Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Externe HD hat den Verschlüsselungstrojaner

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 17.06.2012, 14:38   #1
Warfare65
 
Externe HD  hat den Verschlüsselungstrojaner - Icon16

Externe HD hat den Verschlüsselungstrojaner



Hallo

Ich wurde auch ein Opfer von diesen Verschlüsselungstrojaner (UKASH).

Ich habe schon gestern eine Systemwiederherstellung von Laufwerk C: gemacht.
Musste aber feststellen das mein Externe HD immer noch nicht lesbar ist, siehe Screen-Shot auf dieser externen HD befinden sich alle wichtigen Infos. wie kann ich diese wieder herstellen das ich die Dateien wieder lesen kann.

Bitte helft mir.

Warfare

Bild: -ext_dat_wirrwar.jpg

Malwarebytes: Anhang 36322

OTL & Extras: Anhang 36323

Geändert von Warfare65 (17.06.2012 um 14:55 Uhr)

Alt 17.06.2012, 18:27   #2
Warfare65
 
Externe HD  hat den Verschlüsselungstrojaner - Beitrag

OTL & Extras & mbam-logs



Code:
ATTFilter
OTL logfile created on: 17.06.2012 14:57:40 - Run 3
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Warfare\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 54,96% Memory free
8,00 Gb Paging File | 5,85 Gb Available in Paging File | 73,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,94 Gb Total Space | 50,75 Gb Free Space | 44,15% Space Free | Partition Type: NTFS
Drive E: | 21,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,51 Gb Total Space | 252,38 Gb Free Space | 27,09% Space Free | Partition Type: NTFS
 
Computer Name: WARFARE-PC | User Name: Warfare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
PRC - C:\Users\Warfare\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe (Preventon Technologies Limited)
PRC - C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe (Preventon Technologies Limited)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
PRC - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\ProgramData\DatacardService\DCService.exe ()
 
 
========== Modules (No Company Name) ==========
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\63bc6e391de5014965039e100ce1e9d5\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppgooglenaclpluginchrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avutil-51.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avformat-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\avcodec-54.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll ()
MOD - C:\Users\Warfare\AppData\Local\Temp\feb59f87-baa7-4a0a-902c-c33cfc0feb21\CliSecureRT.dll ()
MOD - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll ()
 
 
========== Win32 Services (SafeList) ==========
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (AV Engine Scanning Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe ()
SRV - (AV Watch Service) -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe ()
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (Suite Service) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe (SPAMfighter ApS)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe ()
SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira GmbH)
SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira GmbH)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (DCService.exe) -- C:\ProgramData\DatacardService\DCService.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
DRV:64bit: - (AVFSFilter) -- C:\Windows\SysNative\drivers\avfsfilter.sys ()
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation)
DRV:64bit: - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation)
DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation)
DRV:64bit: - (ssadmdm) -- C:\Windows\SysNative\drivers\ssadmdm.sys (MCCI Corporation)
DRV:64bit: - (ssadbus) SAMSUNG Android USB Composite Device driver (WDM) -- C:\Windows\SysNative\drivers\ssadbus.sys (MCCI Corporation)
DRV:64bit: - (ssadmdfl) SAMSUNG Android USB Modem (Filter) -- C:\Windows\SysNative\drivers\ssadmdfl.sys (MCCI Corporation)
DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH)
DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (ewsercd) -- C:\Windows\SysNative\drivers\ewsercd.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (dgderdrv) -- C:\Windows\SysNative\drivers\dgderdrv.sys (Devguru Co., Ltd)
DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ewusbnet) -- C:\Windows\SysNative\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (ATI Technologies, Inc.)
DRV:64bit: - (hwdatacard) -- C:\Windows\SysNative\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (regi) -- C:\Windows\SysWOW64\drivers\regi.sys (InterVideo)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.gmx.net/br/ie9_startpage
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = https://service.gmx.net/de/cgi/g.fcgi/application/navigator?CUSTOMERNO=64077473&t=de1332385977.1330764348.bf7efd7c
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 13 A4 09 6B E1 CB 01  [binary data]
IE - HKCU\..\URLSearchHook:  - No CLSID value found
IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
IE - HKCU\..\SearchScopes,DefaultScope = {378E88C5-5D58-4753-9C38-533F5E41BA9B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{09038620-190C-402B-A92F-18864E6AB22F}: "URL" = hxxp://go.1und1.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{0FC594E6-877C-433A-B09A-BDDA338FCE74}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=971163&p={searchTerms}
IE - HKCU\..\SearchScopes\{378E88C5-5D58-4753-9C38-533F5E41BA9B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{40064957-18EB-412d-9146-3F57E8D92EEC}: "URL" = hxxp://go.gmx.net/br/ie9_search_pic/?su={searchTerms}
IE - HKCU\..\SearchScopes\{5A817CF6-92D5-4DE5-AC38-82DF8A73EF28}: "URL" = hxxp://go.gmx.net/tb/ie_searchplugin/?su={searchTerms}
IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
IE - HKCU\..\SearchScopes\{6B1D1FB7-7233-4F7C-802C-21A1DDB12754}: "URL" = hxxp://go.web.de/br/ie9_search_web/?su={searchTerms}
IE - HKCU\..\SearchScopes\{8D27B32E-89EE-460e-82D2-5FC354078EAD}: "URL" = hxxp://go.gmx.net/br/ie9_search_produkte/?su={searchTerms}
IE - HKCU\..\SearchScopes\{DCE59F23-A446-45a5-9459-E68FDC0DE38D}: "URL" = hxxp://go.gmx.net/br/ie9_search_maps/?su={searchTerms}
IE - HKCU\..\SearchScopes\{F6658E1C-7078-43EE-951A-5E6BA0B50A3C}: "URL" = hxxp://www.bing.com/search?FORM=WLETDF&PC=WLEM&q={searchTerms}&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/"
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Warfare\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( )
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx64\addon
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.16 08:20:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
 
[2011.03.22 18:10:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Warfare\AppData\Roaming\mozilla\Extensions
[2012.05.20 15:16:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Warfare\AppData\Roaming\mozilla\Firefox\Profiles\shabcuki.default\extensions
[2011.07.06 06:43:38 | 000,000,000 | ---D | M] (Default Manager) -- C:\Users\Warfare\AppData\Roaming\mozilla\Firefox\Profiles\shabcuki.default\extensions\DefaultManager@Microsoft
[2011.11.03 10:59:03 | 000,000,933 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\11-suche.xml
[2011.11.03 10:59:04 | 000,002,419 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\englische-ergebnisse.xml
[2011.08.11 23:00:39 | 000,010,525 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\gmx-suche.xml
[2012.06.13 22:51:16 | 000,001,056 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\icqplugin.xml
[2011.11.03 10:59:03 | 000,002,457 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\lastminute.xml
[2012.05.20 15:17:01 | 000,005,489 | ---- | M] () -- C:\Users\Warfare\AppData\Roaming\Mozilla\Firefox\Profiles\shabcuki.default\searchplugins\webde-suche.xml
[2011.11.09 16:04:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.01.06 09:48:25 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\WARFARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHABCUKI.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012.05.20 15:16:59 | 000,574,144 | ---- | M] () (No name found) -- C:\USERS\WARFARE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\SHABCUKI.DEFAULT\EXTENSIONS\TOOLBAR@GMX.NET.XPI
[2012.06.16 08:20:23 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.11.09 10:30:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.11.09 10:30:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.11.09 10:30:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.05.22 20:10:41 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src
[2011.11.09 10:30:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.11.09 10:30:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.11.09 10:30:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms}
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\19.0.1084.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.260.3 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U26 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Protect Disc License Acquisition Plugin (Enabled) = C:\Users\Warfare\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Google Mail = C:\Users\Warfare\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (GMX Konfiguration) - {17166733-40EA-4432-A85C-AE672FF0E236} - C:\ProgramData\1und1InternetExplorerAddon\BHOXML.dll (1&1 Mail & Media GmbH)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (GMX Toolbar BHO) - {BF42D4A8-016E-4fcd-B1EB-837659FD77C6} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ)
O3 - HKLM\..\Toolbar: (GMX Toolbar) - {C424171E-592A-415a-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O3 - HKCU\..\Toolbar\WebBrowser: (GMX Toolbar) - {C424171E-592A-415A-9EB1-DFD6D95D3530} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NWEReboot]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe (SPAMfighter)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 10.5.0)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF0BCC49-7330-4970-A3F2-1C60341ADCDB}: NameServer = 193.189.244.225 193.189.244.206
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C889EE2D-B913-4291-8AE5-8D9F32278D48}: NameServer = 193.189.244.225 193.189.244.206
O18:64bit: - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Programme\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\gmx {8FAF0273-9CA8-4efc-9536-1E35E254D5CD} - C:\Program Files (x86)\GMX Toolbar\IE\uitb.dll (1und1 Mail und Media GmbH)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.08.20 10:49:08 | 000,126,976 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ]
O32 - AutoRun File - [2009.05.17 01:26:42 | 000,000,047 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{1156ee98-3168-11e0-b1d4-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{1156ee98-3168-11e0-b1d4-001a4d50a21c}\Shell\AutoRun\command - "" = G:\Setupx.exe
O33 - MountPoints2\{3816b30f-dfd3-11e0-9549-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{3816b30f-dfd3-11e0-9549-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{3a3fc955-91bd-11e0-954f-001e101f4da1}\Shell - "" = AutoRun
O33 - MountPoints2\{3a3fc955-91bd-11e0-954f-001e101f4da1}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{408d2b0e-6229-11e1-bdfc-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{408d2b0e-6229-11e1-bdfc-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{408d2b19-6229-11e1-bdfc-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{408d2b19-6229-11e1-bdfc-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{4947c6bd-458e-11e0-9872-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{4947c6bd-458e-11e0-9872-001e101fb45e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{4947c6dc-458e-11e0-9872-001e101fb45e}\Shell - "" = AutoRun
O33 - MountPoints2\{4947c6dc-458e-11e0-9872-001e101fb45e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{50be4018-3bf3-11e0-9b9b-001e101f82a7}\Shell - "" = AutoRun
O33 - MountPoints2\{50be4018-3bf3-11e0-9b9b-001e101f82a7}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{577653cf-6211-11e1-a060-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{577653cf-6211-11e1-a060-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{577653f4-6211-11e1-a060-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{577653f4-6211-11e1-a060-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{77d63c85-375a-11e0-9790-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{77d63c85-375a-11e0-9790-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{7ec472e4-906f-11e0-a629-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{7ec472e4-906f-11e0-a629-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{811f9161-ce86-11e0-97d6-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{811f9161-ce86-11e0-97d6-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{9764322a-78e6-11e0-a189-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{9764322a-78e6-11e0-a189-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{97643238-78e6-11e0-a189-001e101f57d0}\Shell - "" = AutoRun
O33 - MountPoints2\{97643238-78e6-11e0-a189-001e101f57d0}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{97a1e789-1dac-11e1-b34f-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{97a1e789-1dac-11e1-b34f-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{9bc45787-6238-11e1-90a0-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{9bc45787-6238-11e1-90a0-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{a86a9ea7-7a43-11e0-8a22-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{a86a9ea7-7a43-11e0-8a22-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{ad032663-38ba-11e0-8388-001e101f8924}\Shell - "" = AutoRun
O33 - MountPoints2\{ad032663-38ba-11e0-8388-001e101f8924}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c60687de-78a0-11e0-9d11-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{c60687de-78a0-11e0-9d11-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{c8677eee-36f5-11e0-9400-001e101fe70e}\Shell - "" = AutoRun
O33 - MountPoints2\{c8677eee-36f5-11e0-9400-001e101fe70e}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{d17a1b49-9d4a-11e0-82d3-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{d17a1b49-9d4a-11e0-82d3-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{d17a1b54-9d4a-11e0-82d3-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{d17a1b54-9d4a-11e0-82d3-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{d741c33b-5314-11e1-9dc8-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{d741c33b-5314-11e1-9dc8-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{dd7e0f2f-a1b7-11e0-807b-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{dd7e0f2f-a1b7-11e0-807b-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\{df84d1ca-e76a-11e0-9cf3-001e101fb4df}\Shell - "" = AutoRun
O33 - MountPoints2\{df84d1ca-e76a-11e0-9cf3-001e101fb4df}\Shell\AutoRun\command - "" = C:\Windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\Start.hta
O33 - MountPoints2\{ed40318c-30c0-11e0-bf5c-001a4d50a21c}\Shell - "" = AutoRun
O33 - MountPoints2\{ed40318c-30c0-11e0-bf5c-001a4d50a21c}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\Setup.EXE
O33 - MountPoints2\D\Shell\verb0\command - "" = \SETUP.EXE
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.08.20 10:49:08 | 000,126,976 | R--- | M] ()
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.06.17 13:51:03 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\Malwarebytes
[2012.06.17 13:50:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.06.17 13:50:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.06.17 13:50:34 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.17 13:50:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.06.17 13:42:27 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\JPEGsnoop
[2012.06.17 12:06:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2012.06.17 10:42:45 | 000,000,000 | ---D | C] -- C:\ProgramData\clp
[2012.06.17 10:42:40 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Warfare\Desktop\OTL.exe
[2012.06.17 10:42:25 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\Fighters
[2012.06.17 10:42:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fighters
[2012.06.17 10:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite
[2012.06.17 10:41:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters
[2012.06.17 10:41:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite
[2012.06.17 10:39:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters
[2012.06.17 10:03:26 | 000,000,000 | ---D | C] -- C:\Program Files\Sony
[2012.06.17 09:48:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony
[2012.06.17 09:47:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SWF Studio
[2012.06.16 08:20:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.06.16 08:20:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2012.06.14 05:42:41 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Roaming\Apple Computer
[2012.06.13 23:20:12 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Local\Macromedia
[2012.06.13 23:19:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2012.06.13 23:19:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2012.06.13 23:19:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2012.06.13 23:17:30 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2012.06.13 23:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime
[2012.06.13 23:15:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.06.13 23:14:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple
[2012.06.13 23:14:14 | 000,000,000 | ---D | C] -- C:\Users\Warfare\AppData\Local\Apple
[2012.06.13 23:14:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update
[2012.06.13 23:14:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple
[2012.06.13 23:11:34 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee
[2012.06.13 21:18:38 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\Outlook-Dateien
[2012.05.20 14:09:00 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\Star Wars - The Old Republic
[2012.05.20 08:54:24 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\HeroBlade Logs
[2012.05.20 08:37:44 | 000,000,000 | ---D | C] -- C:\Users\Warfare\Documents\InterVideo
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Warfare\Documents\*.tmp files -> C:\Users\Warfare\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.06.17 14:48:48 | 014,492,672 | ---- | M] () -- C:\Users\Warfare\Documents\Outlook.pst
[2012.06.17 14:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.17 14:27:46 | 000,000,000 | ---- | M] () -- C:\Users\Warfare\defogger_reenable
[2012.06.17 14:10:21 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 14:10:21 | 000,020,480 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.06.17 14:07:52 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.06.17 14:05:20 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.06.17 14:04:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.06.17 14:04:50 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys
[2012.06.17 13:50:58 | 000,001,074 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 12:16:37 | 000,000,000 | ---- | M] () -- C:\Users\Warfare\Desktop\Neue Bitmap.bmp
[2012.06.17 11:52:54 | 000,011,816 | ---- | M] () -- C:\Users\Warfare\Documents\cc_20120617_115242.reg
[2012.06.17 10:43:02 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Warfare\Desktop\OTL.exe
[2012.06.17 10:42:22 | 000,001,963 | ---- | M] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.06.17 08:12:35 | 000,003,424 | ---- | M] () -- C:\bootsqm.dat
[2012.06.14 19:49:32 | 001,643,132 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.06.14 19:49:32 | 000,700,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.06.14 19:49:32 | 000,655,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.06.14 19:49:32 | 000,149,154 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.06.14 19:49:32 | 000,121,942 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.06.14 19:12:57 | 000,484,368 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.05.30 11:48:18 | 000,013,720 | ---- | M] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Users\Warfare\Documents\*.tmp files -> C:\Users\Warfare\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
[2012.06.17 14:27:46 | 000,000,000 | ---- | C] () -- C:\Users\Warfare\defogger_reenable
[2012.06.17 13:50:58 | 000,001,074 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.06.17 12:16:37 | 000,000,000 | ---- | C] () -- C:\Users\Warfare\Desktop\Neue Bitmap.bmp
[2012.06.17 11:52:51 | 000,011,816 | ---- | C] () -- C:\Users\Warfare\Documents\cc_20120617_115242.reg
[2012.06.17 10:42:22 | 000,001,963 | ---- | C] () -- C:\Users\Public\Desktop\SPYWAREfighter.lnk
[2012.06.17 08:12:35 | 000,003,424 | ---- | C] () -- C:\bootsqm.dat
[2012.06.13 23:14:12 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
[2012.06.13 23:11:31 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.06.13 21:20:35 | 014,492,672 | ---- | C] () -- C:\Users\Warfare\Documents\Outlook.pst
[2012.06.13 21:07:45 | 3220,037,632 | -HS- | C] () -- C:\hiberfil.sys
[2012.05.30 11:48:18 | 000,013,720 | ---- | C] () -- C:\Windows\SysNative\drivers\avfsfilter.sys
[2012.02.27 11:51:17 | 000,000,116 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2012.02.27 11:36:51 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.11 21:15:08 | 000,000,032 | ---- | C] () -- C:\Windows\Menu.INI
[2011.07.01 13:07:10 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.28 07:07:38 | 000,013,824 | ---- | C] () -- C:\Users\Warfare\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.08 11:02:55 | 000,006,550 | ---- | C] () -- C:\Windows\jautoexp.dat
[2011.04.29 16:56:22 | 001,599,034 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.04.27 14:19:32 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2011.04.27 14:19:30 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2011.04.27 14:19:30 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2011.04.27 14:19:30 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2011.04.27 14:19:30 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2011.03.25 15:42:04 | 000,000,038 | ---- | C] () -- C:\Windows\SysWow64\ZX9EQJT7_{42C8934A-382D-4E78-85E8-6043EC9B17BC}.dat
[2011.02.26 21:25:01 | 000,007,610 | ---- | C] () -- C:\Users\Warfare\AppData\Local\Resmon.ResmonCfg
 
========== LOP Check ==========
[2011.05.20 14:50:50 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\1&1 Mail & Media GmbH
[2011.12.02 13:18:29 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\elsterformular
[2012.06.17 10:42:53 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Fighters
[2012.03.17 23:53:15 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\ICQ
[2011.03.12 09:14:55 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\InterVideo
[2012.06.17 13:42:27 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\JPEGsnoop
[2011.07.02 21:46:36 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Lexware
[2012.06.17 15:02:46 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\NetSpeedMonitor
[2011.10.11 18:05:54 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\ProtectDisc
[2011.06.28 07:05:37 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Samsung
[2011.06.18 12:34:28 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Telefónica
[2011.02.13 01:16:45 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Telekom
[2011.02.13 01:31:28 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\Telekom Internet Manager
[2012.06.13 22:48:07 | 000,000,000 | ---D | M] -- C:\Users\Warfare\AppData\Roaming\TS3Client
[2012.03.28 16:49:07 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 121 bytes -> C:\ProgramData\Temp:A0F9C283

End of report
         
Code:
ATTFilter
OTL Extras logfile created on: 17.06.2012 13:06:21 - Run 2
OTL by OldTimer - Version 3.2.49.0     Folder = C:\Users\Warfare\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,09 Gb Available Physical Memory | 52,36% Memory free
8,00 Gb Paging File | 5,31 Gb Available in Paging File | 66,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 114,94 Gb Total Space | 50,87 Gb Free Space | 44,26% Space Free | Partition Type: NTFS
Drive E: | 21,85 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive H: | 931,51 Gb Total Space | 252,38 Gb Free Space | 27,09% Space Free | Partition Type: NTFS
 
Computer Name: WARFARE-PC | User Name: Warfare | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [scan_with_SPYWAREfighter] -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe /scan "%1" (SPAMfighter)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{01AC4F52-AD66-4A70-9274-E474D9B5C70C}" = lport=445 | protocol=6 | dir=in | app=system | 
"{1EBE44D1-0ED5-4F96-B74E-421789043792}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2D16AA8F-D40B-48E8-A6ED-4817FD276556}" = lport=137 | protocol=17 | dir=in | app=system | 
"{2D7FBABB-576C-4D03-883F-93D1D4373A3B}" = lport=139 | protocol=6 | dir=in | app=system | 
"{3961053F-3873-4244-AAB5-B2C7F0913D83}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{3BADB66D-78E2-40B5-A403-57D1723069C2}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{42ABD6E8-4B30-402C-AD27-BB0781A517E9}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4DB6B258-9626-4C0E-810C-3ECFF1C3CB51}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{66D70630-B7D5-4351-85FA-608CE194A3BC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{67EF37FE-5471-48DA-8773-0F3014E507E5}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7795E123-2B05-428A-8989-8ADC54D0C1C7}" = rport=138 | protocol=17 | dir=out | app=system | 
"{826064B9-083F-4165-B26B-B7E5CCDF6299}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{8BAA0D7A-4A25-4AD9-AE8B-2DE851EAC3BB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{9DC1D282-F73C-45F1-9812-A9465B0CDB71}" = rport=137 | protocol=17 | dir=out | app=system | 
"{B65F25E6-A100-4CF6-84A3-BCE4F8AF8B3B}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | 
"{CE437454-8893-4EF3-807D-78CA48F346C1}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{D67917C4-B0D4-4C9B-9809-F5D48CE2E943}" = lport=49266 | protocol=6 | dir=in | name=akamai netsession interface | 
"{EFF5B703-6E4F-4D3B-8DEA-C91C35C7DE8F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F2FD14BD-F4FB-41FB-9685-84981EA35FDC}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00220555-5309-40FD-A1B7-B857F8CADD12}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{045D3BE1-EED7-4171-AFC6-AF1D9B64D7E5}" = protocol=17 | dir=in | app=f:\world of warcraft\launcher.exe | 
"{08248938-AB1D-4EC3-92A9-CFE4C567296A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{102D0CD3-068F-4851-A68E-796DEF1625D7}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{1D8126CE-54E5-4E10-BF5F-0D056A402636}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1EE25F5A-0E52-4818-A9D2-D1ECD1C9E58D}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{250F2730-1F4D-4572-B26F-8C34370C9EE3}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{25234D62-57F2-4BD5-9430-38625E56317A}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{27FCDCEF-8748-46C5-8F7D-787FDF3DFDBB}" = protocol=6 | dir=in | app=c:\users\warfare\appdata\local\apps\2.0\43p4woh6.60n\o6bh9226.31n\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe | 
"{440CC541-DDE6-410D-8A9F-D3F5C017CB17}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe | 
"{580C892C-9EC3-4022-BDAB-0756B1A143C7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{683080B8-8998-4FB2-8B15-0A17B1788D25}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{6A96B4B6-8F0F-4DA6-AF38-440D7B1DF2D2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"{6B25795C-21C5-4D35-A4B9-73193322A29E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{6E64EA09-BFF0-4BDA-B865-D2C5D1F4BAD6}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{6FEEEFE4-7F27-44A0-9847-B389BB17B937}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{85C984C2-B987-42B7-9CBF-492DDDCA45E5}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{9AC01B37-C031-4035-9B4E-59C35A8DE8E2}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{9B60C666-097C-4E8E-8629-33C3A0795326}" = protocol=17 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"{A40EC9BA-C400-4409-B671-9B3C4A931BB7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{A874DF1B-ACE1-41A8-92FA-44AB832D68DE}" = protocol=17 | dir=in | app=c:\users\warfare\appdata\local\apps\2.0\43p4woh6.60n\o6bh9226.31n\curs..tion_eee711038731a406_0004.0000_0d453ed5fea2fe48\curseclient.exe | 
"{AF0E3A09-A97B-433D-AB23-9BBBA5A01931}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{C70A0CE0-DED3-4723-9D9C-53475E2A16BB}" = protocol=6 | dir=in | app=f:\world of warcraft\launcher.exe | 
"{C82F2631-9CD5-4497-B370-ACDEAABB23C4}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | 
"{C96DF054-57C5-4F17-BC91-4E68C2C5BE90}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{CA8D95C2-2981-44B5-B127-2BC7A07E849D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CBBFB401-E476-48E6-840E-23E3A54E11EC}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{D6041F91-5AEA-4A17-8047-EB16B06F5A77}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe | 
"{DFBC3AA6-B9C0-45EC-94A3-46D088385267}" = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{E78FD64B-5F8A-4875-B475-F8D065E2698A}" = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe | 
"{ECB8FC23-E142-43F3-947B-E80B30EAA321}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\swtor\retailclient\swtor.exe | 
"{FF109719-7CAE-4DC7-9A2D-BB614A630DC8}" = protocol=6 | dir=in | app=c:\program files (x86)\icq7.7\icq.exe | 
"TCP Query User{1BCB0CB9-6B88-46C0-BCBB-65FF95CDB458}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
"TCP Query User{A4B41B05-5245-45BA-89B9-183B998DCE42}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"TCP Query User{A68F8365-D5F3-4BC8-BA24-6EECE8ED129B}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=6 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe | 
"UDP Query User{25B4A70C-DA04-490A-A37A-C6F32F56D2C5}C:\program files (x86)\corel\graphics10\register\navbrowser.exe" = protocol=17 | dir=in | app=c:\program files (x86)\corel\graphics10\register\navbrowser.exe | 
"UDP Query User{787E8FE7-D0C0-49DB-9E50-B2F3525C5F95}C:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\bioware\star wars - the old republic\launcher.exe | 
"UDP Query User{BE051F04-0A7F-4B90-BEC0-84265115D230}C:\program files (x86)\sony\station\launchpad\launchpad.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sony\station\launchpad\launchpad.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1B8ABA62-74F0-47ED-B18C-A43128E591B8}" = Windows Live ID Sign-in Assistant
"{1C55470A-7C9E-4C63-B466-6AFFC69E94E9}" = Windows Live Family Safety
"{26A24AE4-039D-4CA4-87B4-2F86417005FF}" = Java(TM) 7 Update 5 (64-bit)
"{391ED0B2-B886-A6D0-B1A6-C25A7FE5B452}" = ATI AVIVO64 Codecs
"{46A5FBE9-ADB3-4493-A1CC-B4CFFD24D26A}" = Windows Live Family Safety
"{47FBE83E-4AE6-4E4C-A9AA-F5838E1FF925}" = GMX Toolbar MSVC100 CRT x64
"{4A1FCB72-812A-4096-8713-F1BB101A904E}" = Microsoft SQL Server Native Client
"{4F8A27CA-6788-7965-3259-5C3B9C37FCD8}" = ATI Problem Report Wizard
"{60A95961-E9F4-17C6-2A91-578C34ED9A0C}" = ATI Catalyst Install Manager
"{6DF41AAD-B5F7-84BE-37F5-4C93184F5FBE}" = ccc-utility64
"{83ED5086-5D6B-698F-5CD4-2F631DA8FD69}" = AMD Drag and Drop Transcoding
"{88F41EE2-949B-4B52-933D-C7F8F67BC1D2}" = NetSpeedMonitor 2.5.4.0 x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 266.58
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D07A61E5-A59C-433C-BCBD-22025FA2287B}" = Windows Live Language Selector
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0471C553-36C2-E7A0-7489-E99CD3F9683C}" = CCC Help Chinese Standard
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{06B91450-DDDE-4023-9CD3-B693C4B5A12A}" = Fighters
"{07629207-FAA0-4F1A-8092-BF5085BE511F}" = Unterstützungsdateien für das Microsoft SQL Server-Setup (Englisch)
"{07BFA98D-6DB0-6D9C-95D5-7EF347AF587B}" = HydraVision
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0BD171A4-7DAC-A12B-14E3-E33DA0B6FE6A}" = CCC Help Finnish
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{1D33BBA9-75E5-7B82-9776-277DEA2C4BA2}" = Catalyst Control Center Graphics Previews Vista
"{1D4BA420-070F-3F9B-4969-126689978A98}" = CCC Help Greek
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{2198B991-FCB1-F74E-26C9-5F7127B9DB0F}" = ccc-core-static
"{26A24AE4-039D-4CA4-87B4-2F83216026FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java(TM) 6 Update 2
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B11D799-48E0-48ED-BFD7-EA655676D8BB}" = Star Wars: The Old Republic
"{3ED6B766-BDF2-F30F-F18E-16BA10ABA22A}" = CCC Help French
"{3F0BBF8C-9BAF-5F16-A2BF-B513D528F1B9}" = Catalyst Control Center Graphics Previews Common
"{469032A5-C6F3-CE61-67B1-F8820B747401}" = Application Profiles
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{516D7330-6BA3-6E53-9C7A-F50666C758E0}" = CCC Help Swedish
"{59624372-3B85-47f4-9B04-4911E551DF1E}" = Lexware Info Service
"{5B4383F2-37EE-4E97-AD81-F5FF76F286DA}" = OutlookAddInNet3Setup
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{66391B4E-194D-C20E-F1E5-D7222F1A8104}" = CCC Help Turkish
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6D1496ED-3150-FCD5-CA3B-4C08B89D00D0}" = Catalyst Control Center Localization All
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77CD6B28-D387-9905-EF5B-78BF8AF722C6}" = CCC Help Chinese Traditional
"{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE}" = ICQ7.7
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{873E4648-6F6E-47F6-A7B2-A6F8DFABDCE6}" = Windows Live Messenger
"{8A54BB79-658E-84A4-FBB7-93FD1EB20174}" = CCC Help Danish
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8DD59B6E-6FC4-4CDC-896D-2FDF19CBE70B}" = DDBAC
"{8F7C09A4-EBAE-11D3-A9AF-005004D2ECE4}" = Attune 2.3.2
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{92482FB3-C05B-41C6-89E7-75D985602A6E}" = System Requirements Lab
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95140000-007D-0409-0000-0000000FF1CE}" = Microsoft Outlook Social Connector Provider for Windows Live Messenger 32-bit
"{95140000-007F-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DC1A9BA-070A-455F-8AC3-62587524ADFB}" = Quicken 2011 - ServicePack 4
"{9E50DEC9-081B-441F-B647-98DBEA8B01DD}" = CorelDRAW 10
"{A0855EE1-F653-3A5A-C7AF-D6CC3BF7A506}" = Catalyst Control Center InstallProxy
"{A0D2B948-BB85-589F-D283-2145A54BB11B}" = CCC Help English
"{A13D9E3A-B31D-4E69-8681-EDB7AA02E365}" = Quicken Import Export Server 2011
"{A48A1D1C-307A-46F9-983E-9762863D15F1}" = GMX Toolbar MSVC100 CRT x86
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{A9C4FF3C-C5E5-07F7-AD5D-C26C2B41CFF3}" = CCC Help Dutch
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABA5FB59-633D-23B0-5841-D11A7B97C624}" = CCC Help Hungarian
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.2) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{B0F9D227-9243-E2E6-21CE-7FB9528202C5}" = CCC Help Norwegian
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1D6F9CC-55FC-CD82-1D5C-BF725BF9311E}" = CCC Help Portuguese
"{B282CB34-95CC-06B2-DFBC-07617F722837}" = CCC Help Spanish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"{DD1865F0-AD73-40FB-B23E-1822E02396FF}" = NVIDIA PhysX
"{DDA34038-89BD-4804-B0B8-DC48D5DFB463}" = Catalyst Control Center - Branding
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken 2011
"{E342FAD9-ACA4-BE69-D78C-F26CDF6DC9DC}" = CCC Help Italian
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{EB4DF488-AAEF-406F-A341-CB2AAA315B90}" = Windows Live Messenger
"{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support
"{EC2F8A30-787F-4DA5-9A8F-8E7DFE777CC2}" = Servicepack Datumsaktualisierung
"{ED9E5BCC-371A-5BE1-6DC6-CF7D8DC9A2B7}" = CCC Help Czech
"{EF829AE4-69BB-F791-F3DF-C6CBF8942881}" = CCC Help Korean
"{EFF33410-5603-B27E-778A-7AB406C7A785}" = CCC Help Japanese
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F241F4AB-9D50-52E4-6CA5-D1EA5A0713BC}" = CCC Help Russian
"{F3F8BEC4-1D0E-9E50-0AF6-54A16094C92E}" = CCC Help German
"{F6995FC4-2D91-4169-B3C4-7C51B7123902}" = Lexware online banking
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FA39D1A0-3B11-AF64-5EF0-1DBC97F47075}" = CCC Help Thai
"{FD20D0EA-5F36-5870-26EC-5CA842E8C713}" = CCC Help Polish
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"1&1 Mail & Media GmbH 1und1InternetExplorerAddon" = GMX Internet Explorer Addon
"1&1 Mail & Media GmbH Toolbar FF" = GMX Toolbar für Mozilla Firefox
"1&1 Mail & Media GmbH Toolbar IE8" = GMX Toolbar für Internet Explorer
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"BewerbungsGenie 7_is1" = DATA BECKER BewerbungsGenie 7
"CorelDRAW 10" = CorelDRAW 10
"ElsterFormular 12.4.0.7094p" = ElsterFormular
"Google Chrome" = Google Chrome
"ICQToolbar" = ICQ Toolbar
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"InstallShield_{758C8301-2696-4855-AF45-534B1200980A}" = Samsung Kies
"InstallShield_{D7A0A22A-C132-4B6F-8D68-67B95117DE93}" = RIFT
"InstallShield_{E259DE5F-4980-4882-85D0-312F82721ED5}" = Quicken Deluxe 2011
"Mobile Partner" = Mobile Partner
"Mozilla Firefox 12.0 (x86 de)" = Mozilla Firefox 12.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"SPYWAREfighter" = SPYWAREfighter
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"The KMPlayer" = The KMPlayer (remove only)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.7
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"090215de958f1060" = Curse Client
"MyFreeCodec" = MyFreeCodec
"Protect Disc License Helper" = Protect Disc License Helper 1.0.125 (IE)
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 30.10.2011 08:11:28 | Computer Name = Warfare-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 30.10.2011 10:39:15 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: riftpatchlive.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4e956f17  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.6.2.0,
 Zeitstempel: 0x4d239522  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022629  ID des fehlerhaften
 Prozesses: 0x135c  Startzeit der fehlerhaften Anwendung: 0x01cc970308ea7673  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\RIFT Game\riftpatchlive.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\RIFT Game\QtCore4.dll  Berichtskennung:
 f072f43e-0304-11e1-922b-001e101f82a7
 
Error - 31.10.2011 08:35:50 | Computer Name = Warfare-PC | Source = Windows Backup | ID = 4103
Description = 
 
Error - 04.11.2011 13:26:37 | Computer Name = Warfare-PC | Source = .NET Runtime Optimization Service | ID = 1101
Description = 
 
Error - 05.11.2011 19:44:54 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: riftpatchlive.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4e956f17  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.6.2.0,
 Zeitstempel: 0x4d239522  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022629  ID des fehlerhaften
 Prozesses: 0xd14  Startzeit der fehlerhaften Anwendung: 0x01cc9c14d0b61555  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\RIFT Game\riftpatchlive.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\RIFT Game\QtCore4.dll  Berichtskennung:
 28cd402f-0808-11e1-bf14-001e101fb45e
 
Error - 19.11.2011 13:02:53 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAYMAN.exe, Version: 7.0.2.85, Zeitstempel:
 0x37489012  Name des fehlerhaften Moduls: MacroMix.x32, Version: 7.0.1.39, Zeitstempel:
 0x36e64b9e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004d66  ID des fehlerhaften Prozesses:
 0xeec  Startzeit der fehlerhaften Anwendung: 0x01cca6dcfec0e790  Pfad der fehlerhaften
 Anwendung: D:\RAYMAN.exe  Pfad des fehlerhaften Moduls: D:\xtras\MacroMix.x32  Berichtskennung:
 515c4547-12d0-11e1-8f20-001e101fde3a
 
Error - 19.11.2011 13:24:25 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAYMAN.exe, Version: 7.0.2.85, Zeitstempel:
 0x37489012  Name des fehlerhaften Moduls: MacroMix.x32, Version: 7.0.1.39, Zeitstempel:
 0x36e64b9e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00004d66  ID des fehlerhaften Prozesses:
 0x130c  Startzeit der fehlerhaften Anwendung: 0x01cca6dfacf072a9  Pfad der fehlerhaften
 Anwendung: D:\RAYMAN.exe  Pfad des fehlerhaften Moduls: D:\xtras\MacroMix.x32  Berichtskennung:
 53683a76-12d3-11e1-8f20-001e101fde3a
 
Error - 19.11.2011 13:25:21 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: RAYMAN.exe, Version: 7.0.2.85, Zeitstempel:
 0x37489012  Name des fehlerhaften Moduls: MacroMix.x32, Version: 7.0.1.39, Zeitstempel:
 0x36e64b9e  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00006447  ID des fehlerhaften Prozesses:
 0x1240  Startzeit der fehlerhaften Anwendung: 0x01cca6e0234a1ae9  Pfad der fehlerhaften
 Anwendung: D:\RAYMAN.exe  Pfad des fehlerhaften Moduls: D:\xtras\MacroMix.x32  Berichtskennung:
 7504721c-12d3-11e1-8f20-001e101fde3a
 
Error - 26.11.2011 14:04:01 | Computer Name = Warfare-PC | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: 67c    Startzeit: 01ccac658cb6b567    Endzeit: 16    Anwendungspfad: 
C:\Windows\Explorer.EXE    Berichts-ID: fd09c3f8-1858-11e1-926a-001e101fe5e1  
 
Error - 30.11.2011 12:40:17 | Computer Name = Warfare-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: riftpatchlive.exe, Version: 1.0.0.0,
 Zeitstempel: 0x4e956f17  Name des fehlerhaften Moduls: QtCore4.dll, Version: 4.6.2.0,
 Zeitstempel: 0x4d239522  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00022629  ID des fehlerhaften
 Prozesses: 0x1228  Startzeit der fehlerhaften Anwendung: 0x01ccaf7e91515344  Pfad der
 fehlerhaften Anwendung: C:\Program Files (x86)\RIFT Game\riftpatchlive.exe  Pfad 
des fehlerhaften Moduls: C:\Program Files (x86)\RIFT Game\QtCore4.dll  Berichtskennung:
 fbd374d8-1b71-11e1-b3af-001e101f36d9
 
[ Media Center Events ]
Error - 29.11.2011 11:29:31 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 16:29:31 - Fehler beim Herstellen der Internetverbindung.  16:29:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 04.12.2011 06:19:17 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 11:19:16 - Fehler beim Herstellen der Internetverbindung.  11:19:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.12.2011 03:35:52 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 08:35:52 - Fehler beim Herstellen der Internetverbindung.  08:35:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.12.2011 04:35:57 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 09:35:57 - Fehler beim Herstellen der Internetverbindung.  09:35:57 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.12.2011 05:36:02 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 10:36:02 - Fehler beim Herstellen der Internetverbindung.  10:36:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 09.12.2011 06:36:07 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 11:36:07 - Fehler beim Herstellen der Internetverbindung.  11:36:07 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 14.12.2011 03:12:24 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 08:12:24 - Fehler beim Herstellen der Internetverbindung.  08:12:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 18.01.2012 03:37:01 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 08:37:01 - Fehler beim Herstellen der Internetverbindung.  08:37:01 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.01.2012 22:59:14 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 03:59:13 - Fehler beim Herstellen der Internetverbindung.  03:59:13 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 22.01.2012 23:59:18 | Computer Name = Warfare-PC | Source = MCUpdate | ID = 0
Description = 04:59:18 - Fehler beim Herstellen der Internetverbindung.  04:59:18 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 17.06.2012 07:09:02 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 5 Mal passiert.
 
Error - 17.06.2012 07:10:23 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 6 Mal passiert.
 
Error - 17.06.2012 07:11:44 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 7 Mal passiert.
 
Error - 17.06.2012 07:13:05 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 8 Mal passiert.
 
Error - 17.06.2012 07:14:26 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 9 Mal passiert.
 
Error - 17.06.2012 07:15:47 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 10 Mal passiert.
 
Error - 17.06.2012 07:17:09 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 11 Mal passiert.
 
Error - 17.06.2012 07:18:30 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 12 Mal passiert.
 
Error - 17.06.2012 07:19:52 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 13 Mal passiert.
 
Error - 17.06.2012 07:21:13 | Computer Name = Warfare-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "AV Engine Scanning Service" wurde unerwartet beendet. Dies
 ist bereits 14 Mal passiert.
 
 
< End of report >
         

Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.61.0.1400
www.malwarebytes.org

Datenbank Version: v2012.06.17.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Warfare :: WARFARE-PC [Administrator]

Schutz: Aktiviert

17.06.2012 13:53:01
mbam-log-2012-06-17 (13-53-01).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 207136
Laufzeit: 6 Minute(n), 51 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Windows\AutoKMS.exe (RiskWare.Tool.CK) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)
         
__________________


Geändert von Warfare65 (17.06.2012 um 18:31 Uhr) Grund: posting in code format

Alt 18.06.2012, 21:58   #3
Warfare65
 
Externe HD  hat den Verschlüsselungstrojaner - Standard

Externe HD hat den Verschlüsselungstrojaner



__________________
Miniaturansicht angehängter Grafiken
-baer_140.jpg  

Alt 20.06.2012, 15:49   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Externe HD  hat den Verschlüsselungstrojaner - Standard

Externe HD hat den Verschlüsselungstrojaner



Code:
ATTFilter
C:\Windows\AutoKMS.exe (RiskWare.Tool.CK)
         


Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials

Antwort

Themen zu Externe HD hat den Verschlüsselungstrojaner
befinden, dateien, ellung, externe, externe hd, externen, extras, feststellen, gestern, helft, herstellen, laufwerk, laufwerk c, lesbar, opfer, stelle, systemwiederherstellung, ukash, verschlüsselungs, verschlüsselungstrojaner, wichtige



Ähnliche Themen: Externe HD hat den Verschlüsselungstrojaner


  1. “TR/Dropper.Gen” auf Externe Festplatte
    Log-Analyse und Auswertung - 19.08.2014 (5)
  2. Externe FP mit PUP.Optional.Miner
    Log-Analyse und Auswertung - 27.03.2014 (3)
  3. Externe Festplatte
    Alles rund um Windows - 04.01.2014 (45)
  4. Externe Festplatte nur Ver.knüpfungen
    Log-Analyse und Auswertung - 28.10.2012 (44)
  5. [Kaufempfehlung] Externe Festplatte
    Netzwerk und Hardware - 09.10.2012 (1)
  6. Externe Platte Verseucht?
    Plagegeister aller Art und deren Bekämpfung - 23.08.2012 (1)
  7. externe hdd autorun.inf verseucht!!
    Plagegeister aller Art und deren Bekämpfung - 18.07.2009 (9)
  8. Vista auf Externe Installieren
    Alles rund um Windows - 20.02.2009 (0)
  9. Externe Festplatte
    Netzwerk und Hardware - 14.12.2008 (1)
  10. Externe Festplatte
    Netzwerk und Hardware - 21.05.2008 (2)
  11. Externe 2.5 HD kaputt?
    Netzwerk und Hardware - 26.05.2007 (3)
  12. Externe Festplatte
    Netzwerk und Hardware - 26.11.2006 (3)
  13. Externe Festplatte für XP und 98
    Netzwerk und Hardware - 04.12.2005 (1)
  14. externe Festplatte
    Netzwerk und Hardware - 06.08.2005 (1)
  15. Externe Festplatte?
    Netzwerk und Hardware - 19.06.2005 (1)
  16. externe festplatte
    Netzwerk und Hardware - 17.03.2005 (2)
  17. WIN XP und externe USB Platten
    Alles rund um Windows - 04.01.2005 (5)

Zum Thema Externe HD hat den Verschlüsselungstrojaner - Hallo Ich wurde auch ein Opfer von diesen Verschlüsselungstrojaner (UKASH). Ich habe schon gestern eine Systemwiederherstellung von Laufwerk C: gemacht. Musste aber feststellen das mein Externe HD immer noch nicht - Externe HD hat den Verschlüsselungstrojaner...
Archiv
Du betrachtest: Externe HD hat den Verschlüsselungstrojaner auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.