Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 25.07.2012, 20:02   #1
Knopey
 
BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt? - Standard

BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?



Hallo,

ich habe kürzlich das Internet unbekümmert durchsurft und plötzlich taucht die allseits geliebte "BKA"-Seite auf; mein Computer sei gesperrt, ich könne ihn mit einer Überweisung wieder freischalten, blah blah blah.

Ich habe auf einem alternativen Gerät das Internet nach Hilfen und Lösungen durchforstet und habe einen vielversprechenden Tipp befolgt: die Systemwiederherrstellung.

Diese habe ich genutzt und mein Windows 7 ist nun wieder auf einen Wegpunkt von gestern oder vorgestern wiederhergestellt. Ich kann den PC nun wieder nutzen!

ABER! Man kann durch die Infektion dem System bekanntlich nicht mehr trauen. So bin ich hier in dem Forum auf den Hinweis gestoßen, ich solle 1. einen Vollscan mit " Malwarebytes Anti-Malware " und 2. einen Scan mit "OTL" durchführen. Gesagt - getan. Beide Scans durchgeführt.

Die Logs stehen hier in den Zitatblasen im unteren Teil meines Beitrages.

Wie soll es denn nun weitergehen, sodass ich mich wieder auf mein System verlassen kann?

Ich bedanke mich jetzt schon mal für Hilfe und wünsche noch einen schönen Abend

Der Log für Malwarebytes Anti-Malware:
Zitat:
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.25.04

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
User :: USER-PC [Administrator]

25.07.2012 15:37:21
mbam-log-2012-07-25 (19-08-18).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 571129
Laufzeit: 1 Stunde(n), 52 Minute(n), 5 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Tools\steig\DSA.exe (Spyware.Banker) -> Keine Aktion durchgeführt.
C:\Free_Tetris_(176x220).jar.exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt.

(Ende)


Der Log von OTL:
Zitat:
OTL logfile created on: 25.07.2012 19:19:31 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,68% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 108,90 Gb Free Space | 23,39% Space Free | Partition Type: NTFS
Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Users\User\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
PRC - C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\AVAST Software\Avast\AvastUI.exe (AVAST Software)
PRC - C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
PRC - C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe (Egisca Corporation)
PRC - C:\Windows\SysWOW64\PnkBstrA.exe ()
PRC - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
PRC - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
PRC - C:\Program Files (x86)\McAfee Security Scan\2.0.181\SSScheduler.exe (McAfee, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.)


========== Modules (No Company Name) ==========

MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\SiteSafety.dll ()
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\3971e166cf827b6726e142f344061dc9\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\8c40f40ef36622109793788049fbe9ab\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\d1f299160424bad90fe9f658661389e2\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\623d2a0f11dd82bb9bc13d1cb981b239\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\System\6f9f0467e8b2dd3f69b015c8e30ac945\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\3953b1d8b9b57e4957bff8f58145384e\mscorlib.ni.dll ()
MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\plugins\iCalendarPlugin.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll ()
MOD - C:\Program Files (x86)\Vtune\TBPANEL.exe ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll ()
MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
MOD - C:\Program Files (x86)\Nexus Radio\Search.lib ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_xrc_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxbase28u_xml_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_html_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_adv_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxmsw28u_core_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\wxbase28u_vc_rny.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\lfs.dll ()
MOD - C:\Program Files (x86)\Rainlendar2\lua51.dll ()
MOD - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll ()
MOD - C:\Program Files (x86)\Nexus Radio\CurlLib.dll ()
MOD - C:\Program Files (x86)\Vtune\TBManage.dll ()


========== Win32 Services (SafeList) ==========

SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (vToolbarUpdater11.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\11.2.0\ToolbarUpdater.exe ()
SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_4f7fccd.dll ()
SRV - (Hamachi2Svc) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe (LogMeIn Inc.)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (avast! Antivirus) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe (AVAST Software)
SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe ()
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG)
SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (SwitchBoard) -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (BCUService) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe (DeviceVM, Inc.)
SRV - (EPSON_EB_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50STB.EXE (SEIKO EPSON CORPORATION)
SRV - (EPSON_PM_RPCV4_04) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RPB.EXE (SEIKO EPSON CORPORATION)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)


========== Driver Services (SafeList) ==========

DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (atksgt) -- C:\Windows\SysNative\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- C:\Windows\SysNative\drivers\lirsgt.sys ()
DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation)
DRV:64bit: - (aswSnx) -- C:\Windows\SysNative\drivers\aswSnx.sys (AVAST Software)
DRV:64bit: - (aswSP) -- C:\Windows\SysNative\drivers\aswSP.sys (AVAST Software)
DRV:64bit: - (aswRdr) -- C:\Windows\SysNative\drivers\aswRdr2.sys (AVAST Software)
DRV:64bit: - (aswTdi) -- C:\Windows\SysNative\drivers\aswTdi.sys (AVAST Software)
DRV:64bit: - (aswMonFlt) -- C:\Windows\SysNative\drivers\aswMonFlt.sys (AVAST Software)
DRV:64bit: - (aswFsBlk) -- C:\Windows\SysNative\drivers\aswFsBlk.sys (AVAST Software)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.)
DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (athur) -- C:\Windows\SysNative\drivers\athurx.sys (Atheros Communications, Inc.)
DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH)
DRV:64bit: - (h647906) -- C:\Windows\SysNative\drivers\h647906.sys (Your Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (hid7906) -- C:\Windows\SysWOW64\drivers\hid7906.sys (Your Corporation)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={3E42BF54-00C7-4193-9C6A-302B35C723ED}&mid=44e504a0c14f47d0b0bb81ac0f871190-ed3dc43d157649aab110802446b54b84e0275ab0&lang=de&ds=od011&pr=sa&d=2012-07-16 12:59:44&v=11.1.0.12&sap=hp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 B5 5E EE 8E B3 CC 01 [binary data]
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{16F3E807-C37B-49f3-84CA-2E5FDAF508EC}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{6A0E4DBA-E196-4a22-863D-10EDD38DB33C}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={3E42BF54-00C7-4193-9C6A-302B35C723ED}&mid=44e504a0c14f47d0b0bb81ac0f871190-ed3dc43d157649aab110802446b54b84e0275ab0&lang=de&ds=od011&pr=sa&d=2012-07-16 12:59:44&v=11.1.0.12&sap=dsp&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{C4721A82-2075-431e-A5E2-AF47AC772A44}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;127.0.0.1:9421;<local>

========== FireFox ==========

FF - user.js - File not found

FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\11.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/wpi,version=1.4: C:\Program Files\Microsoft\Web Platform Installer\\npwpidetector.dll ()
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\User\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.04.09 09:17:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.05 02:43:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\11.1.0.12\ [2012.07.16 13:00:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 22:22:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.20 07:50:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.05 09:52:26 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.19 22:22:13 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.02.20 07:50:08 | 000,000,000 | ---D | M]

[2012.04.25 23:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions
[2012.04.25 23:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2012.05.02 21:17:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\mfmd0p0n.default\extensions
[2011.12.31 15:03:57 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\mfmd0p0n.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.03.18 23:55:49 | 000,000,000 | ---D | M] (ZoneAlarm-Sicherheit Community Toolbar) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\mfmd0p0n.default\extensions\{fc2b76fc-2132-4d80-a9a3-1f5c6e49066b}
[2011.12.15 19:51:04 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\mfmd0p0n.default\extensions\battlefieldheroespatcher@ea.com
[2012.03.18 23:55:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.19 22:22:13 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.02.20 07:50:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2012.06.20 12:29:17 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.07.16 12:59:30 | 000,003,750 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.06.20 12:29:17 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.20 12:29:17 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.20 12:29:17 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.20 12:29:17 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.20 12:29:17 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml

O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files (x86)\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MIF5BA~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\11.1.0.12\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm-Sicherheit Toolbar) - {FC2B76FC-2132-4D80-A9A3-1F5C6E49066B} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\prxtbZone.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [USB Gamepad] C:\Windows\USB Vibration\7906\USB Gamepad.exe ()
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKCU..\Run: [AdobeBridge] File not found
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\User\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [EPSON BX305 Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Windows\TEMP\E_SC14C.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Nexus Radio] C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe (Egisca Corporation)
O4 - HKCU..\Run: [PfeilArt Standarddrucker] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGJE.EXE /FU "C:\Users\User\AppData\Local\Temp\E_S6614.tmp" /EF "HKCU" File not found
O4 - HKCU..\Run: [Rainlendar2] C:\Program Files (x86)\Rainlendar2\Rainlendar2.exe ()
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [TBPanel] C:\Program Files (x86)\Vtune\TBPanel.exe ()
O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\User\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O8:64bit: - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Download by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MIF5BA~1\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files (x86)\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\User\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MIF5BA~1\Office14\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39853D85-E37D-4201-A1CB-5684226CDF87}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\11.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts) - E:\Autorun.exe -- [ UDF ]
O32 - AutoRun File - [2011.11.14 17:40:17 | 000,000,049 | R--- | M] () - E:\Autorun.inf -- [ UDF ]
O33 - MountPoints2\{0f4ce120-cf2d-11e1-9301-50e54963f863}\Shell - "" = AutoRun
O33 - MountPoints2\{0f4ce120-cf2d-11e1-9301-50e54963f863}\Shell\AutoRun\command - "" = E:\Autorun.exe -- [2012.02.03 08:11:25 | 000,055,136 | R--- | M] (Electronic Arts)
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2012.07.25 19:17:02 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.25 15:34:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes
[2012.07.25 15:33:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.25 15:33:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.25 15:33:57 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.25 15:33:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.25 15:00:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{29493FEA-2DBD-4E30-A663-530A8BC35906}
[2012.07.25 15:00:08 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{352BA516-C5C7-42EB-BAA8-A23EA07EBF0F}
[2012.07.24 22:42:40 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9B47E8B6-F342-4D9C-ACAF-026A59B92B2C}
[2012.07.24 22:42:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{84EE4954-2E8F-42FF-97E2-2BA912EBCC0F}
[2012.07.24 12:47:29 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayLink iPad Software
[2012.07.24 12:46:29 | 000,000,000 | ---D | C] -- C:\Program Files\DisplayLink Core Software
[2012.07.24 09:41:00 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{DA7EC19E-075B-4286-91F5-67FDB36F6E37}
[2012.07.24 09:40:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F5450C25-3704-40AF-99F4-FD96240726E4}
[2012.07.23 11:20:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{F50FA6CB-D503-4C56-8CE8-19E343D1A4DC}
[2012.07.23 11:20:07 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{A7C2D6EF-7526-4469-8AA2-7AE04311BBD9}
[2012.07.21 23:06:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\XBlades
[2012.07.21 23:06:38 | 000,000,000 | ---D | C] -- C:\ProgramData\XBlades
[2012.07.21 23:06:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XBlades
[2012.07.21 14:40:36 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{254BB078-8E1F-4292-A2DC-6B965057FB15}
[2012.07.21 14:40:15 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{94B05FF4-5C2A-4B47-B766-60B79A75C802}
[2012.07.20 16:49:23 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{1100F571-64CF-4738-BE3E-F138C77B1569}
[2012.07.20 16:49:01 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0AB727B8-0990-475E-B567-D89358989118}
[2012.07.17 21:42:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{843928ED-C0E2-48DD-B760-234A7B8567ED}
[2012.07.17 21:42:30 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{97D7D2F0-8B23-4230-959B-EC9B6BDB9069}
[2012.07.16 13:01:54 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\DAEMON Tools Images
[2012.07.16 13:00:21 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\AVG Secure Search
[2012.07.16 12:59:42 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG Secure Search
[2012.07.16 12:59:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search
[2012.07.16 12:59:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search
[2012.07.16 12:58:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite
[2012.07.16 12:57:41 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.07.16 12:57:35 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.07.16 12:57:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\DAEMON Tools Lite
[2012.07.16 12:57:25 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\OpenCandy
[2012.07.16 12:57:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite
[2012.07.16 12:56:15 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite
[2012.07.14 14:09:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{170A48DA-867C-4057-A783-B1F76411AE92}
[2012.07.14 14:08:49 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{23444E4C-97F1-4AFE-8889-F32D39791AA4}
[2012.07.12 03:01:58 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.12 03:01:58 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.12 03:01:58 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.12 03:01:57 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.12 03:01:56 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.12 03:01:56 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.12 03:01:56 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.12 03:01:55 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.12 03:01:54 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.12 03:01:53 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.12 03:01:53 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.12 03:01:53 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.12 03:01:52 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.11 16:00:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll
[2012.07.11 16:00:01 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll
[2012.07.11 15:59:53 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.11 15:59:49 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll
[2012.07.11 15:59:49 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll
[2012.07.11 15:54:16 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{25E01E90-95F3-4C3B-9673-4836CD83B07A}
[2012.07.11 15:53:52 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{101BC2B3-A039-4459-BE4F-B5AD71D245BA}
[2012.07.10 20:10:59 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{054875A0-0E20-4F01-B535-E9B19E5C2265}
[2012.07.10 20:10:39 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E5A5A2D4-8184-4975-A027-362375263B0D}
[2012.07.09 18:44:33 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{9AD60F01-566E-4000-9F23-D9FFDD269A6B}
[2012.07.09 18:44:10 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{07E22FE0-C00D-4A91-A32A-767FA6C2365F}
[2012.07.08 12:30:24 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{00A4ED09-B63C-41DB-A095-44766C93C290}
[2012.07.08 12:30:02 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{54DB86EF-F68A-4D22-AE85-D85180740D2E}
[2012.07.07 14:02:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B872C139-8EB8-4D6C-9DB0-7B7DE3F53849}
[2012.07.07 14:02:31 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{CC7261E1-E6A4-4671-929A-417150C7C7E8}
[2012.07.05 17:26:19 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{02A73977-7298-4A13-A147-A2AC229C856F}
[2012.07.05 17:25:58 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D14C31A2-FC3C-478D-A681-FA68A4556DD7}
[2012.07.04 20:57:53 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0AC43D86-FD58-4365-A5CF-C025E76E4B61}
[2012.07.04 20:57:32 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3E9F753C-B0B9-4E1C-9BC7-3C4C88638E20}
[2012.07.02 19:20:38 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{0B323118-EFE0-4F3E-92B2-19A9B3CCBBFA}
[2012.07.02 19:20:28 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{EF15D2B7-0774-4F27-98B0-FBEC0634AC60}
[2012.07.01 10:23:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Script Maker
[2012.06.28 23:15:57 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\MaikMagPauken
[2012.06.28 22:19:18 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{3C8C6D39-4F24-4D28-9E9C-6FD2E4C28765}
[2012.06.28 22:18:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{FCCA18CE-912D-40C0-8C60-043355684C2D}
[2012.06.27 16:24:13 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{B87636AE-AC24-486A-AA05-4D66531A94FD}
[2012.06.27 16:23:51 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{E83DBBC6-0C11-49DC-9725-B51D3A0DB056}
[2012.06.27 16:13:31 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2012.06.27 16:13:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LogMeIn Hamachi
[2012.06.27 16:13:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn Hamachi
[2012.06.26 11:05:56 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{8E9600CB-92BF-463D-BEA9-9146D9B890E1}
[2012.06.26 11:05:35 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Local\{D3D0C85F-83EA-4BCF-A9AD-D92EFDA3BE4D}
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012.07.25 19:18:03 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 19:18:03 | 000,014,784 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.25 19:17:07 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\User\Desktop\OTL.exe
[2012.07.25 19:10:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.25 19:09:58 | 3220,017,152 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.25 08:54:02 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.07.25 00:37:27 | 004,503,728 | ---- | M] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.22 19:00:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 19:00:58 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 19:00:58 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 19:00:58 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 19:00:58 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.21 23:26:48 | 000,002,344 | ---- | M] () -- C:\Users\User\Documents\pat1.unj
[2012.07.21 23:09:50 | 000,000,422 | ---- | M] () -- C:\Windows\{27018D57-D152-44EF-BCE0-5E3B3445EABE}_WiseFW.ini
[2012.07.21 22:53:50 | 000,000,311 | ---- | M] () -- C:\Users\User\.dsa4.properties
[2012.07.21 14:03:52 | 000,003,373 | ---- | M] () -- C:\Users\User\.heldEinstellungen4_1.xml
[2012.07.16 12:57:35 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys
[2012.07.12 07:48:51 | 005,083,512 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012.07.25 00:02:10 | 004,503,728 | ---- | C] () -- C:\ProgramData\z7_0ytr.pad
[2012.07.21 23:26:47 | 000,002,344 | ---- | C] () -- C:\Users\User\Documents\pat1.unj
[2012.07.21 23:06:35 | 000,000,422 | ---- | C] () -- C:\Windows\{27018D57-D152-44EF-BCE0-5E3B3445EABE}_WiseFW.ini
[2012.04.10 09:47:42 | 000,003,373 | ---- | C] () -- C:\Users\User\.heldEinstellungen4_1.xml
[2012.04.10 09:47:41 | 000,000,311 | ---- | C] () -- C:\Users\User\.dsa4.properties
[2012.02.05 13:40:55 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5F8D40D4CB.sys
[2012.02.05 13:40:54 | 000,000,848 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2012.02.05 13:09:33 | 000,000,173 | ---- | C] () -- C:\Users\User\AppData\Local\msmathematics.qat.User
[2012.01.01 20:40:46 | 000,083,968 | ---- | C] () -- C:\Windows\UnGins.exe
[2012.01.01 20:40:09 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\Unlha32.dll
[2012.01.01 20:40:08 | 000,473,600 | ---- | C] () -- C:\Windows\SysWow64\Harmony.dll
[2012.01.01 13:39:53 | 000,000,044 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE1.dat
[2012.01.01 13:35:53 | 000,000,043 | ---- | C] () -- C:\Users\User\jagex_cl_runescape_LIVE.dat
[2012.01.01 13:35:53 | 000,000,024 | ---- | C] () -- C:\Users\User\random.dat
[2011.12.27 21:25:24 | 001,589,442 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.22 23:45:36 | 000,110,080 | ---- | C] () -- C:\Windows\SysWow64\advd.dll
[2011.12.22 23:45:36 | 000,023,040 | ---- | C] () -- C:\Windows\SysWow64\auth.dll
[2011.12.22 23:45:35 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll
[2011.12.15 20:04:02 | 000,270,240 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011.12.15 20:03:59 | 000,075,136 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011.12.07 17:52:39 | 000,017,408 | ---- | C] () -- C:\Users\User\AppData\Local\WebpageIcons.db
[2011.12.07 17:48:38 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.12.07 17:48:34 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.12.07 17:48:34 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.12.07 17:48:34 | 000,074,752 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.12.05 12:15:37 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.09.28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.08.03 04:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 152 bytes -> C:\ProgramData\TEMP:728B799F

< End of report >

Log von OTL - "Extras"
Zitat:
OTL Extras logfile created on: 25.07.2012 19:19:31 - Run 1
OTL by OldTimer - Version 3.2.54.1 Folder = C:\Users\User\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

4,00 Gb Total Physical Memory | 2,27 Gb Available Physical Memory | 56,68% Memory free
8,00 Gb Paging File | 6,10 Gb Available in Paging File | 76,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 465,66 Gb Total Space | 108,90 Gb Free Space | 23,39% Space Free | Partition Type: NTFS
Drive E: | 5,22 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF

Computer Name: USER-PC | User Name: User | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6 (64 Bit)\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitdm.exe" = C:\Program Files (x86)\Orbitdownloader\orbitdm.exe:*:Enabled:Orbit -- (Orbitdownloader.com)
"C:\Program Files (x86)\Orbitdownloader\orbitnet.exe" = C:\Program Files (x86)\Orbitdownloader\orbitnet.exe:*:Enabled:Orbit -- (Orbitdownloader.com)


========== Vista Active Open Ports Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07F9988F-6451-4F43-AE3E-BC518335FF9A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1C97CC21-51AB-4F61-A063-CE318AEB514B}" = lport=445 | protocol=6 | dir=in | app=system |
"{1F2914DE-1CA5-4D54-BA3A-4525B1D5E109}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24A01E18-342C-4564-84C3-98C20A255FCA}" = rport=137 | protocol=17 | dir=out | app=system |
"{364DC400-B43E-4CA7-A9AD-870A299F4529}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F7955D0-1E0E-42D2-B1F5-DA8FE60BC7D4}" = rport=138 | protocol=17 | dir=out | app=system |
"{512F0E6E-BDAB-49B3-A29F-B72005EDD522}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{6B012C35-CE9B-4872-8E0F-6B8D0259DE1A}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{758C95EB-34FA-4F57-A313-50CF951CBCB3}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7AB1E943-C6BB-46D7-856F-81419692C71B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8B727860-69D9-4ECD-895E-2D004FADC158}" = rport=445 | protocol=6 | dir=out | app=system |
"{8D0E0D21-1E7B-4CA4-B266-A0D3DA046BA7}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{8D1EC540-9EC3-4EC3-B759-AFAAA1FD017A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{9086B304-29BE-45FA-832B-6A693C00D206}" = lport=10243 | protocol=6 | dir=in | app=system |
"{91AED068-EEDB-4C9F-89D2-690AE1A23DB2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{996EF498-43F4-43DF-A02C-4DE26929FF5E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{9DB92B8E-1574-4E77-BD85-20C0CD46BD3B}" = lport=138 | protocol=17 | dir=in | app=system |
"{9E6947FF-EF9C-44EA-93E3-628DDB398D8E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{ACF54959-8224-43BE-B340-DCE6AA9D9D45}" = rport=10243 | protocol=6 | dir=out | app=system |
"{B567F0C4-818D-4815-8EC8-506D4295C8C8}" = lport=2869 | protocol=6 | dir=in | app=system |
"{B77FEFBF-7D93-471E-89DA-36C68AE999CE}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CADA236C-2949-4A92-A82E-BA5D2AB1E8EA}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{CBCA81CE-0BD6-4AD0-A910-E924BB658933}" = lport=137 | protocol=17 | dir=in | app=system |
"{EC6FC143-EC34-4280-B8B8-9410BB75E40A}" = lport=139 | protocol=6 | dir=in | app=system |
"{F120CA7A-28B7-43C0-83B1-14275B0B9EA0}" = rport=139 | protocol=6 | dir=out | app=system |
"{F3639B5D-E93C-48B3-88D9-CF6BDC003AFF}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |

========== Vista Active Application Exception List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{030087C9-A8E2-4CAA-A1F9-036055E535EC}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{06EC0C51-8CF1-4ABF-98D2-EF59EA1B0ED0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{0C7CDEDF-9C31-4A4E-A34D-C8624EEF5E01}" = protocol=6 | dir=in | app=c:\program files (x86)\xblades\launcher.exe |
"{0F00E4FB-676A-4D3D-BCD7-62DFA8C1A8CF}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0F9F4A08-6153-4CE7-B241-BC89BFCA1E05}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1B163F26-5B65-4F47-9C6A-69B5E9C9B10D}" = protocol=6 | dir=out | app=system |
"{221B74E6-1E11-46B6-BB0E-B70F3F0AA839}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{263846CB-E3A9-4CB4-A76F-A620B20F093C}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{2779D788-F405-4E88-92A9-031911685FAD}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{34A1068D-83D9-4252-A62C-4A94B3A05618}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe |
"{34B3D243-D78B-46F5-AC2F-6E888E28D8E1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{3A59A4CA-30A1-4928-A2D9-89F7E5867081}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe |
"{3DAC26F3-FB47-41DF-81F3-1D355FE1BE63}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{49A2E348-CBB8-4574-A046-F6EC1EA82C11}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{49EAF2D5-0C33-4836-A275-11868E7F1B28}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"{4B0C4E4A-B4E1-4DCE-8DE8-9A3151E8642F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\support\ea help\electronic_arts_technical_support.htm |
"{514C2135-A3DF-4378-A268-27D522165B8D}" = protocol=17 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{5958E776-2D30-4528-8907-B05BFAB8910E}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe |
"{5C1BE252-E827-479C-AAE2-0B770B667A97}" = protocol=6 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
"{5EB7AABE-1D33-4EFB-95AE-52BCB014D63E}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{5F74196E-C34F-4462-A435-4B4014E627FE}" = protocol=17 | dir=in | app=c:\program files (x86)\bohemia interactive\arma 2\arma2.exe |
"{636B948E-F78F-47B2-8305-16FE2F389055}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{63FC31AD-068C-45C0-9447-805531D4A301}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe |
"{64F7E160-3392-46A7-B8F0-C0EACC28973E}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{67F4092E-24C7-4318-B624-2B90035E64A3}" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{69897438-3CC5-4B1C-8437-6094AAC1F866}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{6BF694BC-5876-4973-89CE-0ACF127D5D89}" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{6DAA0A00-3BAA-4200-BEBC-7AFD551E6715}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{6F45A6DD-EF1D-4140-A8C4-8D2AD8E8BAD9}" = protocol=6 | dir=in | app=c:\program files (x86)\brawl busters\bin\pblauncher.exe |
"{71B41DC7-8B27-4600-8B0A-7B045388A52F}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{809A2BC5-21DE-438B-898A-76C6028156B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{80A9495F-0234-4158-AD7A-CB7A0EF6754D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{865B6634-79ED-4E72-AA56-770665BD3826}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{878B5CFF-5F8D-4ABF-AE23-23B91AC749C2}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"{889ECA87-E931-48DD-98B2-6545C8853F70}" = protocol=6 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"{89E5EE58-FD2B-4837-A901-81FA8081629D}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\fortune summoners demo\sotes.exe |
"{8A6A6EF1-36E0-459C-AC95-743FAE0A96E8}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8BE8144D-06DB-41FF-8852-083B525A7AE7}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{8CA01F3C-3C1F-447D-AED1-654742293FFA}" = protocol=6 | dir=in | app=c:\windows\syswow64\zonelabs\vsmon.exe |
"{8E0632FB-D479-4D0A-8C6F-E910FAC6A3A9}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\bin_ship\dragonage2demo.exe |
"{9B548FB6-977F-4282-9CE9-ACF58C16AA3C}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{9B9844A3-4924-480A-A835-E21574D4704B}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{9EA7E210-153A-4E99-B4E8-494B910C2E88}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A82AB810-219A-4A4C-8FDC-F6B95D46ED93}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{AFEE4969-EB3B-4180-B5DA-EF48E9FE4EF7}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{B231FF95-98AE-411F-9C3C-4709341AEF78}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B3693C5A-CA43-4039-BABC-345B5E99F4AA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\darksporebin\darkspore.exe |
"{B6208296-4179-4CFC-B472-8E646519A3C7}" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"{B6913C95-0B75-47C1-8029-38398CBB1429}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{B7B92F7F-DCE9-411C-BCBB-B543D9C8A17F}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{B90B6319-730D-4E90-A8C5-C34592A80FCA}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\support\ea help\electronic_arts_technical_support.htm |
"{C0146445-88CD-4E41-B03B-36DA48CBF3BA}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C07ECE39-D5E7-44BA-A519-4D973CCF6808}" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2028F84-F544-4E88-8E62-9ABBACE99881}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe |
"{C223DBE0-CAD2-4D49-BD60-3AEEE7E069E9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\skyrim\skyrimlauncher.exe |
"{C3485996-A2E3-4350-96DE-9682CC7C7608}" = protocol=6 | dir=in | app=c:\program files (x86)\xblades\xblades.exe |
"{C548AE1D-32ED-4022-8D31-2B000036F6FA}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{C7130136-404A-41FA-897B-6FF83C482262}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CDB406B2-5104-4383-A828-BDE78B1B59B3}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{D1081A19-205C-42E6-A999-8FB74CC3B2A8}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthurmulti.exe |
"{D22A7CAC-082D-4992-B421-D68C7A02C324}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\king arthur - the role-playing wargame\kingarthur.exe |
"{D2901D24-4685-4FE9-84F4-B64C3E086F14}" = protocol=17 | dir=in | app=c:\program files (x86)\brawl busters\bin\pbclient.exe |
"{D91FF7FE-5EFC-4515-A85F-EE90AA2ED571}" = protocol=58 | dir=in | app=system |
"{EB6F52EC-04D8-47BD-8AE6-ACB87EDE28EE}" = protocol=17 | dir=in | app=c:\program files (x86)\xblades\launcher.exe |
"{EBE0475C-B7F8-4476-9FE9-812F32F0839F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EC7D14EA-8B5D-4B10-A1A2-DAB6418D9D90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{ED52964F-26EA-4036-B010-17F89C74ED40}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe |
"{ED57F9DE-3BC8-4E80-A8A3-5A772FF1D79C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{EDB5F743-5F2C-465D-904C-4FD05A9E3CF6}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{F45ED961-F84E-458A-83EB-7F13B30C007F}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{F658B6D7-EF84-4DFE-8A28-3AA786369525}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\darkspore\darksporebin\darkspore.exe |
"{FA671A7D-C9D2-4A71-AF06-06957C8B30DC}" = protocol=17 | dir=in | app=c:\program files (x86)\xblades\xblades.exe |
"{FF2E2B3C-8732-4C61-9286-A8D184A5ECB6}" = protocol=17 | dir=in | app=c:\program files (x86)\dragon age 2 demo\dragonage2launcher.exe |
"TCP Query User{07EA1130-EB8D-4BE0-A40B-5513BD932A6E}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=6 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"TCP Query User{30DF80B2-7BB6-417A-8127-319022692182}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"TCP Query User{6936E4E6-48CA-4121-B65F-BF5F2C2DE25C}C:\program files (x86)\franzis\onlinetv 6\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files (x86)\franzis\onlinetv 6\onlinetv.exe |
"TCP Query User{882A7C3D-1ADD-4A2B-B080-10A62EE3DE88}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |
"TCP Query User{8BB503B6-4C6D-4A2F-8636-0BD46F06F2B8}C:\program files (x86)\ludwig\ludwig updater.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ludwig\ludwig updater.exe |
"TCP Query User{95BCFA42-26C2-43D7-A4E9-7328A164E65E}C:\program files (x86)\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=6 | dir=in | app=c:\program files (x86)\dungeon defenders demo\binaries\win32\dundefgame.exe |
"TCP Query User{A8456B46-2046-4ECB-8094-9E5143BFCA90}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=6 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"TCP Query User{ADA1DC9F-48BC-4C63-89E0-4601134E2A95}C:\counter-strike 2d\counterstrike2d.exe" = protocol=6 | dir=in | app=c:\counter-strike 2d\counterstrike2d.exe |
"TCP Query User{B0708C4F-2EB2-4EAD-B3EC-4126FAAF0890}C:\program files (x86)\microsoft games\fable iii\fable3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"TCP Query User{CC1458C6-F61C-4901-A6BD-391B33EDF4C4}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{D3F56EB2-C5AE-471F-9DD8-B4C4C22677C3}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{E0945CA3-229F-4B34-9458-B5AB0B4FB5A0}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"TCP Query User{E9277E2B-08FD-4E95-9C95-762F13E4F7DD}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"TCP Query User{EA77AF04-6B14-4A15-8CAD-9AB517D9EBD8}C:\udk\ff vii remake\binaries\win32\udk.exe" = protocol=6 | dir=in | app=c:\udk\ff vii remake\binaries\win32\udk.exe |
"UDP Query User{022EE4CF-A74F-4E6E-9BD6-7C5AE8A048A0}C:\program files (x86)\ludwig\ludwig updater.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ludwig\ludwig updater.exe |
"UDP Query User{0AF1DBAC-8C85-4A38-B502-C6224C879F81}C:\users\user\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\local\akamai\netsession_win.exe |
"UDP Query User{17E71497-1F31-43B5-9762-BBBDC25D07B6}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe |
"UDP Query User{252E12D9-3725-4ACC-8F37-F807BD0561EE}C:\program files (x86)\microsoft games\fable iii\fable3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft games\fable iii\fable3.exe |
"UDP Query User{34256C1A-4192-438F-8281-BDB600E7D211}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{4A2843C0-3A00-4171-A9A8-0880A0368375}C:\users\user\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\user\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{4BAF3792-B1D3-4F35-BF68-A1725D87C5CB}C:\program files (x86)\dungeon defenders demo\binaries\win32\dundefgame.exe" = protocol=17 | dir=in | app=c:\program files (x86)\dungeon defenders demo\binaries\win32\dundefgame.exe |
"UDP Query User{8E9CAF89-5200-4330-AEA5-F85F73647537}C:\udk\ff vii remake\binaries\win32\udk.exe" = protocol=17 | dir=in | app=c:\udk\ff vii remake\binaries\win32\udk.exe |
"UDP Query User{916BF2C9-1722-4676-801F-BEB1BCD9DA07}C:\program files (x86)\franzis\onlinetv 6\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files (x86)\franzis\onlinetv 6\onlinetv.exe |
"UDP Query User{9CF5B862-059D-4121-9049-7E9E87CBC1BB}C:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe" = protocol=17 | dir=in | app=c:\users\public\sony online entertainment\installed games\dc universe online live\unreal3\binaries\win32\dcgame.exe |
"UDP Query User{A95334C6-BAAB-4231-86B3-0870E164C5DA}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{AB0A947D-8988-4E34-AC40-CE62FD8261DA}C:\counter-strike 2d\counterstrike2d.exe" = protocol=17 | dir=in | app=c:\counter-strike 2d\counterstrike2d.exe |
"UDP Query User{ED6311EF-FBEE-47D2-8A91-1900652AE36A}C:\program files (x86)\orbitdownloader\orbitnet.exe" = protocol=17 | dir=in | app=c:\program files (x86)\orbitdownloader\orbitnet.exe |
"UDP Query User{F5F7B2B0-32BD-4F0B-A06B-6B4FD745ABBE}C:\program files (x86)\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmnationsforever\tmforever.exe |

========== HKEY_LOCAL_MACHINE Uninstall List ==========

64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{027E5FAB-1476-4C59-AAB4-32EF28520399}" = Windows Live Language Selector
"{0D87AE67-14EB-4C10-88A5-DA6C3181EB18}" = Windows Live Family Safety
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
"{2128559D-BBCD-4744-87F0-7C0CD5CFB464}" = Windows Live Family Safety
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417001FF}" = Java(TM) 7 Update 1 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{75104836-CAC7-444E-A39E-3F54151942F5}" = Apple Mobile Device Support
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A7CEBDF-37E2-4B63-A384-2A9FD5CE0A80}_is1" = Classic Menu for Office 2010 v5.15
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 280.26
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 280.19
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.10.0514
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.4.28
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.2.23.3
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{CC4878C0-4A6A-49CD-AAA7-DD3FCB06CC84}" = Microsoft Web Platform Installer 3.0
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D66F0C3C-24F2-4463-9E2F-4381E5C40A26}" = iTunes
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{E57B7E0A-8BE5-42E2-BE60-C07ED680A063}" = Microsoft Mathematics (64-bit)
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"6af12c54-643b-4752-87d0-8335503010de_is1" = Nexus Mod Manager
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin 64-bit
"CCleaner" = CCleaner
"Defraggler" = Defraggler
"EPSON BX305 Series" = Druckerdeinstallation für EPSON BX305 Series
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"UDK-e5ca00a1-0ead-47d5-8ab8-04301896e41c" = FF VII REMAKE

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{08A25478-C5DD-4EA7-B168-3D687CA987FF}" = Die Sims™ 3 Traumsuite-Accessoires
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0CC21836-A5D6-4641-B4AE-6FA01D021E41}" = Die Sims Mittelalter Piraten und Edelleute
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{122879BD-2614-4AAB-9988-13C0719843D4}" = QuickSteuer 2012 COMPUTERBILD Edition
"{14509FBA-582F-43AB-8B7B-37A30B9C98C3}_is1" = ArcaniA - Gothic 4 Demo
"{17BADF87-3597-46FE-8D74-69C4FA78883E}" = Gothic 3
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D081AB0-B1CC-11E0-80C0-005056B12123}" = Haufe iDesk-Service
"{1D106581-6726-4D1B-ABEC-0CA02410F24F}" = Adobe Photoshop CS6
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{27018D57-D152-44EF-BCE0-5E3B3445EABE}" = X-Blades
"{2987EE84-C4EE-4FF5-8160-32DE00D6ABC6}" = GTA2
"{2A558A06-A44E-400D-95AD-D9FAA89AFD36}" = USB Network Joystick
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{343666E2-A059-48AC-AD67-230BF74E2DB2}" = Apple Application Support
"{35CB6715-41F8-4F99-8881-6FC75BF054B0}" = Oblivion
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3BBFD444-5FAB-49F6-98B1-A1954E831399}" = Die Sims™ 3 Showtime
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B10.0427.1
"{3F2A323E-60C4-41E8-8CCB-9715D1D750C3}" = Angry Birds Space
"{41899391-E156-4166-9DD3-DDDB76B45895}" = Rabbids Go Home - DVD
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"{449CE12D-E2C7-4B97-B19E-55D163EA9435}" = Bing Bar
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"{4D53090A-CE35-42BD-B377-831000028301}" = Fable III
"{4D565319-8B91-41cb-961C-0DDC86101AC5}" = Dragon Age II Demo
"{5BF5331F-E271-4A1F-AF5D-30A93EFF2584}_is1" = Franzis onlineTV 6
"{5E1375CB-6792-4464-8715-CC3EC83D48FA}" = VirtualDJ Home FREE
"{5FE71C58-78B3-4207-84C1-AF7F8F839301}" = MAGIX Web Designer 6
"{63CEA2E4-4FE7-4F2C-B388-C1313D24157C}" = SPORE™ Galaktische Abenteuer
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{6D1FAE3E-7A6F-4045-BBF5-55DB4C5FB5FD}" = MAGIX Online Druck Service
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7A2A107B-9695-423F-9462-8F17C178BD35}" = TP-LINK-Clientinstallationsprogramm
"{7B3F0113-E63C-4D6D-AF19-111A3165CCA2}" = Text-To-Speech-Runtime
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7FB413C8-3CAD-49F7-A67C-6EFEB4B04050}" = LogMeIn Hamachi
"{82225685-1513-4975-B624-155C10F3EE16}" = The Whispered World
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{83BEEFB4-8C28-4F4F-8A9D-E0D1ADCE335B}" = Die*Sims*Mittelalter
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{83DD8CC8-522E-4B75-836F-8775FDA4B5AB}" = Hotel Gigant 2
"{849F6C2A-3F9C-4731-B659-8C606B706CF0}_is1" = Counter-Strike 2D 0.1.1.9
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8763793B-4D7D-49C8-A859-5C582EC02640}" = Nexus Radio
"{88137A28-4E5B-4E56-B90C-E8AE768305A2}" = Rabbids Go Home - DVD
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8D8E696E-916E-49CE-B2EE-C2346A6FE949}" = Harry Potter und die Heiligtümer des Todes(TM) - Teil 2 Demo
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{932C2699-C83C-41CD-884A-A11E0073381D}" = Ludwig
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{93B12A27-25B5-4A0C-9601-CDF7FE495E12}_is1" = Tetris Unlimited 0.5.0
"{99F575A3-1298-40DE-B7DE-BAE5879710BA}" = Free-Jahreskalender 2012
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9DF0196F-B6B8-4C3A-8790-DE42AA530101}" = SPORE™
"{A2F166A0-F031-4E27-A057-C69733219434}_is1" = Runes of Magic
"{A2F991E7-DDCD-42B7-AFEC-47789A099FDC}" = Browser Configuration Utility
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA59DDE4-B672-4621-A016-4C248204957A}" = Skype™ 5.6
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.1) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AD665A16-AA0E-494A-A8CF-A7AFAD06C0F4}" = LEGO® Harry Potter™: Die Jahre 5-7 DEMO
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B25D67C4-E885-43F8-8085-B532F6261529}" = Fliptoast
"{B2F036FE-A916-4EBB-8621-5403444940D3}_is1" = Tiggit
"{B3EADE8F-0157-4337-9825-29034B69E300}" = Boulder Remake
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5BC0FE6-29E8-4583-AA3E-AD8623CF3A51}" = MAGIX Xtreme Foto & Grafik Designer 5 (Silver)
"{B9DB4C76-01A4-46D5-8910-F7AA6376DBAF}" = NVIDIA PhysX
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C12631C6-804D-4B32-B0DD-8A496462F106}" = Die Sims™ 3 Einfach tierisch
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C61B2B59-75D2-4203-B589-E0102C3A6F32}" = QuickSteuer Wissens-Center 2012
"{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"{C785F840-38A4-4D44-8AD1-281726A6E677}" = Momodora
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D47087E7-AA15-4D1D-8C0A-60F7E446D597}" = PSP ISO Compressor
"{D85B0C49-754F-47FA-81CB-0C541D4084E2}" = MAGIX Foto Manager 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E3F04224-BA9A-4068-8A51-83267B4E7496}" = Yu-Gi-Oh! ONLINE 3
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3C2ECAA-1B4D-4B75-9105-106B0D03EF02}" = Lexware Info Service
"{F617CEFF-8242-42AF-95BE-2545DB029A0C}" = Die Sims™ 3 Einfach tierisch: Erstelle ein Tier-Demo
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE23D063-934D-4829-A0D8-00634CE79B4A}" = Adobe AIR
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player ActiveX
"Akamai" = Akamai NetSession Interface Service
"ArmA 2" = ArmA 2 Uninstall
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.14 (Unicode)
"Audiograbber" = Audiograbber 1.83 SE
"avast" = avast! Free Antivirus
"AVG Secure Search" = AVG Security Toolbar
"BattlEye for A2" = BattlEye Uninstall
"BlackCove_is1" = Pirates of Black Cove Demo
"Brawl Busters" = Brawl Busters
"CosmicBreak_eng" = CosmicBreak_eng
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Drakensang Online" = Drakensang Online
"Drakensang_is1" = Drakensang
"EADM" = EA Download Manager
"FileZilla Client" = FileZilla Client 3.5.2
"FormatFactory" = FormatFactory 2.80
"Free Audio Converter_is1" = Free Audio Converter version 5.0.4.1228
"Free Video to MP3 Converter_is1" = Free Video to MP3 Converter version 5.0.4.1228
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.14.1206
"GFWL_{4D53090A-9B45-437B-A66A-831000008300}" = Fable III
"Icy Tower v1.5_is1" = Icy Tower v1.5
"KEmulator 0.9.8" = KEmulator 0.9.8
"KLiteCodecPack_is1" = K-Lite Codec Pack 8.0.0 (Full)
"Little Fighter 2 version 2.0a" = Little Fighter 2 version 2.0a
"LogMeIn Hamachi" = LogMeIn Hamachi
"MAGIX_{4356EDD5-144A-44F2-B352-A9232D280A0C}" = MAGIX Music Maker 17
"MAGIX_{C730B021-96D7-4F63-B52E-27F9A8155BE1}" = MAGIX Screenshare
"MAGIX_{C7411D97-EF5E-46B2-8B49-E408A344DF82}" = MAGIX Speed burnR (MSI)
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_Web_Designer_6_DLM" = MAGIX Web Designer 6
"MAGIX_MSI_XtremeGrafik5_Silver" = MAGIX Xtreme Foto & Grafik Designer 5 (Silver)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MySSID_is1" = Vtune 7.21
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.SingleImage" = Microsoft Office Home and Business 2010
"OpenAL" = OpenAL
"Orbit_is1" = Orbit Downloader
"Phase Shift" = Phase Shift
"ProtectDisc Driver 11" = ProtectDisc Driver, Version 11
"PunkBusterSvc" = PunkBuster Services
"Rainlendar2" = Rainlendar2 (remove only)
"RPG Maker 2003_is1" = RPG Maker 2003 v1.08
"RPG Maker VX RTP_is1" = RPG Maker VX RTP
"RPG Maker VX_is1" = RPG Maker VX
"RPG-SoundMixer_is1" = RPG-SoundMixer
"RTP for RM2K (Png, Wav, Midi, Fonts)" = RTP for RM2K (Png, Wav, Midi, Fonts)
"Sparfuchs_is1" = Sparfuchs
"ST6UNST #1" = BEWERBUNGSMASTER
"ST6UNST #2" = ColdSteel's DSA-Utilities 3 - The ElderTool
"Steam App 102830" = Darkspore Demo
"Steam App 203530" = Fortune Summoners Demo
"Steam App 24400" = King Arthur - The Role-playing Wargame
"Steam App 72850" = The Elder Scrolls V: Skyrim
"Streamripper" = Streamripper (Remove only)
"Super Mario: Blue Twilight DX (v1.04.1)" = Super Mario: Blue Twilight DX (v1.04.1)
"TmNationsForever_is1" = TmNationsForever
"UltraStar" = UltraStar 0.8.4
"Venetica_is1" = Venetica
"VLC media player" = VLC media player 1.1.11
"WinLems_is1" = WinLems 1.24
"WinLiveSuite" = Windows Live Essentials
"WMV9_VCM" = Microsoft Windows Media Video 9 VCM
"xp-AntiSpy" = xp-AntiSpy 3.98
"Zattoo4" = Zattoo4 4.0.5

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Dropbox" = Dropbox
"Dungeon Defenders Demo" = Dungeon Defenders Demo
"RadioSure" = RadioSure
"SOE-DC Universe Online Live" = DC Universe Online Live
"TuxGuitar" = TuxGuitar
"UnityWebPlayer" = Unity Web Player

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 24.07.2012 07:00:44 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Nexus Radio.exe, Version: 5.6.6.6,
Zeitstempel: 0x00000000 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.17725,
Zeitstempel: 0x4ec49b8f Ausnahmecode: 0xc0000005 Fehleroffset: 0x0002e3be ID des fehlerhaften
Prozesses: 0xf40 Startzeit der fehlerhaften Anwendung: 0x01cd696d9b4524a0 Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe Pfad
des fehlerhaften Moduls: C:\Windows\SysWOW64\ntdll.dll Berichtskennung: d0235e80-d57e-11e1-8acb-50e54963f863

Error - 24.07.2012 10:41:02 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x178c Startzeit der fehlerhaften Anwendung: 0x01cd69aa53fe6c40 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
968e6650-d59d-11e1-8067-50e54963f863

Error - 24.07.2012 12:16:24 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x17d8 Startzeit der fehlerhaften Anwendung: 0x01cd69b7a1688670 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
e964e630-d5aa-11e1-be3d-50e54963f863

Error - 24.07.2012 12:23:31 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x1460 Startzeit der fehlerhaften Anwendung: 0x01cd69b89f6de210 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
e7d55fb0-d5ab-11e1-a3e9-50e54963f863

Error - 24.07.2012 16:34:28 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x1360 Startzeit der fehlerhaften Anwendung: 0x01cd69dbb85dfcb0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
f67d5630-d5ce-11e1-9e3b-50e54963f863

Error - 24.07.2012 18:08:59 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x17b4 Startzeit der fehlerhaften Anwendung: 0x01cd69e8e1de4d80 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
2ac115a0-d5dc-11e1-9eb5-50e54963f863

Error - 24.07.2012 18:33:17 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x1690 Startzeit der fehlerhaften Anwendung: 0x01cd69ec46c1d980 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
8fd955d0-d5df-11e1-8c47-50e54963f863

Error - 25.07.2012 02:56:25 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x7fc Startzeit der fehlerhaften Anwendung: 0x01cd6a328bc29290 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
d98f22e0-d625-11e1-988f-50e54963f863

Error - 25.07.2012 03:57:33 | Computer Name = User-PC | Source = Customer Experience Improvement Program | ID = 1008
Description =

Error - 25.07.2012 13:12:58 | Computer Name = User-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Name des fehlerhaften Moduls: daemonu.exe, Version: 1.4.28.0, Zeitstempel:
0x4e3906e6 Ausnahmecode: 0xc000000d Fehleroffset: 0x0005f90b ID des fehlerhaften Prozesses:
0x528 Startzeit der fehlerhaften Anwendung: 0x01cd6a88bc95b9f0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Pfad
des fehlerhaften Moduls: C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
Berichtskennung:
fa9d45b0-d67b-11e1-bde0-50e54963f863

[ System Events ]
Error - 24.07.2012 18:39:35 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 18:39:35 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 18:39:35 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 24.07.2012 18:39:35 | Computer Name = User-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Netzwerklistendienst" ist vom Dienst "NLA (Network Location
Awareness)" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068

Error - 25.07.2012 02:53:18 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 25.07.2012 02:56:31 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.

Error - 25.07.2012 07:22:37 | Computer Name = User-PC | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.

Error - 25.07.2012 11:47:17 | Computer Name = User-PC | Source = bowser | ID = 8003
Description =

Error - 25.07.2012 13:10:12 | Computer Name = User-PC | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\system32\athExt.dll Fehlercode: 126

Error - 25.07.2012 13:12:58 | Computer Name = User-PC | Source = Service Control Manager | ID = 7034
Description = Dienst "NVIDIA Update Service Daemon" wurde unerwartet beendet. Dies
ist bereits 1 Mal passiert.


< End of report >

Alt 26.07.2012, 11:19   #2
kira
/// Helfer-Team
 
BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt? - Standard

BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?



Hallo und Herzlich Willkommen!

Bevor wir unsere Zusammenarbeit beginnen, [Bitte Vollständig lesen]:
Zitat:
  • "Fernbehandlungen/Fernhilfe" und die damit verbundenen Haftungsrisken:
    - da die Fehlerprüfung und Handlung werden über große Entfernungen durchgeführt, besteht keine Haftung unsererseits für die daraus entstehenden Folgen.
    - also, jede Haftung für die daraus entstandene Schäden wird ausgeschlossen, ANWEISUNGEN UND DEREN BEFOLGUNG, ERFOLGT AUF DEINE EIGENE VERANTWORTUNG!
  • Charakteristische Merkmale/Profilinformationen:
    - aus der verwendeten Loglisten oder Logdateien - wie z.B. deinen Realnamen, Seriennummer in Programm etc)- kannst Du durch [X] oder Sternchen (*) ersetzen
  • Die Systemprüfung und Bereinigung:
    - kann einige Zeit in Anspruch nehmen (je nach Art der Infektion), kann aber sogar so stark kompromittiert sein, so dass eine wirkungsvolle technische Säuberung ist nicht mehr möglich bzw Du es neu installieren musst
  • Ich empfehle Dir die Anweisungen erst einmal komplett durchzulesen, bevor du es anwendest, weil wenn du etwas falsch machst, kann es wirklich gefährlich werden. Wenn du meinen Anweisungen Schritt für Schritt folgst, kann eigentlich nichts schief gehen.
  • Innerhalb der Betreuungszeit:
    - ohne Abspräche bitte nicht auf eigene Faust handeln!- bei Problemen nachfragen.
  • Die Reihenfolge:
    - genau so wie beschrieben bitte einhalten, nicht selbst die Reihenfolge wählen!
  • GECRACKTE SOFTWARE werden hier nicht geduldet!!!!
  • Ansonsten unsere Forumsregeln:
    - Bitte erst lesen, dann posten!-> Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten?
  • Alle Logfile mit einem vBCode Tag eingefügen, das bietet hier eine gute Übersicht, erleichtert mir die Arbeit! Falls das Logfile zu groß, teile es in mehrere Teile auf.

Sobald Du diesen Einführungstext gelesen hast, kannst Du beginnen
► Erster Teil des 3-teiligen Verfahren, werden wir dein System auf Viren untersuchen, bzw nach einem anderen Verursacher suchen:
Für Vista und Win7:
Wichtig: Alle Befehle bitte als Administrator ausführen! rechte Maustaste auf die Eingabeaufforderung und "als Administrator ausführen" auswählen
Auf der angewählten Anwendung einen Rechtsklick (rechte Maustaste) und "Als Administrator ausführen" wählen!

1.
starte Malwarebytes Anti-Malware
-> Funde aus Quarantäne löschen
-> Update ziehen
-> Vollständiger Suchlauf wählen
-> Funde löschen lassen
-> Scanergebnis hier posten!

2.
erneut einen Systemscan mit OTL
  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt - OTL.txt und Extras.txt
  • Poste die Logfiles in Code-Tags hier in den Thread.

3.
Um festzustellen, ob veraltete oder schädliche Software unter Programme installiert sind, ich würde gerne noch all deine installierten Programme sehen:
  • Download den CCleaner herunter
  • Software-Lizenzvereinbarung lesen, falls irgendeine Toolbar angeboten wird, bitte abwählen!-> starten -> Falls nötig, auf "Deutsch" einstellen.
  • starten-> klick auf `Extras` (um auf deinem System installierte Software zu anzeigen)-> dann auf `Als Textdatei speichern...`
  • ein Textdatei wird automatisch erstellt, poste auch dieses Logfile (also die Liste alle installierten Programme...eine Textdatei)

Zitat:
Damit dein Thread übersichtlicher und schön lesbar bleibt, am besten nutze den Code-Tags für deinen Post:
→ vor dein Log schreibst Du (also am Anfang des Logfiles, die Du posten möchtest)[code]
hier kommt dein Logfile rein - z.B OTL-Logfile o. sonstiges
→ dahinter - also am Ende der Logdatei: [/code]
gruß
kira
__________________

__________________

Antwort

Themen zu BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?
7-zip, akamai, antivirus, audacity, audiograbber, avg secure search, avg security toolbar, bho, bingbar, bonjour, browser, cid, computer, conduit, converter, document, downloader, error, firefox, flash player, helper, home, install.exe, langs, logfile, mozilla, mp3, nexus, ntdll.dll, nvidia update, pirates, plug-in, pup.adware.agent, realtek, registry, safer networking, searchscopes, secure search, security, senden, software, super, svchost.exe, tower, vtoolbarupdater, wargame, windows



Ähnliche Themen: BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?


  1. Avira Virenschuche durchgeführt 124 Bedrohungen gefunden Einstufungen: Hoch...Was jetzt?
    Log-Analyse und Auswertung - 27.08.2013 (9)
  2. Yontoo Adware lässt sich nicht deinstallieren, habe Scans durchgeführt
    Log-Analyse und Auswertung - 22.05.2013 (4)
  3. GVU Trojahner eingefangen, Reinigung durchgeführt, ist mein System jetzt sauber?
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (5)
  4. GVU Trojaner, Win 7, Systemwiederherstellung durchgeführt
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (11)
  5. Wie lösche ich endgültig den GVU-Trojaner? Systemwiederherstellung bereits durchgeführt.
    Plagegeister aller Art und deren Bekämpfung - 19.10.2012 (1)
  6. Bundespolizei Trojaner: Systemwiederherstellung durchgeführt
    Log-Analyse und Auswertung - 20.09.2012 (47)
  7. S.M.A.R.T. Repair Virus; Systemwiederherstellung durchgeführt; was bleibt zu tun?
    Log-Analyse und Auswertung - 25.07.2012 (30)
  8. BKA-Trojaner / Systemwiederherstellung durchgeführt / OTL.txt & EXTRAS.txt
    Log-Analyse und Auswertung - 25.07.2012 (2)
  9. Hatte einen Virus oder Wurm und habe Systemwiederherstellung durchgeführt!
    Log-Analyse und Auswertung - 23.07.2012 (1)
  10. Bundespolizei-Trojaner - Systemwiederherstellung durchgeführt - Sytem sauber? logs inside
    Log-Analyse und Auswertung - 19.07.2012 (28)
  11. vom GEMA Trojaner befallen, scan schon durchgeführt, und jetzt?
    Log-Analyse und Auswertung - 05.07.2012 (5)
  12. Trojaner 'System check' eingefangen, Sony Vaio Systemwiederherstellung durchgeführt -> ausreichend?
    Plagegeister aller Art und deren Bekämpfung - 14.03.2012 (4)
  13. Trojaner "50 € Strafe" Systemwiederherstellung durchgeführt, derzeit ohne Virenprogramm
    Log-Analyse und Auswertung - 02.03.2012 (27)
  14. Antivir findet TR/Kazy.mekml.1, Scans bereits durchgeführt
    Log-Analyse und Auswertung - 02.05.2011 (22)
  15. Trojaner gefunden - eure Anleitung durchgeführt, was jetzt?
    Plagegeister aller Art und deren Bekämpfung - 29.11.2010 (37)
  16. eScan durchgeführt und jetzt?
    Log-Analyse und Auswertung - 30.01.2008 (20)
  17. eScan durchgeführt und jetzt?
    Plagegeister aller Art und deren Bekämpfung - 26.01.2008 (0)

Zum Thema BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt? - Hallo, ich habe kürzlich das Internet unbekümmert durchsurft und plötzlich taucht die allseits geliebte "BKA"-Seite auf; mein Computer sei gesperrt, ich könne ihn mit einer Überweisung wieder freischalten, blah blah - BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt?...
Archiv
Du betrachtest: BAK-Malware, Systemwiederherstellung genutzt und anschließend Scans durchgeführt - was jetzt? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.