1C-14A3-4785-8E48-2075B96EB2DF}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{690285C2-2481-44FB-8402-162EA970A6DD}" = Logitech Gaming Software
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6AF73222-EE90-434C-AE7E-B96F70A68D89}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{7AC5FFA7-6815-4AED-B16D-8E0D7CC4B221}" = Microsoft Sync Framework Runtime v1.0 SP1 (x64) de
"{7ACE202B-1B01-4B43-B6AE-03D66D621CDE}" = Microsoft SQL Server 2008 RsFx Driver
"{7AEC844D-448A-455E-A34E-E1032196BBCD}" = Windows Live Remote Service Resources
"{7F801000-A1D5-11E0-9092-0013D3D69929}" = MSVCRT Redists
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8325FD0C-2FDB-46C3-921A-3A78385EA972}" = Microsoft SQL Server 2008 Native Client
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{88BAE373-00F4-3E33-828F-96E89E5E0CB9}" = Microsoft Visual Studio 2010 IntelliTrace Collection (x64)
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{8FF0ACBD-17A5-3637-95F4-D7C69723E2BF}" = Microsoft Visual Studio 2010 Performance Collection Tools - ENU
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{94D70749-4281-39AC-AD90-B56A0E0A402E}" = Microsoft Visual C++ 2010 x64 Runtime - 10.0.30319
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95A2AD24-BD44-3E39-A31F-CE928276577E}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{A060182D-CDBE-4AD6-B9B4-860B435D6CBD}" = Windows Live Remote Client Resources
"{A1F50E06-E514-393D-AAEB-2F989F0B7C68}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 301.42
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.8.15
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.16.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C3600AE6-93A0-3DB7-B7AA-45BD58F133B5}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"{C3EAE456-7E7A-451F-80EF-F34C7A13C558}" = Microsoft SQL Server Compact 3.5 SP2 x64 DEU
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CC8BA866-16A7-4667-BA0C-C494A1E7B2BF}" = Microsoft SQL Server 2008 Database Engine Shared
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}" = Microsoft SQL Server Compact 3.5 SP2 x64 ENU
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D600D357-5CB9-4DE9-8FD4-14E208BD1970}" = Nero Backup Drivers
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA67488A-2689-4F10-B90F-D2F6977509D6}" = Microsoft SQL Server 2008 R2 Management Objects (x64)
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E802A021-0F24-3484-97F7-D74D74CB93A0}" = Microsoft Visual Studio 2010 Office Developer Tools (x64) Language Pack - DEU
"{EF9A1373-9238-4E11-8FF8-7B83996F5BE5}" = Microsoft Sync Framework Services v1.0 SP1 (x64) de
"{F5079164-1DB9-3BDA-853B-F78AF67CE071}" = Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"{FBD367D1-642F-47CF-B79B-9BE48FB34007}" = Microsoft SQL Server 2008 Database Engine Services
"{FCADA26A-5672-31DD-BF0E-BA76ECF9B02D}" = Microsoft Help Viewer 1.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"Blender" = Blender
"CCleaner" = CCleaner
"C-Media CM108 Like Sound Driver" = ROCCAT Kulo
"Logitech Gaming Software" = Logitech Gaming Software 8.20
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008 (64-bit)
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008 (64-bit)
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x64)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU
"WinRAR archiver" = WinRAR 4.01 (64-Bit)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"_{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"_{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{08DA8E46-ED67-451A-9246-50E0FF6959C9}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{09B7C7EB-3140-4B5E-842F-9C79A7137139}" = Windows Live Mesh ActiveX-kontroll for eksterne tilkoblinger
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0C975FCC-A06E-4CB6-8F54-A9B52CF37781}" = Windows Liven sähköposti
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0DDCEC37-369C-484B-B16D-B4413FD42FB9}" = Microsoft SQL Server 2008 R2 Data-Tier Application Framework
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{110668B7-54C6-47C9-BAC4-1CE77F156AF5}" = Windows Live Mesh
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{11417707-1F72-4279-95A3-01E0B898BBF5}" = Windows Live Mesh
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{133D9D67-D475-4407-AC3C-D558087B2453}" = Windows Live Movie Maker
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1A72337E-D126-4BAF-AC89-E6122DB71866}" = Windows Liven valokuvavalikoima
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{1FCC8C70-66B9-420D-942C-2C2A8441C744}" = Imperial Glory
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{220C7F8C-929D-4F71-9DC7-F7A6823B38E4}" = Windows Live UX Platform Language Pack
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{24DF33E0-F924-4D0D-9B96-11F28F0D602D}" = Windows Live UX Platform Language Pack
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{25CD4B12-8CC5-433E-B723-C9CB41FA8C5A}" = Windows Live Writer
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{28B9D2D8-4304-483F-AD71-51890A063A74}" = Windows Live Photo Common
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2D9FEBEE-F1B7-344F-BFDF-760E18332D96}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{2E50E321-4747-4EB5-9ECB-BBC6C3AC0F31}" = Windows Live Writer Resources
"{2F14F550-0FFC-4285-B673-880744D428A3}" = CorelDRAW Essentials X5 - Custom Data
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34809713-7886-4F6A-B9D5-CC74DBC1C77E}" = CorelDRAW Essentials X5 - Redist
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{376D59B1-42D9-4FA2-B6CC-E346B6BE14F5}" = ActiveX-kontroll för fjärranslutningar för Windows Live Mesh
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{39F95B0B-A0B7-4FA7-BB6C-197DA2546468}" = Windows Live Mesh
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3AC8457C-0385-4BEA-A959-E095F05D6D67}" = Battlefield: Bad Company™ 2
"{3B1EF0C5-8855-416F-A6F4-5CC5FCF267CA}" = CorelDRAW Essentials X5 - WT
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{41B31ABE-5A6E-498A-8F28-3BA3B8779A41}" = Dotfuscator Software Services - Community Edition
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{4433CEC6-DA32-4D7B-BA95-B47C68498287}" = CorelDRAW Essentials X5 - Connect
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A04DB63-8F81-4EF4-9D09-61A2057EF419}" = Windows Live Essentials
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4CF6F287-5121-483C-A5A2-07BDE19D8B4E}" = Windows Live Meshin etäyhteyksien ActiveX-komponentti
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5A10CFDA-FA2B-453C-B561-AE864E62EAC8}" = CorelDRAW Essentials X5 - Extra Content
"{5C2F5C1B-9732-4F81-8FBF-6711627DC508}" = Windows Live Fotogalleri
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{666D7CED-12E0-4BA3-B594-5681961E7B02}" = CorelDRAW Essentials X5 - IPM
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69CAC24D-B1DC-4B97-A1BE-FE21843108FE}" = Windows Live Writer Resources
"{6A67578E-095B-4661-88F7-0B199CEC3371}" = Windows Live Messenger
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010 x86 Runtime - 10.0.30319
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{6DE61FFB-8ADC-4A09-B3DC-5DA15CAE48A0}" = CorelDRAW Essentials X5 - DE
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{6EF2BE2C-3121-48B7-B7A6-C56046B3A588}" = Windows Live Movie Maker
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"{734104DE-C2BF-412F-BB97-FCCE1EC94229}" = Windows Live Writer Resources
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78C3657E-742C-40B1-9F53-E5A921D40F17}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A3FFA58-876F-489C-B6CF-0503916224DF}" = HTC Sync
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7ADFA72D-2A9F-4DEC-80A5-2FAA27E23F0F}" = Windows Live Photo Common
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7BDA08C6-D3A1-4E2A-83F6-BBE15060DF80}" = CorelDRAW Essentials X5 - IT
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{834F4E2F-E9DF-4FA9-8499-FF6B91012898}" = CorelDRAW Essentials X5
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{846E4C72-DF45-43ED-1680-EDF5F87F279E}" = dLAN Cockpit
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{85E8F38F-0303-401E-A518-0302DF88EB07}" = CorelDRAW Essentials X5 - Draw
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{885F1BCD-C344-4758-85BD-09640CF449A5}" = Windows Live Photo Gallery
"{888F1505-C2B3-4FDE-835D-36353EBD4754}" = Ubisoft Game Launcher
"{8909CFA8-97BF-4077-AC0F-6925243FFE08}" = Windows Liven asennustyökalu
"{89BA6E81-B60A-49BC-B283-80560A9E60DF}" = CorelDRAW Essentials X5 - PHOTO-PAINT
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8CF5D47D-27B7-49D6-A14F-10550B92749D}" = Windows Live UX Platform Language Pack
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{924B4D82-1B97-48EB-8F1E-55C4353C22DB}" = Windows Live Mail
"{92606477-9366-4D3B-8AE3-6BE4B29727AB}" = League of Legends
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA4D1C5E-116A-4FF4-AA91-28F526868203}" = watchmi
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.0) MUI
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B48E264C-C8CD-4617-B0BE-46E977BAD694}" = ANNO 2070
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B6BFCD02-BA0E-41A9-9C9C-6624C4BB475F}" = Corel Graphics - Windows Shell Extension
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BC0464FA-A0BA-3E38-85BF-DC5B3A401F48}" = Microsoft Visual Studio 2010 Ultimate - ENU
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{BFC47A0B-D487-4DF0-889E-D6D392DF31E0}" = Windows Live Messenger
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB594326-2A81-4B1D-AE5B-AA14FE09B1EE}" = Overwolf
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CD442136-9115-4236-9C14-278F6A9DCB3F}" = Windows Live Movie Maker
"{CD7CB1E6-267A-408F-877D-B532AD2C882E}" = Windows Live Photo Common
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CE9BAD6E-60FC-46CC-82A2-5B0F2B1A0E36}" = Dotfuscator Software Services - Community Edition - DEU
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D0BEB150-2046-4F94-AE7B-EA76772592F6}" = CorelDRAW Essentials X5 - Common
"{D31169F2-CD71-4337-B783-3E53F29F4CAD}" = Windows Live Mail
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{D7E60152-6C65-4982-8840-B6D28BF881BD}" = CorelDRAW Essentials X5 - FR
"{DA29F644-2420-4448-8128-1331BE588999}" = Windows Live Writer
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DCAB6BA7-6533-44BF-9235-E5BF33B7431C}" = Windows Live Writer
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEEB5FE3-40F5-3C5B-8F85-5306EF3C08F4}" = Microsoft Visual C++ 2010 Express - DEU
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E2494AD8-314D-44F8-B39C-4358A60DC184}" = LogMeIn Hamachi
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4BE9367-168B-4B30-B198-EE37C99FB147}" = CorelDRAW Essentials X5 - Filters
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}" = Asmedia ASM104x USB 3.0 Host Controller Driver
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5AE9031-79A5-4627-9641-BEFA82819B08}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E7BE4D1A-B529-448B-8407-889705B65185}" = CorelDRAW Essentials X5 - ES
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{EBB11C78-68A6-42D7-84FC-517F9DBF9D55}" = GameShadow
"{EC2F741D-308C-42B4-BD04-9A4853F2E402}" = GtkRadiant 1.5.0
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{EDBEBF07-F880-48FB-9AA5-0E8E71E02D83}" = CorelDRAW Essentials X5 - Setup Files
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0F9505B-3ACF-4158-9311-D0285136AA00}" = Windows Live Essentials
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA6AF809-9A80-423A-A57A-C7D726A04E4C}" = CorelDRAW Essentials X5 - EN
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FFFA0584-8E3D-4195-8283-CCA3AD73C746}" = Windows Live Messenger
"12bbe590-c890-11d9-9669-0800200c9a66_is1" = Der Herr der Ringe Online v03.04.04.8012
"Adobe AIR" = Adobe AIR
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface
"Ashampoo Burning Studio_is1" = Ashampoo Burning Studio
"Ashampoo Photo Commander_is1" = Ashampoo Photo Commander
"Ashampoo Photo Optimizer_is1" = Ashampoo Photo Optimizer
"Ashampoo Snap_is1" = Ashampoo Snap
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"BrowserCompanion" = BrowserCompanion
"Cockpit.92121A72F826FA9D0BD3A830E7F04987B31AFB22.1" = dLAN Cockpit
"dlancockpit" = devolo dLAN Cockpit
"ESN Sonar-0.70.4" = ESN Sonar
"FormatFactory" = FormatFactory 2.80
"Fraps" = Fraps (remove only)
"GameSpy Arcade" = GameSpy Arcade
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{72BF1DA0-2B00-4794-9173-159722019B74}" = CyberLink YouPaint
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"IsoBuster_is1" = IsoBuster 2.8.5
"Klett Lernsoftware Mathematik - Schnittpunkt (5.~ACED3B27_is1" = Klett Lernsoftware Mathematik - Schnittpunkt (5. Lernjahr) 9 BW
"LogMeIn Hamachi" = LogMeIn Hamachi
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.61.0.1400
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft DirectX SDK (June 2010)" = Microsoft DirectX SDK (June 2010)
"Microsoft Visual C++ 2010 Express - DEU" = Microsoft Visual C++ 2010 Express - DEU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Ultimate - ENU" = Microsoft Visual Studio 2010 Ultimate - ENU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Minecraft Installer 3.0.0 for Minecraft 1.0.0" = Minecraft Installer 3.0.0 for Minecraft 1.0.0
"Mozilla Firefox 11.0 (x86 de)" = Mozilla Firefox 11.0 (x86 de)
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Ogre VC10 AppWizard" = Ogre VC10 AppWizard
"Origin" = Origin
"Panda3D 1.8.0" = Panda3D 1.8.0
"PunkBusterSvc" = PunkBuster Services
"S.W.A.T. 4_is1" = S.W.A.T. 4
"Steam App 113420" = Fallen Earth
"Steam App 1250" = Killing Floor
"Steam App 240" = Counter-Strike: Source
"Steam App 24240" = PAYDAY: The Heist
"Steam App 34010" = Alpha Protocol
"Steam App 40990" = Mafia
"Steam App 42120" = Lead and Gold - Gangs of the Wild West
"Steam App 42680" = Call of Duty: Modern Warfare 3
"Steam App 42690" = Call of Duty: Modern Warfare 3 - Multiplayer
"Steam App 43110" = Metro 2033
"Steam App 43190" = The Haunted: Hells Reach
"Steam App 440" = Team Fortress 2
"Steam App 56400" = Warhammer® 40,000®: Dawn of War® II – Retribution™
"Steam App 65800" = Dungeon Defenders
"Steam App 7940" = Call of Duty 4: Modern Warfare
"Steam App 8980" = Borderlands
"Steam App 91310" = Dead Island
"SystemRequirementsLab" = System Requirements Lab
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"Unity" = Unity
"uTorrent" = µTorrent
"uTorrentBar_DE Toolbar" = uTorrentBar_DE Toolbar
"Winamp" = Winamp
"WinLiveSuite" = Windows Liven asennustyökalu

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"Akamai" = Akamai NetSession Interface
"FoxTab PDF Creator" = FoxTab PDF Creator
"Google Chrome" = Google Chrome
"UnityWebPlayer" = Unity Web Player
"Winamp Detect" = Winamp Erkennungs-Plug-in

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 09.06.2012 03:51:57 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x1670 Startzeit der fehlerhaften Anwendung: 0x01cd4614b8ae5e87 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Call of Duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Call of
Duty 4\iw3mp.exe Berichtskennung: fc2e73c7-b207-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 03:52:32 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0xaac Startzeit der fehlerhaften Anwendung: 0x01cd4614d056c6c5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\call of duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\call of
duty 4\iw3mp.exe Berichtskennung: 10f4bfe6-b208-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 04:16:19 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ImperialGlory.exe, Version: 0.0.0.0,
Zeitstempel: 0x42e8abfc Name des fehlerhaften Moduls: ImperialGlory.exe, Version:
0.0.0.0, Zeitstempel: 0x42e8abfc Ausnahmecode: 0xc0000005 Fehleroffset: 0x001ef933
ID
des fehlerhaften Prozesses: 0x458 Startzeit der fehlerhaften Anwendung: 0x01cd4615b45e9ce8
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Pyro Studios\Imperial Glory\ImperialGlory.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Pyro Studios\Imperial Glory\ImperialGlory.exe
Berichtskennung:
6398d28b-b20b-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 04:39:22 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ImperialGlory.exe, Version: 0.0.0.0,
Zeitstempel: 0x42e8abfc Name des fehlerhaften Moduls: ImperialGlory.exe, Version:
0.0.0.0, Zeitstempel: 0x42e8abfc Ausnahmecode: 0xc0000005 Fehleroffset: 0x000702f7
ID
des fehlerhaften Prozesses: 0x8e4 Startzeit der fehlerhaften Anwendung: 0x01cd46182af11512
Pfad
der fehlerhaften Anwendung: C:\Program Files (x86)\Pyro Studios\Imperial Glory\ImperialGlory.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Pyro Studios\Imperial Glory\ImperialGlory.exe
Berichtskennung:
9c332b75-b20e-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 05:47:56 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x14ec Startzeit der fehlerhaften Anwendung: 0x01cd4624eb8f4fc0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Call of Duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Call of
Duty 4\iw3mp.exe Berichtskennung: 30098019-b218-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 05:48:48 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x1198 Startzeit der fehlerhaften Anwendung: 0x01cd46250f38b59d Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\call of duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\call of
duty 4\iw3mp.exe Berichtskennung: 4f2a8db9-b218-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 05:50:24 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x1ae0 Startzeit der fehlerhaften Anwendung: 0x01cd462548fb7970 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\call of duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\call of
duty 4\iw3mp.exe Berichtskennung: 88496e06-b218-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 05:50:41 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x194c Startzeit der fehlerhaften Anwendung: 0x01cd4625523dc1f5 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\call of duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\call of
duty 4\iw3mp.exe Berichtskennung: 92d0975c-b218-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 05:52:19 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0027782e ID des fehlerhaften Prozesses:
0x1878 Startzeit der fehlerhaften Anwendung: 0x01cd462568c52598 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\SteamApps\common\call of duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\SteamApps\common\call of
duty 4\iw3mp.exe Berichtskennung: ccd1c4aa-b218-11e1-8d04-8c89a56d75a2

Error - 09.06.2012 06:16:31 | Computer Name = Mark-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iw3mp.exe, Version: 0.0.0.0, Zeitstempel:
0x4859a219 Name des fehlerhaften Moduls: pbcl.dll, Version: 0.0.0.0, Zeitstempel:
0x4fb16509 Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e8fd ID des fehlerhaften Prozesses:
0x14a8 Startzeit der fehlerhaften Anwendung: 0x01cd462657276f19 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\Steam\steamapps\common\Call of Duty 4\iw3mp.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\Steam\steamapps\common\Call of
Duty 4\pb\pbcl.dll Berichtskennung: 2e419824-b21c-11e1-8d04-8c89a56d75a2

[ System Events ]
Error - 27.03.2012 12:44:25 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 27.03.2012 12:44:26 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 27.03.2012 13:34:57 | Computer Name = Mark-PC | Source = bowser | ID = 8003
Description =

Error - 28.03.2012 11:15:52 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 28.03.2012 11:15:53 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 29.03.2012 08:36:39 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 29.03.2012 08:36:42 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 29.03.2012 13:06:22 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "atksgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 29.03.2012 13:06:24 | Computer Name = Mark-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "lirsgt" wurde aufgrund folgenden Fehlers nicht gestartet:
%%577

Error - 29.03.2012 13:47:45 | Computer Name = Mark-PC | Source = bowser | ID = 8003
Description =


< End of report >

Ich bedanke mich im Vorraus

Alt 15.06.2012, 07:52   #2
Psychotic
/// Malwareteam
 
Avira findet 2 TR/ATRAPS.Gen2 Trojaner - Standard

Avira findet 2 TR/ATRAPS.Gen2 Trojaner



CkScan


Downloade dir bitte CKScanner Wichtig: Speichere die Datei am Desktop.
  • Doppelklick auf die CKScanner.exe und klicke auf Search For Files.
  • Danach klick auf Save List To File.
  • Es wird eine Box aufpoppen was dir mitteilt das die Datei gespeichert wurde (file saved)
  • Öffne die CKFiles.txt auf deinem Desktop und poste den Inhalt hier.
__________________

__________________

Alt 15.06.2012, 12:35   #3
hansefred
 
Avira findet 2 TR/ATRAPS.Gen2 Trojaner - Standard

Avira findet 2 TR/ATRAPS.Gen2 Trojaner



Von ckfiles.txt:


CKScanner - Additional Security Risks - These are not necessarily bad
c:\program files\sony\vegas pro 11.0\sony.vegas11_64bit_keygen-patch.exe
c:\program files (x86)\corel\coreldraw essentials x5\custom data\bumpmap\cracks.cpt
c:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.cpp
c:\program files (x86)\microsoft directx sdk (june 2010)\samples\c++\direct3d\uvatlas\crackdecl.h
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\common\mp_cracked.ff
c:\program files (x86)\steam\steamapps\common\call of duty black ops\zone\german\ge_mp_cracked.ff
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-8868-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrack.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatest.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackalphatestshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncracklightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncracklightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetailcrackndetailncrackshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrack.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatest.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestlightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackalphatestshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncracklightmap.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncracklightmapshadow.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackpointlight.cfx
c:\users\mark\documents\battlefield play4free\mods\main\cache\{d7b71e3e-5104-11cf-a056-1e061fc2c535}_231771_4\rashaderstmbasedetaildirtcrackndetailncrackshadow.cfx
c:\users\mark\downloads\nero 7.11.10.0+keygen\nero 7 keygen.exe
c:\users\mark\downloads\nero 7.11.10.0+keygen\nero-7.11.10.0 final.exe
c:\users\mark\downloads\nero 7.11.10.0+keygen\_____padding_file_0_if you see this file, please update to bitcomet 0.85 or above____
c:\users\mark\downloads\sony vegas 11 (64bit)\sony vegas pro 11.0.370 64 bit patch keygen huoyuan\vegaspro11.0.371_64bit.exe
c:\users\mark\downloads\sony vegas 11 (64bit)\sony vegas pro 11.0.370 64 bit patch keygen huoyuan\crack\readmy.txt
c:\users\mark\downloads\sony vegas 11 (64bit)\sony vegas pro 11.0.370 64 bit patch keygen huoyuan\crack\sony.vegas11_64bit_keygen-patch.exe
c:\users\mark\downloads\unity3d 3.4.0 (cracked) [theleak]\theleak team.txt
c:\users\mark\downloads\unity3d 3.4.0 (cracked) [theleak]\unity3d 3.4\descript.ion
c:\users\mark\downloads\unity3d 3.4.0 (cracked) [theleak]\unity3d 3.4\theleak team.txt
c:\users\mark\downloads\unity3d 3.4.0 (cracked) [theleak]\unity3d 3.4\unitysetup-3.4.0.exe
c:\users\mark\downloads\unity3d 3.4.0 (cracked) [theleak]\unity3d 3.4\crack\unity.exe
c:\users\mark\downloads\unity3d 3.4.0 (cracked) [theleak]\unity3d 3.4\crack\unitylicence_3.4.0_win.ilf
c:\users\mark\downloads\v.1.3\keygen.exe
scanner sequence 3.ZZ.11.APNAVM
----- EOF -----
__________________

Alt 18.06.2012, 07:47   #4
Psychotic
/// Malwareteam
 
Avira findet 2 TR/ATRAPS.Gen2 Trojaner - Standard

Avira findet 2 TR/ATRAPS.Gen2 Trojaner



Zitat:
c:\users\mark\downloads\nero 7.11.10.0+keygen\nero 7 keygen.exe
c:\users\mark\downloads\nero 7.11.10.0+keygen\nero-7.11.10.0 final.exe
c:\users\mark\downloads\nero 7.11.10.0+keygen\_____padding_file_0_if you see this file, please update to bitcomet 0.85 or above____
c:\users\mark\downloads\sony vegas 11 (64bit)\sony vegas pro 11.0.370 64 bit patch keygen huoyuan\vegaspro11.0.371_64bit.exe
c:\users\mark\downloads\sony vegas 11 (64bit)\sony vegas pro 11.0.370 64 bit patch keygen huoyuan\crack\readmy.txt
c:\users\mark\downloads\sony vegas 11 (64bit)\sony vegas pro 11.0.370 64 bit patch keygen huoyuan\crack\sony.vegas11_64bit_keygen-patch.exe


Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren.

Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien )
Dies ist einer der Hauptursachen für Infektionen.

Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden.
Darum haben wir uns darauf geeinigt:

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________
Kein Asylrecht für Trojaner!

Proud Member of UNITE

Hinweis: Ich bin nur werktags erreichbar!
Anfragen über PM werden ignoriert!

Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board!

Alt 19.06.2012, 12:36   #5
hansefred
 
Avira findet 2 TR/ATRAPS.Gen2 Trojaner - Standard

Avira findet 2 TR/ATRAPS.Gen2 Trojaner



ok dann werde ich mal neuinstallieren


Antwort

Themen zu Avira findet 2 TR/ATRAPS.Gen2 Trojaner
00000008.@, akamai, alternate, antivir, avira, avira searchfree toolbar, babylon toolbar, babylontoolbar, bho, bonjour, call of duty, conduit, dateisystem, desktop, entfernen, error, firefox, flash player, format, frage, google, helper, heuristiks/extra, heuristiks/shuriken, hilfe bei trojaner, home, install.exe, launch, logfile, microsoft office starter 2010, msvcrt, nvidia update, object, pdf creator, programm, realtek, registry, rogue.windefender, rundll, searchscopes, security, software, spielen, teamspeak, tr/atraps.gen2, trojan.dropper.bcminer, trojane, trojaner, trojaner tr/atraps.gen, usb 3.0, version=1.0, viren entfernen, visual studio



Ähnliche Themen: Avira findet 2 TR/ATRAPS.Gen2 Trojaner


  1. Avira findet TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 01.12.2013 (17)
  2. Avira findet TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 30.11.2013 (1)
  3. Trojaner: tr/atraps.gen2, tr/atraps.gen, tr/atraps.gen3, tr/atraps.gen4, tr/atraps.gen5, tr/atraps.gen7 und services.exe virus
    Plagegeister aller Art und deren Bekämpfung - 11.01.2013 (29)
  4. Avira findet TR/Sirefef.16896 und TR/ATRAPS.Gen und TR/ATRAPS.Gen2 in Windows\Installer und W32/Patched.UA in Windows\System32\service.exe
    Plagegeister aller Art und deren Bekämpfung - 14.11.2012 (23)
  5. Avira findet TR/ATRAPS.Gen und TR/ATRAPS.Gen2
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (5)
  6. Avira findet TR/ATRAPS.Gen2 - Und nun?
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (4)
  7. Avira findet dauernd TR/ATRAPS.Gen und TR/ATRAPS.Gen2, was muss ich machen damit es verschwindet ?
    Plagegeister aller Art und deren Bekämpfung - 05.08.2012 (25)
  8. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  9. avira findet TR/Atraps.gen und TR/Atraps.gen2
    Plagegeister aller Art und deren Bekämpfung - 31.07.2012 (2)
  10. Von Avira gefundene Trojaner - TR/Crypt.ZPACK.Gen, TR/ATRAPS.Gen, TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Log-Analyse und Auswertung - 28.07.2012 (25)
  11. Avira findet ständig Viren ATRAPS.Gen ...Gen2 / BDS.Acess
    Log-Analyse und Auswertung - 23.07.2012 (2)
  12. Ich komme allein nicht weiter, Avira findet TR/ATRAPS.gen - TR/ATRAPS.Gen2 und BDS/ZAccess.T
    Plagegeister aller Art und deren Bekämpfung - 18.07.2012 (5)
  13. Antivir findet 4 Trojaner: TR/ATRAPS.Gen, TR/ATRAPS.Gen2, Sirefef.P.342, Dldr.Phdet.E.41
    Log-Analyse und Auswertung - 11.07.2012 (1)
  14. avira findet tr/atraps.gen und .gen2, kann nicht gelöscht werden
    Log-Analyse und Auswertung - 11.07.2012 (1)
  15. Avira findet ständig TR/ATRAPS.Gen2 TR/Sirefef.AG.35
    Plagegeister aller Art und deren Bekämpfung - 27.06.2012 (14)
  16. Avira findet ständig TR/Atraps.Gen2
    Plagegeister aller Art und deren Bekämpfung - 23.05.2012 (7)
  17. Avira: findet TR/ATRAPS.Gen2 in C:\WINDOWS\system32\odb.dll
    Plagegeister aller Art und deren Bekämpfung - 14.04.2011 (1)

Zum Thema Avira findet 2 TR/ATRAPS.Gen2 Trojaner - Hallo Trojaner-Board-Team, Mein Antivieren Programm Avira meldet immer wieder das ich von dem Trojaner TR/ATRAPS.Gen2 befallen bin. Entfernen funktioniert mit Avira nicht, der Trojaner taucht immer wieder auf. Ich wollte - Avira findet 2 TR/ATRAPS.Gen2 Trojaner...
Archiv
Du betrachtest: Avira findet 2 TR/ATRAPS.Gen2 Trojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.