Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 30.08.2012, 10:14   #1
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Hallo

Ich habe mir den MyStart Trojaner eingefangen und möchte ihn wegbekommen.
Wie soll ich vorgehen bis jetzt habe ich alles was mit IncrediBar zu tun hat mit Systemprogramme von der Platte gelöcht trozdem kommt das bei meinen Firefox weiterhin.
Falls ich Log Texte posten soll dan sagt mir Bescheid mit welchen Programm und da ich neue bin wie mein sie hier einfügt


MfG Pascal05551

Alt 30.08.2012, 18:17   #2
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen





1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________

__________________

Alt 31.08.2012, 16:42   #3
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Hier sind die Logs von den beiden Programmen



PHP-Code:
# AdwCleaner v2.000 - Datei am 08/31/2012 um 17:37:31 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Pascal Pietrek - PASCAL-HP
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Pascal Pietrek\Desktop\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****

Gefunden Web Assistant Updater

***** [Dateien Ordner] *****

Datei Gefunden C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gefunden 
C:\user.js
Datei Gefunden 
C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\searchplugins\MyStart Search.xml
Datei Gefunden 
C:\Users\PASCAL~1\AppData\Local\Temp\Uninstall.exe
Datei Gefunden 
C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden 
C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gefunden 
C:\Program Files\Web Assistant
Ordner Gefunden 
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gefunden 
C:\Users\Pascal Pietrek\AppData\LocalLow\Toolbar4
Ordner Gefunden 
C:\Users\Pascal Pietrek\Desktop\Save

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden HKCU\Software\Conduit
Schlüssel Gefunden 
HKCU\Software\IM
Schlüssel Gefunden 
HKCU\Software\ImInstaller
Schlüssel Gefunden 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden HKCU\Software\Softonic
Schlüssel Gefunden 
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gefunden 
HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gefunden 
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gefunden 
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gefunden 
HKLM\Software\Web Assistant
Schlüssel Gefunden 
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gefunden HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gefunden HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden 
HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gefunden HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gefunden HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gefunden 
HKLM\SOFTWARE\Web Assistant
Schlüssel Gefunden 
HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [
Internet Browser] *****

-\\ 
Internet Explorer v9.0.8112.16421

[HKCU\Software\Microsoft\Internet Explorer\Main Start Page] = hxxp://mystart.incredibar.com/mb178?a=6PQI1HV8Zg&i=26

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\prefs.js

Gefunden 
user_pref("browser.search.defaultenginename""MyStart Search");
Gefunden user_pref("extensions.foxlingo.addit.defaultAddons""{ \"software\": {\"13\": {\"id\": \"13\",\"tit[...]
Gefunden : user_pref("
extensions.incredibar.admin", false);
Gefunden : user_pref("
extensions.incredibar.aflt", "orgnl");
Gefunden : user_pref("
extensions.incredibar.cntry", "DE");
Gefunden : user_pref("
extensions.incredibar.dfltLng", "");
Gefunden : user_pref("
extensions.incredibar.dfltSrch", false);
Gefunden : user_pref("
extensions.incredibar.did", "10643");
Gefunden : user_pref("
extensions.incredibar.envrmnt", "production");
Gefunden : user_pref("
extensions.incredibar.excTlbr", false);
Gefunden : user_pref("
extensions.incredibar.hdrMd5", "7BC5ECF43B2096E39BC61E474CA19CD0");
Gefunden : user_pref("
extensions.incredibar.hmpg", false);
Gefunden : user_pref("
extensions.incredibar.id", "f46751a100000000000000ff51ca88eb");
Gefunden : user_pref("
extensions.incredibar.installerproductid", "26");
Gefunden : user_pref("
extensions.incredibar.instlDay", "15581");
Gefunden : user_pref("
extensions.incredibar.instlRef", "");
Gefunden : user_pref("
extensions.incredibar.isDcmntCmplt", true);
Gefunden : user_pref("
extensions.incredibar.lastVrsnTs", "1.5.11.1415:01:46");
Gefunden : user_pref("
extensions.incredibar.mntrvrsn", "1.2.0");
Gefunden : user_pref("
extensions.incredibar.noFFXTlbr", false);
Gefunden : user_pref("
extensions.incredibar.ppd", "1");
Gefunden : user_pref("
extensions.incredibar.prdct", "incredibar");
Gefunden : user_pref("
extensions.incredibar.productid", "26");
Gefunden : user_pref("
extensions.incredibar.prtnrId", "Incredibar");
Gefunden : user_pref("
extensions.incredibar.sg", "none");
Gefunden : user_pref("
extensions.incredibar.smplGrp", "none");
Gefunden : user_pref("
extensions.incredibar.tlbrId", "base");
Gefunden : user_pref("
extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQI1HV8Zg&loc=IB_T[...]
Gefunden user_pref("extensions.incredibar.upn2""6PQI1HV8Zg");
Gefunden user_pref("extensions.incredibar.upn2n""92543489397434046");
Gefunden user_pref("extensions.incredibar.vrsn""1.5.11.14");
Gefunden user_pref("extensions.incredibar.vrsnTs""1.5.11.1415:01:46");
Gefunden user_pref("extensions.incredibar.vrsni""1.5.11.14");
Gefunden user_pref("extensions.incredibar_i.aflt""orgnl");
Gefunden user_pref("extensions.incredibar_i.dfltLng""");
Gefunden user_pref("extensions.incredibar_i.did""10643");
Gefunden user_pref("extensions.incredibar_i.excTlbr"false);
Gefunden user_pref("extensions.incredibar_i.id""f46751a100000000000000ff51ca88eb");
Gefunden user_pref("extensions.incredibar_i.installerproductid""26");
Gefunden user_pref("extensions.incredibar_i.instlDay""15581");
Gefunden user_pref("extensions.incredibar_i.instlRef""");
Gefunden user_pref("extensions.incredibar_i.ms_url_id""");
Gefunden user_pref("extensions.incredibar_i.newTab"false);
Gefunden user_pref("extensions.incredibar_i.ppd""1");
Gefunden user_pref("extensions.incredibar_i.prdct""incredibar");
Gefunden user_pref("extensions.incredibar_i.productid""26");
Gefunden user_pref("extensions.incredibar_i.prtnrId""Incredibar");
Gefunden user_pref("extensions.incredibar_i.smplGrp""none");
Gefunden user_pref("extensions.incredibar_i.tlbrId""base");
Gefunden user_pref("extensions.incredibar_i.tlbrSrchUrl""hxxp://mystart.Incredibar.com/?a=6PQI1HV8Zg&loc=IB[...]
Gefunden : user_pref("
extensions.incredibar_i.upn2", "6PQI1HV8Zg");
Gefunden : user_pref("
extensions.incredibar_i.upn2n", "92543489397434046");
Gefunden : user_pref("
extensions.incredibar_i.vrsn", "1.5.11.14");
Gefunden : user_pref("
extensions.incredibar_i.vrsnTs", "1.5.11.1415:01:46");
Gefunden : user_pref("
extensions.incredibar_i.vrsni", "1.5.11.14");
Gefunden : user_pref("
{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v21.0.1180.83

Datei : C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [16301 octets] - [31/08/2012 17:37:31] 
PHP-Code:
Malwarebytes Anti-Malware 1.62.0.1300
www
.malwarebytes.org

Datenbank Version
v2012.08.31.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Pascal Pietrek 
:: PASCAL-HP [Administrator]

31.08.2012 13:34:05
mbam
-log-2012-08-31 (13-34-05).txt

Art des Suchlaufs
Vollständiger Suchlauf (C:\|D:\|)
Aktivierte SuchlaufeinstellungenSpeicher Autostart Registrierung Dateisystem Heuristiks/Extra HeuristiKs/Shuriken PUP PUM
Deaktivierte Suchlaufeinstellungen
P2P
Durchsuchte Objekte
718830
Laufzeit
3 Stunde(n), 48 Minute(n), 28 Sekunde(n)

Infizierte Speicherprozesse0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien0
(Keine bösartigen Objekte gefunden)

(
Ende
__________________

Alt 31.08.2012, 23:36   #4
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Sehr gut!


  • Schließe alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Delete.
  • Bestätige jeweils mit Ok.
  • Dein Rechner wird neu gestartet. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[S1].txt.




danach:


Malware-Scan mit Emsisoft Anti-Malware

Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm.
Lade über Jetzt Updaten die aktuellen Signaturen herunter.
Wähle den Freeware-Modus aus.

Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers.
Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten.

Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________
Mfg, t'john
Das TB unterstützen

Alt 01.09.2012, 15:46   #5
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



hier sind die Logs und leider meinte ein Kumpel von mir er muss die Daten in Quartäne tun was soll ich jetzt machen ?


PHP-Code:
Emsisoft Anti-Malware Version 6.6
Letztes Update
9/1/2012 12:44:51 PM

Scan Einstellungen
:

Scan MethodeDetail Scan
Objekte
RootkitsSpeicherTracesC:\, D:\
Archiv ScanAn
ADS Scan
An

Scan Beginn
:    9/1/2012 12:45:52 PM

C
:\Users\Pascal Pietrek\Desktop\Programme\grand_theft_auto_san_andreas.zip -> pztrain.exe     gefundenNet-Worm.Win32.Mytob!E2
C
:\Users\Pascal Pietrek\Desktop\Programme\Game_Downloader_3.1_Setup.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Programme\sa-mp-0.3e-install.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Free Games\Install Datein\Shaiya Speed Enchanter.rar -> Shaiya Speed Enchanter\Shaiya Speed Enchanter.exe     gefundenTrojan-Dropper!E2
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Strategie\Scorched 3D.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Retro-Games\Barbarian\Barbarian.exe     gefundenTrojan.Win32.FakeAV!E2
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Jump Run\Secret Maryo Chronicles.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Action Shooter\Paintball 2.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f05bfb0-17989ef7 -> mail\ClassType.class     gefundenTrojan.Agent-XK!E2
C
:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f05bfb0-17989ef7 -> mail\MailAgent.class     gefundenExploit.Java.CVE-2010-0840!E2
C
:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f05bfb0-17989ef7 -> mail\Cid.class     gefundenJAVA.Exdoer!E2
C
:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f05bfb0-17989ef7 -> mail\SendMail.class     gefundenTrojan.Agent-WO!E2
C
:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f05bfb0-17989ef7 -> mail\VirtualTable.class     gefundenExploit.-!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache3602385761236450250.tmp -> aas.class     gefundenExploit.Java.CVE-2011!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> per.class     gefundenJAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> duth7ynj4.class     gefundenJAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> hn5bv4564.class     gefundenJAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> dnum43t.class     gefundenJAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> guv.class     gefundenJAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> guv$1.class     gefundenJAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache3602385761236450250.tmp -> ivy.class     gefundenExploit.Java.CVE-2011!E2
C
:\SG Interactive\Crossfire Europe\uninst.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\SAMPUninstall.exe     gefundenTrojan-Clicker.Win32.NSIS!E1
C
:\Program Files (x86)\Metin2\v4a_mod_171111.exe     gefundenPacked.Win32.Autoit.E.AMN!E1
C
:\Program Files\OpenTTD\uninstall.exe     gefundenTrojan-Clicker.Win32.NSIS!E1

Gescannt    942119
Gefunden    25

Scan Ende
:    9/1/2012 4:28:10 PM
Scan Zeit
:    3:42:18

C
:\Program Files (x86)\Metin2\v4a_mod_171111.exe    Quarantäne Packed.Win32.Autoit.E.AMN!E1
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache7682013931098484569.tmp -> per.class    Quarantäne JAVA.Agent!E2
C
:\Users\Pascal Pietrek\AppData\Local\Temp\jar_cache3602385761236450250.tmp -> aas.class    Quarantäne Exploit.Java.CVE-2011!E2
C
:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48\2f05bfb0-17989ef7 -> mail\VirtualTable.class    Quarantäne Exploit.-!E2
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Retro-Games\Barbarian\Barbarian.exe    Quarantäne Trojan.Win32.FakeAV!E2
C
:\Users\Pascal Pietrek\Desktop\Free Games\Install Datein\Shaiya Speed Enchanter.rar -> Shaiya Speed Enchanter\Shaiya Speed Enchanter.exe    Quarantäne Trojan-Dropper!E2
C
:\Users\Pascal Pietrek\Desktop\Programme\Game_Downloader_3.1_Setup.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Programme\sa-mp-0.3e-install.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Strategie\Scorched 3D.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Jump Run\Secret Maryo Chronicles.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Free Games\Chip\CHIP Online Spiele-DVD 6.0 V.1\Action Shooter\Paintball 2.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\SG Interactive\Crossfire Europe\uninst.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Program Files (x86)\Steam\SteamApps\common\Grand Theft Auto San Andreas\SAMPUninstall.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Program Files\OpenTTD\uninstall.exe    Quarantäne Trojan-Clicker.Win32.NSIS!E1
C
:\Users\Pascal Pietrek\Desktop\Programme\grand_theft_auto_san_andreas.zip -> pztrain.exe    Quarantäne Net-Worm.Win32.Mytob!E2

Quarantäne    15 
PHP-Code:
# AdwCleaner v2.000 - Datei am 09/01/2012 um 12:38:15 erstellt
# Aktualisiert am 30/08/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Pascal Pietrek - PASCAL-HP
# Normaler Modus : Normal
# Ausgeführt unter : C:\Users\Pascal Pietrek\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****

Gestoppt Gelöscht Web Assistant Updater

***** [Dateien Ordner] *****

Datei Gelöscht C:\ProgramData\Microsoft\Windows\Start Menu\Programs\eBay.lnk
Datei Gelöscht 
C:\user.js
Datei Gelöscht 
C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\searchplugins\MyStart Search.xml
Datei Gelöscht 
C:\Users\PASCAL~1\AppData\Local\Temp\Uninstall.exe
Datei Gelöscht 
C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht 
C:\Program Files (x86)\Mozilla Firefox\Extensions\afurladvisor@anchorfree.com
Ordner Gelöscht 
C:\Program Files\Web Assistant
Ordner Gelöscht 
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Ordner Gelöscht 
C:\Users\Pascal Pietrek\AppData\LocalLow\Toolbar4
Ordner Gelöscht 
C:\Users\Pascal Pietrek\Desktop\Save

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht HKCU\Software\Conduit
Schlüssel Gelöscht 
HKCU\Software\IM
Schlüssel Gelöscht 
HKCU\Software\ImInstaller
Schlüssel Gelöscht 
HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht HKCU\Software\Softonic
Schlüssel Gelöscht 
HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\AppID\{4CE516A7-F7AC-4628-B411-8F886DC5733E}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\AppID\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\AppID\TbCommonUtils.DLL
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\AppID\TbHelper.EXE
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\ComObject.DeskbarEnabler.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Extension.ExtensionHelperObject.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbCommonUtils.CommonUtils.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbDownloadManager.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbPropertyManager.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbRequest
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbRequest.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbTask
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.TbTask.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TbHelper.ToolbarHelper.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar.CT2504091
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar3.ContextMenuNotifier.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar3.CustomInternetSecurityImpl.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\Toolbar3.SearchProviderManager.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\TypeLib\{1D5A4199-956E-49BC-B89F-6A35C57C0D13}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\TypeLib\{4509D3CC-B642-4745-B030-645B79522C6D}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\TypeLib\{B87F8B63-7274-43FD-87FA-09D3B7496148}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\TypeLib\{C4BAE205-5E02-4E32-876E-F34B4E2D000C}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\TypeLib\{EC4085F2-8DB3-45A6-AD0B-CA289F3C5D7E}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook
Schlüssel Gelöscht 
HKLM\SOFTWARE\Classes\URLSearchHook.ToolbarURLSearchHook.1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schlüssel Gelöscht 
HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schlüssel Gelöscht 
HKLM\Software\Web Assistant
Schlüssel Gelöscht 
HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{1C950DE5-D31E-42FB-AFB9-91B0161633D8}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3BDF4CE9-E81D-432B-A55E-9F0570CE811F}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{57CADC46-58FF-4105-B733-5A9F3FC9783C}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{9F34B17E-FF0D-4FAB-97C4-9713FEE79052}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{A9A56B8E-2DEB-4ED3-BC92-1FA450BCE1A5}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE338F6D-5A7C-4D1D-86E3-C618532079B5}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{C339D489-FABC-41DD-B39D-276101667C70}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{CA3EB689-8F09-4026-AA10-B9534C691CE0}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D433A9D0-8267-40CB-8AD5-24F22FA5373F}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D565B35E-B787-40FA-95E3-E3562F8FC1A0}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D89031C2-10DA-4C90-9A62-FCED012BC46B}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{628F3201-34D0-49C0-BB9A-82A26AEFB291}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\CLSID\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{01221FCC-4BFB-461C-B08C-F6D2DF309921}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{0FA32667-9A8A-4E9C-902F-CA3323180003}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{2A42D13C-D427-4787-821B-CF6973855778}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{3D8478AA-7B88-48A9-8BCB-B85D594411EC}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{452AE416-9A97-44CA-93DA-D0F15C36254F}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{45CDA4F7-594C-49A0-AAD1-8224517FE979}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{4897BBA6-48D9-468C-8EFA-846275D7701B}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{4D8ED2B3-DC62-43EC-ABA3-5B74F046B1BE}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{6B458F62-592F-4B25-8967-E6A350A59328}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{81E852CC-1FD5-4004-8761-79A48B975E29}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{95B6A271-FEB4-4160-B0FF-44394C21C8DC}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{B2CA345D-ADB8-4F5D-AC64-4AB34322F659}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{B9F43021-60D4-42A6-A065-9BA37F38AC47}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{BF921DD3-732A-4A11-933B-A5EA49F2FD2C}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{D83B296A-2FA6-425B-8AE8-A1F33D99FBD6}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{E67D5BC7-7129-493E-9281-F47BDAFACE4F}
Schlüssel Gelöscht HKLM\SOFTWARE\Classes\Interface\{FCC9CDD3-EFFF-11D1-A9F0-00A0244AC403}
Schlüssel Gelöscht HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht 
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{336D0C35-8A85-403a-B9D2-65C292C39087}
Schlüssel Gelöscht HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{F9E4A054-E9B1-4BC3-83A3-76A1AE736170}
Schlüssel Gelöscht HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{336D0C35-8A85-403a-B9D2-65C292C39087}_is1
Schlüssel Gelöscht 
HKLM\SOFTWARE\Web Assistant
Wert Gelöscht 
HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [
Internet Browser] *****

-\\ 
Internet Explorer v9.0.8112.16421

Wiederhergestellt 
: [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main Start Page] = hxxp://mystart.incredibar.com/mb178?a=6PQI1HV8Zg&i=26 --> hxxp://www.google.com

-\\ Mozilla Firefox v15.0 (de)

Profilname : default 
Datei C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\prefs.js

C
:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\user.js ... Gelöscht !

Gelöscht user_pref("browser.search.defaultenginename""MyStart Search");
Gelöscht user_pref("extensions.foxlingo.addit.defaultAddons""{ \"software\": {\"13\": {\"id\": \"13\",\"tit[...]
Gelöscht : user_pref("
extensions.incredibar.admin", false);
Gelöscht : user_pref("
extensions.incredibar.aflt", "orgnl");
Gelöscht : user_pref("
extensions.incredibar.cntry", "DE");
Gelöscht : user_pref("
extensions.incredibar.dfltLng", "");
Gelöscht : user_pref("
extensions.incredibar.dfltSrch", false);
Gelöscht : user_pref("
extensions.incredibar.did", "10643");
Gelöscht : user_pref("
extensions.incredibar.envrmnt", "production");
Gelöscht : user_pref("
extensions.incredibar.excTlbr", false);
Gelöscht : user_pref("
extensions.incredibar.hdrMd5", "7BC5ECF43B2096E39BC61E474CA19CD0");
Gelöscht : user_pref("
extensions.incredibar.hmpg", false);
Gelöscht : user_pref("
extensions.incredibar.id", "f46751a100000000000000ff51ca88eb");
Gelöscht : user_pref("
extensions.incredibar.installerproductid", "26");
Gelöscht : user_pref("
extensions.incredibar.instlDay", "15581");
Gelöscht : user_pref("
extensions.incredibar.instlRef", "");
Gelöscht : user_pref("
extensions.incredibar.isDcmntCmplt", true);
Gelöscht : user_pref("
extensions.incredibar.lastVrsnTs", "1.5.11.1415:01:46");
Gelöscht : user_pref("
extensions.incredibar.mntrvrsn", "1.2.0");
Gelöscht : user_pref("
extensions.incredibar.noFFXTlbr", false);
Gelöscht : user_pref("
extensions.incredibar.ppd", "1");
Gelöscht : user_pref("
extensions.incredibar.prdct", "incredibar");
Gelöscht : user_pref("
extensions.incredibar.productid", "26");
Gelöscht : user_pref("
extensions.incredibar.prtnrId", "Incredibar");
Gelöscht : user_pref("
extensions.incredibar.sg", "none");
Gelöscht : user_pref("
extensions.incredibar.smplGrp", "none");
Gelöscht : user_pref("
extensions.incredibar.tlbrId", "base");
Gelöscht : user_pref("
extensions.incredibar.tlbrSrchUrl", "hxxp://mystart.Incredibar.com/?a=6PQI1HV8Zg&loc=IB_T[...]
Gelöscht user_pref("extensions.incredibar.upn2""6PQI1HV8Zg");
Gelöscht user_pref("extensions.incredibar.upn2n""92543489397434046");
Gelöscht user_pref("extensions.incredibar.vrsn""1.5.11.14");
Gelöscht user_pref("extensions.incredibar.vrsnTs""1.5.11.1415:01:46");
Gelöscht user_pref("extensions.incredibar.vrsni""1.5.11.14");
Gelöscht user_pref("extensions.incredibar_i.aflt""orgnl");
Gelöscht user_pref("extensions.incredibar_i.dfltLng""");
Gelöscht user_pref("extensions.incredibar_i.did""10643");
Gelöscht user_pref("extensions.incredibar_i.excTlbr"false);
Gelöscht user_pref("extensions.incredibar_i.id""f46751a100000000000000ff51ca88eb");
Gelöscht user_pref("extensions.incredibar_i.installerproductid""26");
Gelöscht user_pref("extensions.incredibar_i.instlDay""15581");
Gelöscht user_pref("extensions.incredibar_i.instlRef""");
Gelöscht user_pref("extensions.incredibar_i.ms_url_id""");
Gelöscht user_pref("extensions.incredibar_i.newTab"false);
Gelöscht user_pref("extensions.incredibar_i.ppd""1");
Gelöscht user_pref("extensions.incredibar_i.prdct""incredibar");
Gelöscht user_pref("extensions.incredibar_i.productid""26");
Gelöscht user_pref("extensions.incredibar_i.prtnrId""Incredibar");
Gelöscht user_pref("extensions.incredibar_i.smplGrp""none");
Gelöscht user_pref("extensions.incredibar_i.tlbrId""base");
Gelöscht user_pref("extensions.incredibar_i.tlbrSrchUrl""hxxp://mystart.Incredibar.com/?a=6PQI1HV8Zg&loc=IB[...]
Gelöscht : user_pref("
extensions.incredibar_i.upn2", "6PQI1HV8Zg");
Gelöscht : user_pref("
extensions.incredibar_i.upn2n", "92543489397434046");
Gelöscht : user_pref("
extensions.incredibar_i.vrsn", "1.5.11.14");
Gelöscht : user_pref("
extensions.incredibar_i.vrsnTs", "1.5.11.1415:01:46");
Gelöscht : user_pref("
extensions.incredibar_i.vrsni", "1.5.11.14");
Gelöscht : user_pref("
{336D0C35-8A85-403a-B9D2-65C292C39087}.ScriptData_WSG_whiteList", "{\"search.babylon.com\[...]

-\\ Google Chrome v21.0.1180.83

Datei : C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[R1].txt - [16378 octets] - [31/08/2012 17:37:31]
AdwCleaner[R2].txt - [16439 octets] - [01/09/2012 12:38:04]
AdwCleaner[S1].txt - [17025 octets] - [01/09/2012 12:38:15]

########## EOF - C:\AdwCleaner[S1].txt - [17086 octets] ########## 


Alt 01.09.2012, 18:11   #6
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Sehr gut!


Deinstalliere:
Emsisoft Anti-Malware


ESET Online Scanner

Vorbereitung

  • Schließe evtl. vorhandene externe Festplatten und/oder sonstigen Wechselmedien (z. B. evtl. vorhandene USB-Sticks) an den Rechner an.
  • Bitte während des Online-Scans Anti-Virus-Programm und Firewall deaktivieren.
  • Vista/Win7-User: Bitte den Browser unbedingt als Administrator starten.
Los geht's

  • Lade und starte Eset Smartinstaller
  • Haken setzen bei YES, I accept the Terms of Use.
  • Klick auf Start.
  • Haken setzen bei Remove found threads und Scan archives.
  • Klick auf Start.
  • Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Finish drücken.
  • Browser schließen.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (manchmal auch C:\Programme\Eset\log.txt) suchen und mit Deinem Editor öffnen.
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset
__________________
--> MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen

Alt 02.09.2012, 14:12   #7
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



hier ist das Log
PHP-Code:
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=446b785781bc4a4488f015609019da14
# end=finished
# remove_checked=true
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-09-02 01:09:51
# local_time=2012-09-02 03:09:51 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1792 16777215 100 0 27736284 27736284 0 0
# compatibility_mode=5893 16776573 100 94 164853 98207293 0 0
# compatibility_mode=8192 67108863 100 0 130 130 0 0
# scanned=517195
# found=2
# cleaned=2
# scan_time=13947
C:\Users\Pascal Pietrek\Desktop\grplauncher0.8.exe    a variant of Win32/Packed.Themida application (cleaned by deleting quarantined)    00000000000000000000000000000000    C
C
:\Windows\FixCamera.exe    a variant of Win32/KillProc.B application (cleaned by deleting quarantined)    00000000000000000000000000000000    C 

Alt 02.09.2012, 19:50   #8
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



CustomScan mit OTL

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.

  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Kopiere nun den kompletten Inhalt aus der untenstehenden Codebox in die Textbox von OTL - wenn OTL auf deutsch ist wird sie mit beschriftet

Code:
ATTFilter
netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.*
%APPDATA%\*AcroIEH*.*
%APPDATA%\*.exe
%APPDATA%\*.tmp
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Klick auf .
  • Kopiere nun den Inhalt aus OTL.txt hier in Deinen Thread
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.09.2012, 13:00   #9
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Hier ist das OTL log und was soll ich mit den Extra log machen

OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 9/3/2012 1:25:24 PM - Run 1
OTL by OldTimer - Version 3.2.59.1     Folder = C:\Users\Pascal Pietrek\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.75 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 57.58% Memory free
5.50 Gb Paging File | 3.93 Gb Available in Paging File | 71.52% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.03 Gb Total Space | 221.62 Gb Free Space | 49.03% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 1.68 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
 
Computer Name: PASCAL-HP | User Name: Pascal Pietrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/09/03 13:00:09 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal Pietrek\Desktop\OTL.exe
PRC - [2012/08/16 17:12:21 | 001,193,176 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012/08/10 15:34:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/13 14:41:55 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012/05/08 18:29:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/08 18:29:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012/04/11 01:59:14 | 000,542,552 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2012/04/02 20:46:58 | 000,329,544 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2011/11/15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2010/10/22 03:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe
PRC - [2010/10/22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe
PRC - [2010/07/19 19:57:32 | 002,231,616 | ---- | M] () -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe
PRC - [2010/06/18 02:59:40 | 001,040,952 | ---- | M] (Hewlett-Packard Company) -- C:\Program Files (x86)\PictureMover\Bin\PictureMover.exe
PRC - [2010/04/23 22:00:00 | 000,514,232 | ---- | M] (EasyBits Software AS) -- C:\Windows\SysWOW64\ezSharedSvcHost.exe
PRC - [2010/01/18 20:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
PRC - [2009/12/11 16:16:26 | 000,320,512 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
PRC - [2009/10/15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe
PRC - [2008/11/20 20:47:28 | 000,062,768 | ---- | M] (Hewlett-Packard) -- C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
PRC - [2008/08/01 17:10:54 | 000,675,840 | ---- | M] (Sonix) -- C:\Windows\vsnp2uvc.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/08/16 17:12:21 | 001,193,176 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
MOD - [2010/06/18 03:10:06 | 001,700,920 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\PictureMover\DE-DE\Presentation.dll
MOD - [2010/06/18 03:00:10 | 012,286,520 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\PictureMover\Bin\Core.dll
MOD - [2010/01/18 20:21:08 | 000,568,888 | ---- | M] () -- C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
MOD - [2009/12/11 16:16:26 | 000,320,512 | ---- | M] () -- C:\Windows\tsnp2uvc.exe
MOD - [2009/07/14 03:15:45 | 000,364,544 | ---- | M] () -- C:\Windows\SysWOW64\msjetoledb40.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010/03/05 03:25:36 | 000,209,000 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcIp.exe -- (nSvcIp)
SRV:64bit: - [2010/03/05 03:25:34 | 000,496,232 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\NetworkAccessManager\bin32\nSvcAppFlt.exe -- (ForceWare Intelligent Application Manager (IAM)
SRV:64bit: - [2009/07/14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012/08/25 13:51:41 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012/08/25 03:59:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/08/24 12:36:26 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/19 18:08:04 | 000,738,152 | ---- | M] (Tunngle.net GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Tunngle\TnglCtrl.exe -- (TunngleService)
SRV - [2012/07/13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012/05/13 14:41:55 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012/05/08 18:29:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/05/08 18:29:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/04/11 02:06:10 | 000,077,520 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2012/04/11 01:59:14 | 000,542,552 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2012/04/02 20:46:58 | 000,329,544 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2012/03/01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2011/11/15 20:26:48 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2011/08/07 23:40:00 | 003,804,120 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand | Stopped] -- C:\Windows\SysWOW64\GameMon.des -- (npggsvc)
SRV - [2010/10/22 03:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service)
SRV - [2010/07/19 19:57:32 | 002,231,616 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\devolo\dlan\devolonetsvc.exe -- (DevoloNetworkService)
SRV - [2010/04/04 01:01:24 | 000,246,520 | ---- | M] (WildTangent, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe -- (GameConsoleService)
SRV - [2010/03/18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/10/15 01:53:20 | 000,635,416 | ---- | M] (PDF Complete Inc) [Auto | Running] -- C:\Program Files (x86)\PDF Complete\pdfsvc.exe -- (pdfcDispatcher)
SRV - [2009/06/10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/05/08 18:29:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 18:29:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/04/11 17:40:28 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2012/04/06 20:15:10 | 000,038,632 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2012/03/01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011/10/11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/03/11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011/03/11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010/11/20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010/11/20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/10/22 03:00:00 | 000,460,800 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fwlanusb.sys -- (FWLANUSB)
DRV:64bit: - [2010/10/22 03:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject)
DRV:64bit: - [2010/03/04 13:26:58 | 000,349,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvmf6264.sys -- (NVNET)
DRV:64bit: - [2009/12/18 17:20:20 | 003,552,512 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC)
DRV:64bit: - [2009/09/16 07:02:42 | 000,031,232 | ---- | M] (Tunngle.net) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901t.sys -- (tap0901t)
DRV:64bit: - [2009/07/14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009/07/14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009/07/14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009/06/10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/06/10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009/03/18 16:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV:64bit: - [2008/09/04 07:36:16 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2008/09/04 07:35:40 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008/09/04 07:35:06 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2008/01/17 16:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2012/02/03 00:50:43 | 000,004,774 | ---- | M] (INCA Internet Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\npptNT2.sys -- (NPPTNT2)
DRV - [2010/06/10 13:32:14 | 000,034,048 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2009/07/14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE:64bit: - HKLM\..\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE:64bit: - HKLM\..\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPDSK/4
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKLM\..\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKLM\..\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPDSK/4
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{11470B2C-0C38-48B6-A804-E7799C01BBE0}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms}
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms}
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:home"
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..keyword.URL: "hxxp://www.google.de/search?q="
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll ()
FF - HKLM\Software\MozillaPlugins\@idsoftware.com/QuakeLive: C:\ProgramData\id Software\QuakeLive\npquakezero.dll (id Software Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@ngm.nexoneu.com/NxGame: C:\ProgramData\NexonEU\NGM\npNxGameeu.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Pascal Pietrek\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Pascal Pietrek\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\searchpredict@speedbit.com: C:\Program Files (x86)\SearchPredict\PRFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0329E7D6-6F54-462D-93F6-F5C3118BADF2}: C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 9.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/08/30 10:43:46 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/07/02 18:38:36 | 000,000,000 | ---D | M]
 
[2011/02/13 11:50:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Extensions
[2012/08/29 15:11:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Firefox\Profiles\rno08pfr.default\extensions
[2012/03/27 14:26:29 | 000,000,000 | ---D | M] (FoxLingo) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Firefox\Profiles\rno08pfr.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}
[2011/08/12 19:40:07 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Firefox\Profiles\rno08pfr.default\extensions\battlefieldheroespatcher@ea.com
[2012/07/07 10:43:57 | 000,000,000 | ---D | M] (Battlefield Play4Free) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Firefox\Profiles\rno08pfr.default\extensions\battlefieldplay4free@ea.com
[2012/05/18 10:36:23 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Firefox\Profiles\rno08pfr.default\extensions\ich@maltegoetz.de
[2012/08/27 17:13:11 | 000,000,000 | ---D | M] (Better Battlelog (BBLog)) -- C:\Users\Pascal Pietrek\AppData\Roaming\mozilla\Firefox\Profiles\rno08pfr.default\extensions\jid1-qQSMEVsYTOjgYA@jetpack
[2012/09/01 12:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012/07/02 18:38:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012/02/28 18:29:50 | 000,258,567 | ---- | M] () (No name found) -- C:\USERS\PASCAL PIETREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNO08PFR.DEFAULT\EXTENSIONS\{46551EC9-40F0-4E47-8E18-8E5CF550CFB8}.XPI
[2012/01/05 18:56:15 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\PASCAL PIETREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNO08PFR.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/04/25 15:06:59 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\PASCAL PIETREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNO08PFR.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI
[2011/05/16 15:29:49 | 000,330,316 | ---- | M] () (No name found) -- C:\USERS\PASCAL PIETREK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\RNO08PFR.DEFAULT\EXTENSIONS\PERSONAS@CHRISTOPHER.BEARD.XPI
[2012/08/25 04:00:05 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009/04/08 04:06:28 | 000,122,880 | ---- | M] (AB) -- C:\Program Files (x86)\mozilla firefox\plugins\NPOP7PlugIn.dll
[2011/07/11 23:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012/08/25 04:49:52 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/08/25 04:49:52 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/08/25 04:49:52 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/08/25 04:49:52 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/08/25 04:49:52 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/08/25 04:49:52 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = hxxp://www.google.com/search?q={searchTerms}&ie=utf-8&oe=utf-8&aq=t
CHR - default_search_provider: suggest_url = hxxp://suggestqueries.google.com/complete/search?q={searchTerms}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\Application\21.0.1180.83\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\Application\21.0.1180.83\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\Application\21.0.1180.83\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\npBP4FUpdater.dll
CHR - plugin: Battlefield Play4Free Updater (Enabled) = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkejhbcdagodjdndmfnhaibnealjonei\1.0.66.2_0\BP4FUpdater.exe
CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll
CHR - plugin: NPOP7Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOP7PlugIn.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Winamp Application Detector (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npwachk.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - plugin: Windows Live\\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Nexon Game Controller (Enabled) = C:\ProgramData\NexonEU\NGM\npNxGameeu.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - Extension: Angry Birds = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: YouTube = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Lamborghini Sesto Elemento Theme = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb\1.0_0\
CHR - Extension: Realm of the Mad God = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\
CHR - Extension: Realm of the Mad God = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhjfmaldpppkmjjgkmadddbanpabfflp\1.0.0.3_0\~
CHR - Extension: Der Pate: Die F\\u00FCnf Familien = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\edfkoljdeffeedleidebkmmamepgbnbl\1.0_0\
CHR - Extension: Stylish = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\
CHR - Extension: AdBlock = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.41_0\
CHR - Extension: Plants vs Zombies = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmcegpfdgcoclcdfkjahiimlikdpnina\1.0.5_0\
CHR - Extension: Google Mail = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3:64bit: - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe (Hewlett-Packard)
O4:64bit: - HKLM..\Run: [SmartMenu] C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe ()
O4:64bit: - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin)
O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS)
O4 - HKLM..\Run: [LifeOfGerman] C:\Users\Pascal Pietrek\Desktop\Updater\logstartup.exe File not found
O4 - HKLM..\Run: [PDF Complete] C:\Program Files (x86)\PDF Complete\pdfsty.exe (PDF Complete Inc)
O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe (Sonix)
O4 - HKLM..\Run: [tsnp2uvc] C:\Windows\tsnp2uvc.exe ()
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [Akamai NetSession Interface] C:\Users\Pascal Pietrek\AppData\Local\Akamai\netsession_win.exe File not found
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [HPAdvisorDock] C:\Program Files (x86)\Hewlett-Packard\HP Advisor\Dock\HPAdvisorDock.exe ()
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [ImpulseFastStart] C:\Program Files (x86)\Stardock\Impulse\Impulse.exe (Stardock Corporation)
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [Spotify Web Helper] C:\Users\Pascal Pietrek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 0
O7 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Pascal Pietrek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\Pascal Pietrek\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (QuickTime Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {C212D449-8B3C-41F2-BD9A-047BD770550F} hxxp://operation7.fiaa.eu/OPLauncher.cab (Perparer Class)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E6F480FC-BD44-4CBA-B74A-89AF7842937D} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_cyri_4.4.13.0.cab (SysInfo Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18075BAE-BE51-4A32-B62A-73A7CE28AAF0}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93D3F814-6247-4EFF-A6DD-65AD87806F92}: DhcpNameServer = 7.254.254.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EAC8FABB-7963-42A2-B5C4-D9D8DC509CDE}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\Shell - "" = AutoRun
O33 - MountPoints2\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\Shell\AutoRun\command - "" = H:\pushinst.exe
O33 - MountPoints2\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\Shell - "" = AutoRun
O33 - MountPoints2\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
 
 
SafeBootMin:64bit: AppMgmt - Service
SafeBootMin:64bit: Base - Driver Group
SafeBootMin:64bit: Boot Bus Extender - Driver Group
SafeBootMin:64bit: Boot file system - Driver Group
SafeBootMin:64bit: File system - Driver Group
SafeBootMin:64bit: Filter - Driver Group
SafeBootMin:64bit: HelpSvc - Service
SafeBootMin:64bit: PCI Configuration - Driver Group
SafeBootMin:64bit: PNP Filter - Driver Group
SafeBootMin:64bit: Primary disk - Driver Group
SafeBootMin:64bit: sacsvr - Service
SafeBootMin:64bit: SCSI Class - Driver Group
SafeBootMin:64bit: System Bus Extender - Driver Group
SafeBootMin:64bit: vmms - Service
SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
SafeBootNet:64bit: AppMgmt - Service
SafeBootNet:64bit: Base - Driver Group
SafeBootNet:64bit: Boot Bus Extender - Driver Group
SafeBootNet:64bit: Boot file system - Driver Group
SafeBootNet:64bit: File system - Driver Group
SafeBootNet:64bit: Filter - Driver Group
SafeBootNet:64bit: HelpSvc - Service
SafeBootNet:64bit: Messenger - Service
SafeBootNet:64bit: NDIS Wrapper - Driver Group
SafeBootNet:64bit: NetBIOSGroup - Driver Group
SafeBootNet:64bit: NetDDEGroup - Driver Group
SafeBootNet:64bit: Network - Driver Group
SafeBootNet:64bit: NetworkProvider - Driver Group
SafeBootNet:64bit: PCI Configuration - Driver Group
SafeBootNet:64bit: PNP Filter - Driver Group
SafeBootNet:64bit: PNP_TDI - Driver Group
SafeBootNet:64bit: Primary disk - Driver Group
SafeBootNet:64bit: rdsessmgr - Service
SafeBootNet:64bit: sacsvr - Service
SafeBootNet:64bit: SCSI Class - Driver Group
SafeBootNet:64bit: Streams Drivers - Driver Group
SafeBootNet:64bit: System Bus Extender - Driver Group
SafeBootNet:64bit: TDI - Driver Group
SafeBootNet:64bit: vmms - Service
SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet:64bit: WudfUsbccidDriver - Driver
SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32:64bit: VIDC.FPS1 - frapsv64.dll (Beepa P/L)
Drivers32:64bit: VIDC.XFR1 - xfcodec64.dll ()
Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FPS1 - C:\Windows\SysWow64\frapsvid.dll (Beepa P/L)
Drivers32: vidc.VP60 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\Windows\SysWOW64\vp6vfw.dll (On2.com)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/09/03 13:00:06 | 000,598,528 | ---- | C] (OldTimer Tools) -- C:\Users\Pascal Pietrek\Desktop\OTL.exe
[2012/09/01 12:42:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Emsisoft Anti-Malware
[2012/09/01 12:42:10 | 000,000,000 | ---D | C] -- C:\Users\Pascal Pietrek\Documents\Anti-Malware
[2012/09/01 12:33:33 | 169,934,000 | ---- | C] (Emsisoft GmbH                                               ) -- C:\Users\Pascal Pietrek\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/08/31 14:25:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012/08/30 15:19:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunngle
[2012/08/30 15:19:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Tunngle
[2012/08/30 11:00:22 | 000,000,000 | ---D | C] -- C:\Users\Pascal Pietrek\AppData\Roaming\Malwarebytes
[2012/08/30 11:00:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012/08/30 11:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/08/30 11:00:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012/08/30 11:00:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/08/30 10:43:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012/08/29 15:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion
[2012/08/23 15:40:01 | 000,000,000 | ---D | C] -- C:\Users\Pascal Pietrek\AppData\Roaming\Origin
[2012/08/23 15:39:36 | 000,000,000 | ---D | C] -- C:\Users\Pascal Pietrek\AppData\Local\Origin
[2012/08/23 15:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Origin
[2012/08/23 15:39:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin Games
[2012/08/23 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Origin
[2012/08/23 15:39:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Electronic Arts
[2012/08/23 15:39:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Origin
[2012/08/16 13:05:04 | 000,000,000 | ---D | C] -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\San Andreas Multiplayer
[2012/08/11 09:19:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012/09/03 13:29:09 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/03 13:06:01 | 000,001,156 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2216366739-1226435145-1474420919-1000UA.job
[2012/09/03 13:06:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/09/03 13:04:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 13:04:28 | 000,015,568 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/09/03 13:00:09 | 000,598,528 | ---- | M] (OldTimer Tools) -- C:\Users\Pascal Pietrek\Desktop\OTL.exe
[2012/09/03 12:56:52 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1cc210aa9bed050.job
[2012/09/03 12:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/09/03 12:56:33 | 2214,043,648 | -HS- | M] () -- C:\hiberfil.sys
[2012/09/01 16:06:54 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2216366739-1226435145-1474420919-1000Core.job
[2012/09/01 12:37:45 | 169,934,000 | ---- | M] (Emsisoft GmbH                                               ) -- C:\Users\Pascal Pietrek\Desktop\EmsisoftAntiMalwareSetup.exe
[2012/08/31 13:32:35 | 000,511,265 | ---- | M] () -- C:\Users\Pascal Pietrek\Desktop\adwcleaner.exe
[2012/08/30 15:22:58 | 000,305,432 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012/08/30 11:00:12 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/30 10:43:48 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/25 18:28:36 | 000,000,284 | ---- | M] () -- C:\Users\Pascal Pietrek\Desktop\Resource.cfg
[2012/08/22 10:09:26 | 000,002,503 | ---- | M] () -- C:\Users\Pascal Pietrek\Desktop\Google Chrome.lnk
[2012/08/11 09:19:08 | 000,002,072 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/08/31 13:32:24 | 000,511,265 | ---- | C] () -- C:\Users\Pascal Pietrek\Desktop\adwcleaner.exe
[2012/08/30 11:00:12 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/08/30 10:43:48 | 000,001,148 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012/08/30 10:43:48 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012/08/25 18:28:36 | 000,000,284 | ---- | C] () -- C:\Users\Pascal Pietrek\Desktop\Resource.cfg
[2012/07/11 13:43:12 | 447,922,572 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Roaming\.minecraft.rar
[2012/06/15 18:40:17 | 000,007,676 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Roaming\.freeciv-client-rc-2.3
[2012/04/04 14:09:35 | 000,001,480 | ---- | C] () -- C:\Users\Pascal Pietrek\.recently-used.xbel
[2012/01/27 14:45:30 | 1087,519,409 | ---- | C] () -- C:\Program Files (x86)\DATA3.CAB
[2012/01/26 18:47:25 | 1782,579,200 | ---- | C] () -- C:\Program Files (x86)\DATA2.CAB
[2012/01/22 15:05:41 | 1782,579,200 | ---- | C] () -- C:\Program Files (x86)\DATA1.CAB
[2011/10/24 13:14:18 | 000,000,023 | ---- | C] () -- C:\Windows\BlendSettings.ini
[2011/10/14 15:12:34 | 000,000,102 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Local\fusioncache.dat
[2011/09/28 18:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011/08/18 13:17:58 | 000,000,000 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Local\{00BC7331-0EBD-4DC8-96FA-BF929DDEA179}
[2011/08/12 15:13:57 | 000,000,001 | ---- | C] () -- C:\Windows\SysWow64\SI.bin
[2011/08/11 18:12:14 | 000,837,192 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe
[2011/08/07 18:22:10 | 000,000,032 | R--- | C] () -- C:\ProgramData\hash.dat
[2011/07/09 15:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Local\{043755FA-9959-49FC-A4D5-614905D40CC6}
[2011/07/09 15:18:39 | 000,000,000 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Local\{2875AC5B-3343-471B-A899-84D13C7AA77B}
[2011/07/03 18:19:05 | 000,001,202 | ---- | C] () -- C:\Windows\eReg.dat
[2011/05/28 11:27:04 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\Access.dat
[2011/03/04 20:31:00 | 000,282,104 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2011/03/04 20:30:41 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2011/01/21 19:04:32 | 000,001,519 | ---- | C] () -- C:\Users\Pascal Pietrek\AppData\Roaming\EasyToolz.ini
[2011/01/08 16:20:23 | 000,184,320 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2011/01/08 16:20:22 | 000,320,512 | ---- | C] () -- C:\Windows\tsnp2uvc.exe
[2011/01/08 16:20:22 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2010/12/15 05:43:13 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat
[2010/12/02 02:46:48 | 000,009,988 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat
 
========== LOP Check ==========
 
[2012/06/15 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.freeciv
[2012/08/31 16:38:58 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.minecraft
[2012/01/13 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.minecraft server
[2012/04/15 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.Nitrous
[2012/07/07 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Audacity
[2011/10/11 16:54:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Azureus
[2011/09/06 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Blender Foundation
[2012/05/01 15:40:51 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Blockscape
[2012/06/22 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Clonk Rage
[2012/07/21 17:05:58 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\DeepBurner
[2011/01/11 18:16:30 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/18 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\FileZilla
[2012/06/09 15:45:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Firefly Studios
[2012/06/17 11:35:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\flightgear.org
[2012/06/02 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\FOG Downloader
[2012/07/08 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\FreeOrion
[2012/02/26 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\GetRightToGo
[2011/09/07 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\gtk-2.0
[2011/01/08 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LG Electronics
[2012/07/08 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Lionhead Studios
[2011/04/20 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LolClient
[2012/06/01 16:37:02 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LolClient2
[2012/06/11 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LOVE
[2011/05/24 16:26:46 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012/04/11 13:33:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Minecraft Version Changer
[2011/01/29 14:47:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\MinecraftTools
[2011/03/28 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\mp3DirectCut
[2011/05/14 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Music Editor Free
[2011/06/05 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Notepad++
[2012/07/20 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\OnLive App
[2012/06/11 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\OpenArena
[2011/06/02 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\OpenOffice.org
[2012/08/23 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Origin
[2010/12/14 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\PictureMover
[2011/10/21 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Publish Providers
[2012/06/09 16:02:31 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\RotMG.Production
[2011/07/07 12:00:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\runic games
[2012/07/08 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\ScummVM
[2011/10/21 13:39:34 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Sony
[2012/08/31 16:38:30 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify
[2011/01/22 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Stardock
[2011/11/18 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Teeworlds
[2011/09/11 15:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Tropico 3
[2012/06/01 16:03:45 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\TS3Client
[2012/08/30 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Tunngle
[2011/10/14 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Turbine
[2012/07/08 13:37:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\UFOAI
[2012/03/17 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\wargaming.net
[2010/12/15 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\WildTangent
[2012/04/10 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\XRay Engine
[2011/04/01 15:43:01 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\_MDLogs
[2012/06/09 16:00:13 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %ALLUSERSPROFILE%\Application Data\*. >
 
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
 
< %APPDATA%\*. >
[2012/06/15 19:31:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.freeciv
[2012/08/31 16:38:58 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.minecraft
[2012/01/13 16:13:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.minecraft server
[2012/04/15 10:37:39 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\.Nitrous
[2011/04/07 14:52:42 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Adobe
[2012/04/07 10:27:55 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Apple Computer
[2012/07/07 18:09:01 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Audacity
[2011/10/17 10:46:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Avira
[2011/10/11 16:54:57 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Azureus
[2011/09/06 15:02:11 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Blender Foundation
[2012/05/01 15:40:51 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Blockscape
[2012/06/22 16:26:52 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Clonk Rage
[2011/02/12 11:51:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\CyberLink
[2012/07/21 17:05:58 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\DeepBurner
[2012/03/31 16:00:54 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\dvdcss
[2011/01/11 18:16:30 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\DVDVideoSoftIEHelpers
[2011/10/18 19:26:19 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\FileZilla
[2012/06/09 15:45:56 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Firefly Studios
[2012/06/17 11:35:25 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\flightgear.org
[2012/06/02 17:03:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\FOG Downloader
[2012/07/08 15:03:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\FreeOrion
[2012/02/26 12:22:48 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\GetRightToGo
[2010/12/20 19:50:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Google
[2011/09/07 15:12:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\gtk-2.0
[2012/08/30 17:41:14 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Hamachi
[2010/12/14 20:56:00 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Hewlett-Packard
[2010/12/16 14:33:13 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\HpUpdate
[2010/12/14 20:55:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Identities
[2011/01/08 12:16:14 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\InstallShield
[2011/01/08 12:16:36 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LG Electronics
[2012/07/08 13:36:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Lionhead Studios
[2011/04/20 15:14:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LolClient
[2012/06/01 16:37:02 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LolClient2
[2012/06/11 18:47:13 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\LOVE
[2010/12/19 18:40:31 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Macromedia
[2012/08/30 11:00:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Malwarebytes
[2009/07/14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Media Center Programs
[2011/05/24 16:26:46 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Meine Der Herr der Ringe™, Aufstieg des Hexenkönigs™-Dateien
[2012/06/15 16:22:07 | 000,000,000 | --SD | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft
[2012/04/11 13:33:49 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Minecraft Version Changer
[2011/01/29 14:47:43 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\MinecraftTools
[2011/10/14 19:09:47 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla
[2011/03/28 15:42:47 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\mp3DirectCut
[2011/05/14 17:16:14 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Music Editor Free
[2011/06/05 13:55:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Notepad++
[2011/08/11 19:06:28 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\NVIDIA
[2012/07/20 17:33:58 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\OnLive App
[2012/06/11 19:19:32 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\OpenArena
[2011/06/02 14:18:44 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\OpenOffice.org
[2012/08/23 15:45:00 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Origin
[2010/12/14 20:57:01 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\PictureMover
[2011/10/21 13:39:41 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Publish Providers
[2012/06/09 16:02:31 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\RotMG.Production
[2011/07/07 12:00:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\runic games
[2012/07/08 18:41:51 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\ScummVM
[2010/12/24 23:29:53 | 000,000,000 | RH-D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\SecuROM
[2012/08/30 19:27:02 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Skype
[2011/10/21 13:39:34 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Sony
[2012/08/31 16:38:30 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify
[2011/01/22 12:36:10 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Stardock
[2011/11/18 17:21:22 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Teeworlds
[2010/12/29 15:05:09 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Toribash
[2011/09/11 15:48:47 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Tropico 3
[2012/06/01 16:03:45 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\TS3Client
[2012/08/30 15:20:53 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Tunngle
[2011/10/14 15:18:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Turbine
[2012/07/08 13:37:50 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\UFOAI
[2011/08/07 10:23:20 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\vlc
[2012/03/17 16:27:15 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\wargaming.net
[2010/12/15 19:41:16 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\WildTangent
[2011/10/09 11:50:24 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\Winamp
[2011/01/27 14:31:37 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\WinRAR
[2012/04/10 17:17:26 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\XRay Engine
[2011/04/01 15:43:01 | 000,000,000 | ---D | M] -- C:\Users\Pascal Pietrek\AppData\Roaming\_MDLogs
 
< %APPDATA%\*.exe /s >
[2012/01/13 16:12:56 | 001,435,251 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\.minecraft server\Minecraft_Server.exe
[2011/03/04 15:08:41 | 000,310,208 | ---- | M] (Georgia Institute of Technology) -- C:\Users\Pascal Pietrek\AppData\Roaming\Azureus\plugins\mlab\ShaperProbeC.exe
[2011/05/07 11:38:18 | 000,010,134 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Installer\{89661B04-C646-4412-B6D3-5E19F02F1F37}\ARPPRODUCTICON.exe
[2012/07/20 17:42:50 | 000,010,134 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Installer\{B7E68A6D-1C9B-4F18-B021-949115021714}\_72DB6B317C129EC483A9B0.exe
[2012/07/20 17:42:50 | 000,137,750 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Installer\{B7E68A6D-1C9B-4F18-B021-949115021714}\_853F67D554F05449430E7E.exe
[2012/07/20 17:42:50 | 000,137,750 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Installer\{B7E68A6D-1C9B-4F18-B021-949115021714}\_D69F025A6878DA44599A00.exe
[2012/07/20 17:42:50 | 000,137,750 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Installer\{B7E68A6D-1C9B-4F18-B021-949115021714}\_DB06B58B54BEC86C5DFD3A.exe
[2010/12/15 14:05:16 | 000,010,134 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Installer\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}\ARPPRODUCTICON.exe
[2008/12/02 08:40:14 | 000,028,672 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Templates\G\UnInstallMSI.exe
[2008/12/01 13:29:00 | 000,014,336 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Templates\G\UnInstallMSI32.exe
[2008/12/01 13:29:00 | 000,016,896 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Templates\G\UnInstallMSI64.exe
[2008/11/26 06:57:44 | 000,737,280 | R--- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Templates\G\USBAutoRun.exe
[2008/11/26 13:59:32 | 006,450,574 | R--- | M] (Macrovision Corporation) -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Templates\G\tools\LGInternetKit_V3.0.0.24_Setup.exe
[2011/06/23 14:06:54 | 001,341,376 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\extensions\battlefieldheroespatcher@ea.com\plugins\BFHUpdater.exe
[2012/06/28 01:03:24 | 001,034,224 | ---- | M] (EA Digital Illusions CE AB) -- C:\Users\Pascal Pietrek\AppData\Roaming\Mozilla\Firefox\Profiles\rno08pfr.default\extensions\battlefieldplay4free@ea.com\plugins\BP4FUpdater.exe
[2012/08/16 17:12:21 | 005,576,408 | ---- | M] (Spotify Ltd) -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify\spotify.exe
[2012/08/16 17:12:21 | 000,114,904 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify\SpotifyLauncher.exe
[2012/08/16 17:12:21 | 001,193,176 | ---- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
 
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
 
< MD5 for: AGP440.SYS  >
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys
[2009/07/14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys
[2009/07/14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll
[2009/07/14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
 
< MD5 for: EVENTLOG.DLL  >
[2008/06/07 00:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll
 
< MD5 for: IASTORV.SYS  >
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys
[2010/12/02 03:08:35 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys
[2011/03/11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys
[2011/03/11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys
[2011/03/11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys
[2009/07/14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys
[2010/12/02 03:08:35 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009/07/14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll
[2010/11/20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2010/12/02 03:08:35 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys
[2009/07/14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys
[2011/03/11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys
[2011/03/11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys
[2010/12/02 03:08:35 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys
[2011/03/11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll
[2009/07/14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll
[2010/11/20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
 
< MD5 for: USER32.DLL  >
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010/11/20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009/07/14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009/07/14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010/11/20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009/07/14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010/11/20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009/07/14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010/11/20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009/07/14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2010/12/02 02:59:41 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2010/12/02 02:59:41 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys
[2009/07/14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\*.* >
[2012/07/11 14:17:05 | 000,000,174 | -HS- | M] () -- C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini
 
< %APPDATA%\*AcroIEH*.* >
 
< %APPDATA%\*.exe >
 
< %APPDATA%\*.tmp >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pascal Pietrek\Documents\desktop.ini:gs5sys
@Alternate Data Stream - 1536 bytes -> C:\Users\Pascal Pietrek\Desktop\desktop.ini:gs5sys

< End of report >
         
--- --- ---

Alt 04.09.2012, 15:44   #10
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE:64bit: - HKLM\..\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF 
IE:64bit: - HKLM\..\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE:64bit: - HKLM\..\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKLM\..\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF 
IE - HKLM\..\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKLM\..\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - No CLSID value found 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}: "URL" = http://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{11470B2C-0C38-48B6-A804-E7799C01BBE0}: "URL" = http://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=382950&p={searchTerms} 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}: "URL" = http://de.wikipedia.org/wiki/Special:Search?search={searchTerms} 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}: "URL" = http://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox 
IE - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=382950" 
FF - prefs.js..browser.search.selectedEngine: "Google" 
FF - prefs.js..browser.startup.homepage: "about:home" 
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 
FF - prefs.js..keyword.URL: "http://www.google.de/search?q=" 
FF - user.js - File not found 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found 
FF - HKCU\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0: C:\Program Files (x86)\OnLive\Plugin\npolgdet.dll File not found 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX 
CHR - Extension: Stylish = C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\ 
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. 
O3:64bit: - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) 
O4 - HKLM..\Run: [LifeOfGerman] C:\Users\Pascal Pietrek\Desktop\Updater\logstartup.exe File not found 

O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [Akamai NetSession Interface] C:\Users\Pascal Pietrek\AppData\Local\Akamai\netsession_win.exe File not found 
O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found 
O4 O4 - HKU\S-1-5-21-2216366739-1226435145-1474420919-1000..\Run: [KPeerNexonEU] C:\Nexon\NEXON_EU_Downloader\nxEULauncher.exe File not found 
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 
O16:64bit: - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) 
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) 
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) 
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) 
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2) 
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) 
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found 
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. 
O32 - HKLM CDRom: AutoRun - 1 
O33 - MountPoints2\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\Shell - "" = AutoRun 
O33 - MountPoints2\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\Shell\AutoRun\command - "" = H:\pushinst.exe 
O33 - MountPoints2\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\Shell - "" = AutoRun 
O33 - MountPoints2\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\Shell\AutoRun\command - "" = G:\USBAutoRun.exe 

@Alternate Data Stream - 5120 bytes -> C:\ProgramData:gs5sys 
@Alternate Data Stream - 1536 bytes -> C:\Users\Public\Documents\desktop.ini:gs5sys 
@Alternate Data Stream - 1536 bytes -> C:\Users\Pascal Pietrek\Documents\desktop.ini:gs5sys 
@Alternate Data Stream - 1536 bytes -> C:\Users\Pascal Pietrek\Desktop\desktop.ini:gs5sys 

[2012/08/29 15:01:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Perion 

:Files

C:\Users\Pascal Pietrek\AppData\Local\{*}
C:\ProgramData\*.exe
C:\ProgramData\TEMP
C:\Users\Pascal Pietrek\AppData\Local\Temp\*.exe
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache
%APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk
%SystemRoot%\System32\*.tmp
%SystemRoot%\SysWOW64\*.tmp
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 05.09.2012, 15:26   #11
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Hier ist das Log und wie lang dauert es noch ?
Code:
ATTFilter
All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}\ not found.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}\ not found.
HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry value HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\URLSearchHooks\\{ba14329e-9550-4989-b3f2-9732e92d17cc} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ba14329e-9550-4989-b3f2-9732e92d17cc}\ not found.
HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0E5C56C0-4D8A-4463-B448-8DFCF36668D2}\ not found.
Registry key HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\SearchScopes\{11470B2C-0C38-48B6-A804-E7799C01BBE0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{11470B2C-0C38-48B6-A804-E7799C01BBE0}\ not found.
Registry key HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF0B9967-CF12-4B96-B403-DAA6DB7F399A}\ not found.
Registry key HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\SearchScopes\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EA05FAAF-6C21-4A00-BFD8-5B55CBF3111F}\ not found.
HKU\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable|dword:0 /E : value set successfully!
Prefs.js: "chr-greentree_ff&type=382950" removed from browser.search.param.yahoo-fr
Prefs.js: "Google" removed from browser.search.selectedEngine
Prefs.js: "about:home" removed from browser.startup.homepage
Prefs.js: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.3 removed from extensions.enabledItems
Prefs.js: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 removed from extensions.enabledItems
Prefs.js: "hxxp://www.google.de/search?q=" removed from keyword.URL
64bit-Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/FlashPlayer\ deleted successfully.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@onlive.com/OnLiveGameClientDetector,version=1.0.0\ deleted successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\zh_CN folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\zh folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\tr folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\te folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\ru folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\pt_BR folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\ja folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\it folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\fr folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\es folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\en folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\de folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales\ar folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0\_locales folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjnbnpbmkenffdnngjfgmeleoegfcffe\0.10_0 folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
64bit-Registry value HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ deleted successfully.
C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\LifeOfGerman deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Windows\CurrentVersion\Run\\Akamai NetSession Interface deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2216366739-1226435145-1474420919-1000\Software\Microsoft\Windows\CurrentVersion\Run\\EA Core deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
C:\Windows\Downloaded Program Files\QTPlugin.inf moved successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
C:\Windows\Downloaded Program Files\gp.inf not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\VMApplet:/pagefile deleted successfully.
64bit-Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\WebCheck deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E6FB5E20-DE35-11CF-9C87-00AA005127ED}\ not found.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0b2ab9f8-0a91-11e0-a1e3-7071bcb33adc}\ not found.
File H:\pushinst.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2a327a25-aa18-11e0-bfe5-7071bcb33adc}\ not found.
File G:\USBAutoRun.exe not found.
ADS C:\ProgramData:gs5sys deleted successfully.
ADS C:\Users\Public\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Pascal Pietrek\Documents\desktop.ini:gs5sys deleted successfully.
ADS C:\Users\Pascal Pietrek\Desktop\desktop.ini:gs5sys deleted successfully.
C:\Program Files (x86)\Perion\NewTab folder moved successfully.
C:\Program Files (x86)\Perion folder moved successfully.
========== FILES ==========
C:\Users\Pascal Pietrek\AppData\Local\{00BC7331-0EBD-4DC8-96FA-BF929DDEA179} moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\{043755FA-9959-49FC-A4D5-614905D40CC6} moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\{2875AC5B-3343-471B-A899-84D13C7AA77B} moved successfully.
File\Folder C:\ProgramData\*.exe not found.
C:\ProgramData\Temp\{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF} folder moved successfully.
C:\ProgramData\Temp\{DCCAD079-F92C-44DA-B258-624FC6517A5A} folder moved successfully.
C:\ProgramData\Temp\{D36DD326-7280-11D8-97C8-000129760CBE} folder moved successfully.
C:\ProgramData\Temp\{D12E3E7F-1B13-4933-A915-16C7DD37A095} folder moved successfully.
C:\ProgramData\Temp\{CB099890-1D5F-11D5-9EA9-0050BAE317E1} folder moved successfully.
C:\ProgramData\Temp\{C59C179C-668D-49A9-B6EA-0121CCFC1243} folder moved successfully.
C:\ProgramData\Temp\{91A34181-9FAD-43AB-A35F-E7A8945B7E1C} folder moved successfully.
C:\ProgramData\Temp\{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF} folder moved successfully.
C:\ProgramData\Temp\{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5} folder moved successfully.
C:\ProgramData\Temp\{40BF1E83-20EB-11D8-97C5-0009C5020658} folder moved successfully.
C:\ProgramData\Temp\{3023EBDA-BF1B-4831-B347-E5018555F26E} folder moved successfully.
C:\ProgramData\Temp\{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79} folder moved successfully.
C:\ProgramData\Temp folder moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\AutoRun.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\COMAP.EXE moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\COMPUTERBILD App-Center-Installation.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\EAD200D.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\EAD6621.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\EAD6853.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\eauninstall.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\GoogleUpdateSetup.exe6ce11c moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\GoogleUpdate.exe4cd672 moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\GoogleUpdateSetup.exe112960 moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\GoogleUpdateSetup.exee35a0 moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\GoogleUpdateSetup.exe12a1f87 moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\GRRemove.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\guninst.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\incredibar_installer.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\jre-6u24-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\jre-6u26-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\jre-6u29-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\jre-6u31-windows-i586-iftw-rv.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\jre-6u33-windows-i586-iftw.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\Need for Speed Underground 2_uninst.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\OriginLauncher4592747.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\raptrpatch.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\rootsupd.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\SciLorsGrooveshark.comDownloaderV0.4.9.5.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\Setup.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\SkypeSetup.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\sonarinst.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\svd_va.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\TW_autoskip.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\Uninst.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\UninstAP.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\vcredist_x64.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\vcredist_x86.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\wmfdist.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\wvc1dmo.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\xmlUpdater.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is1D30.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is2138.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is2149.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is275.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is4420.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is67C.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is6878.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is79E0.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is85B9.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is8E2B.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_is9245.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isA083.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isA587.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isB1.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isC84.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isD5B6.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isDFB7.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isEE66.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\Local\Temp\_isF93C.exe moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai\playnow.gaikai.com\skins folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai\playnow.gaikai.com\client\5.2.0\natives\32 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai\playnow.gaikai.com\client\5.2.0\natives folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai\playnow.gaikai.com\client\5.2.0 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai\playnow.gaikai.com\client folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai\playnow.gaikai.com folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\gaikai folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39\1ff11027-6ff9ffb1-n folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\Pascal Pietrek\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
File/Folder C:\Users\Pascal Pietrek\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk not found.
File/Folder C:\Windows\System32\*.tmp not found.
File/Folder C:\Windows\SysWOW64\*.tmp not found.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Pascal Pietrek\Desktop\cmd.bat deleted successfully.
C:\Users\Pascal Pietrek\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: Administrator
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
 
User: Pascal Pietrek
->Temp folder emptied: 5454465158 bytes
->Temporary Internet Files folder emptied: 772976934 bytes
->FireFox cache emptied: 1134336339 bytes
->Google Chrome cache emptied: 364193523 bytes
->Flash cache emptied: 19900 bytes
 
User: Public
 
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56504 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 880391613 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67832 bytes
%systemroot%\sysnative\config\systemprofile\AppData\LocalLow\Sun\Java\Deployment folder emptied: 749 bytes
RecycleBin emptied: 0 bytes
 
Total Files Cleaned = 8,208.00 mb
 
 
OTL by OldTimer - Version 3.2.60.0 log created on 09052012_161116

Files\Folders moved on Reboot...
C:\Users\Pascal Pietrek\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
         

Alt 06.09.2012, 02:29   #12
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Sehr gut!

1. Schritt
Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".
danach:

2. Schritt

Downloade Dir bitte AdwCleaner auf deinen Desktop.

  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Search.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.


3. Schritt
Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.09.2012, 12:26   #13
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Hier sind die Logs

OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 9/8/2012 1:07:19 PM - Run 2
OTL by OldTimer - Version 3.2.61.2     Folder = C:\Users\Pascal Pietrek\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.75 Gb Total Physical Memory | 1.22 Gb Available Physical Memory | 44.38% Memory free
5.50 Gb Paging File | 3.76 Gb Available in Paging File | 68.37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 452.03 Gb Total Space | 224.63 Gb Free Space | 49.69% Space Free | Partition Type: NTFS
Drive D: | 13.63 Gb Total Space | 1.68 Gb Free Space | 12.31% Space Free | Partition Type: NTFS
 
Computer Name: PASCAL-HP | User Name: Pascal Pietrek | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Directory [SPEEDbitVideoConverter] -- "C:\Program Files (x86)\SPEEDbit Video Downloader\Converter.exe" -convert=%1
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FD60F6-5FFE-4308-8BBC-B2DFD5E9191C}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{1129D2B5-B198-437B-8C10-4F885FC40E66}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{15F4754F-8715-429B-83C0-11A818B49A0C}" = rport=137 | protocol=17 | dir=out | app=system | 
"{1A1DCA9D-1116-4C63-9573-0BDF7FF7688A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1E90F5A0-B01D-4A22-B1E3-3B6A4AD832F0}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{242926DB-0598-448D-A4ED-221CC16D80D6}" = lport=6976 | protocol=6 | dir=in | name=league of legends launcher | 
"{253C9D36-D9A9-422F-8D82-1419F696D825}" = lport=139 | protocol=6 | dir=in | app=system | 
"{269FC66B-CA8B-487A-B8CD-D1D7950BF47D}" = lport=8397 | protocol=17 | dir=in | name=league of legends launcher | 
"{2D5E2A3D-A0F9-4CA6-B26A-043F73D35EE8}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2DDA6AD5-3125-421A-966D-3B2E3A5A483C}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{2E2AC13D-E6D6-4C01-A49A-4AA531252FCF}" = lport=6976 | protocol=17 | dir=in | name=league of legends launcher | 
"{30D908FA-A2E5-4533-8365-362E1E44A546}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{3189E394-4FFB-469C-B595-E2D774D9424B}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{35723D7E-6736-4959-BE98-232ADDC56B27}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{3D4725A2-27FE-4D80-BE5D-67B6E7A81FC8}" = lport=10300 | protocol=6 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{3DF9DB5D-FA25-48C0-93AE-420305B45C50}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{3F67F380-BBCF-4ECF-B40E-2C8D5096C4D2}" = lport=10301 | protocol=17 | dir=in | app=c:\program files (x86)\devolo\dlan\devolonetsvc.exe | 
"{461FB1FB-1E57-4666-9291-E6136051B02F}" = lport=5000 | protocol=17 | dir=in | name=akamai netsession interface | 
"{50D894D3-1C9E-46C2-B0EA-B4A48AE89933}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{5545F235-8082-46D5-8028-5E9AD5D262B7}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{5C656888-B61D-4807-B151-ABED1A7F84B4}" = rport=139 | protocol=6 | dir=out | app=system | 
"{61A99FFE-0405-4A51-8D62-4FC3EEBA9E86}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{73A24848-2B82-44B8-BE59-501B85795C82}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7EA05AC1-4BC8-42A3-A4D5-103D28997BF0}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{80CE68AC-7EC0-4F28-A328-45FC032C07AA}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{811B82DD-DE2A-4DA4-B45A-2D47B872A09C}" = lport=8396 | protocol=17 | dir=in | name=league of legends launcher | 
"{850F4FA3-A1A4-4807-AF28-B8E57EFC1BF6}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8A3A8B89-DA91-4238-8235-5DD62D38E613}" = rport=445 | protocol=6 | dir=out | app=system | 
"{8E9FC27A-B06E-4141-8B15-B8EB0477EC3B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{95F3DBAE-C0BE-46A6-8D27-17E75C491E0F}" = lport=6936 | protocol=6 | dir=in | name=league of legends launcher | 
"{9B4E638E-F8A4-4A56-A687-0E9F81FB1628}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe | 
"{9D71ABE7-21D4-43FD-ABF6-C7F16FE5FA09}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{A7EEB4D2-EEF7-44AD-9FF4-77D4BF956D29}" = lport=445 | protocol=6 | dir=in | app=system | 
"{AAD85426-ABCC-4A08-9F18-1BA78E4FB1CC}" = lport=8396 | protocol=6 | dir=in | name=league of legends launcher | 
"{AD597C8E-4B68-4E30-9377-E37F0F96536D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{B3FFE9F9-E35C-43B4-888F-7EC92F715CC5}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BAFDB5F3-1971-49F3-91FA-20DE0F918591}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{BB4C75DF-DC8B-465A-8109-0F993E5CDC74}" = lport=137 | protocol=17 | dir=in | app=system | 
"{C24B30EB-A574-43BF-99C8-F6FABF59E42B}" = rport=138 | protocol=17 | dir=out | app=system | 
"{D0127871-040B-4893-A33F-91B5058B1C0D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{DCDF9760-81A3-4F7F-A0AA-B2D43BFD7D4A}" = lport=6936 | protocol=17 | dir=in | name=league of legends launcher | 
"{E4C5C12F-4E1E-4002-9124-54B8BEF11483}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EAD5BBEC-1959-47A3-B0F8-6979B56F7C32}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{F154FB93-4B8D-47A1-8872-ECA6DF6A8A12}" = lport=49161 | protocol=6 | dir=in | name=akamai netsession interface | 
"{FABAD4E9-414E-465A-98A1-5B885A27E302}" = lport=8397 | protocol=6 | dir=in | name=league of legends launcher | 
"{FC3C0754-98C1-460B-99B8-4998A7507CFE}" = lport=138 | protocol=17 | dir=in | app=system | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03962354-008A-4717-9751-4F0C9E31268B}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\tsmagent.exe | 
"{054C2E64-D987-4DD8-935F-D6E2D595CDB9}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{05C88EBD-DBDF-4CE4-8213-953DD3BCDC23}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{08A0E719-BA26-4BC8-87F4-75659BD30A48}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe | 
"{0C7D786D-FA94-4FAF-88AF-63D3111E03C5}" = protocol=17 | dir=in | app=c:\users\pascal pietrek\desktop\videotomp3setup.exe | 
"{0EF344F6-1565-4B8F-9908-58AF44203B8F}" = protocol=6 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{10EDB108-6598-4B7B-BF0B-1051FB4108B2}" = dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{11D9B13A-03BE-4229-A5D4-68DAF33D3B89}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"{14B70CA4-5B81-4623-9487-E8FFB6AF1B10}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{14B96348-A3CC-49AF-ABE5-9A19D9D0FD98}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\photo\hpmediasmartphoto.exe | 
"{15A3C911-AC44-422D-9D2E-CCDBD392D15D}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{17FCF7C3-717E-4559-AFDF-1F6939A1E6C7}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe | 
"{18A71AEF-894B-4455-BA6A-39C1A7D511BC}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{1AE03B1A-CCF5-4AB5-BAA5-60D6A55019E3}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{1CBE8C66-D92A-42FB-8B45-B26184D5A337}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{1CC2DCF8-735E-46F5-8191-C1967F99EE29}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{1CD972C8-89D5-4E39-B193-351B1BA982DB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{1FA3DFB8-685E-4B7B-82BC-8F06838F4E68}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{206BDE9D-3C83-4DB3-B0AB-B9DDA103EE83}" = dir=in | app=c:\brickforce\bflauncher.exe | 
"{209CA6E9-BB75-4A2C-A569-92891C17D92D}" = protocol=6 | dir=in | app=c:\users\pascal pietrek\desktop\videotomp3setup.exe | 
"{248F0A7D-4494-4F15-A8A2-CCEF380493C6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{25779E7C-607E-4F3C-BBF2-A50DC6BA0A51}" = protocol=17 | dir=in | app=c:\users\pascal pietrek\desktop\games\terraria\terrariaserver.exe | 
"{28804E36-FA49-4F42-8BBF-C4F4D000BDCB}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe | 
"{2B08FBA9-6DBC-4842-802A-BE86E2D9508B}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{2BE6E1DD-482D-46A9-B57A-6B120EC3ACFD}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\half-life\hl.exe | 
"{2E46AB13-7E39-4A6B-8BB2-9248E36AEB3F}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\samp.exe | 
"{30D9F391-87F3-4C76-A364-AFE008641861}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{3167E1F0-11FB-481D-8A6B-1E4BF26CBEFB}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{34FF53B8-1646-4270-8D63-49EC7047729F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{356336EF-7DB5-47CC-A49D-2096B113830A}" = protocol=17 | dir=in | app=c:\gpotato.eu\allods online\bin\launcher.exe | 
"{35E6C7A0-56D1-41C9-A062-0B75C8E0FEC0}" = protocol=6 | dir=out | app=system | 
"{37FE99B0-C7FD-4DC8-8CE8-9286861C55C4}" = protocol=17 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{38BC37BF-EA1E-4479-85C0-107F0EDAB0C7}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{39F67209-62C5-491E-A671-D528042159C5}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{3C47EA84-E4FD-4B2C-88E9-09A93E503115}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartphoto.exe | 
"{3CA54574-C08E-4865-8309-85D4AEE16A15}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{3E527BDB-3685-42E7-85B7-B172398945B7}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{4246A87B-4404-4F17-9E46-CB3D7817837E}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{456A87B3-47A3-4715-881F-B40A597EE20D}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\kernel\clml\clmlsvc.exe | 
"{45CCA869-4B6F-4661-804A-AAD6AABEB754}" = dir=in | app=c:\program files (x86)\hewlett-packard\touchsmart\music\hptouchsmartmusic.exe | 
"{472AED7E-A4B8-45A0-81AD-13DA4390C9D6}" = protocol=6 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{502404FD-C34B-4FD5-B63E-B265890B849C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta_sa.exe | 
"{5145E989-C99C-4381-B0D8-E1A1B14409EF}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{518A31C6-E8EC-4B79-9ED9-9FB93534AD04}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{536BF8F0-0122-434D-ADC4-DAEBC504F8F4}" = protocol=6 | dir=in | app=c:\fiaa\operation7\operation7.exe | 
"{53DF46BF-17D9-4C7F-9342-228FFD0F22AB}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{550FF0A2-22F1-4A3E-A5A8-52C9643900E8}" = protocol=6 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{554B4247-F0F3-4D7D-896D-CC2E6EA2BDAC}" = protocol=17 | dir=in | app=c:\fiaa\operation7\operation7.exe | 
"{554D1890-653F-4C7F-9D05-971A186C3DA0}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta-sa.exe | 
"{564594FD-C9B5-41F5-A10E-1D244D14F3FC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5702555A-AC41-4732-8B1C-9177F215E149}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{571216C3-B827-4990-8A29-773A422EDD14}" = protocol=6 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{57540278-441C-4EF9-AFB1-6F54B718131D}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{58B1D0D1-1129-4E64-A259-8353B3E1EE0B}" = protocol=17 | dir=in | app=c:\riot games\league of legends\game\league of legends.exe | 
"{5C02FC5D-573C-4C5D-BE99-B5BADD857DBE}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{5DAA5869-6F4D-4980-9A76-650A76898B5A}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{5DF4A3A6-BEB3-40BE-83F9-1E0C940F6C5C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{61D2257E-3C9B-48B5-9443-AAA8CE463556}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{65803291-356A-459B-950E-1E98F450DBE1}" = protocol=17 | dir=in | app=c:\users\pascal pietrek\desktop\gute programme\videotomp3setup.exe | 
"{65BCBA8F-B912-4718-952E-8093FD0B00B0}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{66657597-95C8-41B4-BE04-06247CE98E2C}" = protocol=17 | dir=in | app=c:\program files (x86)\easybits for kids\programs\my first browser\myfirstbrowser.exe | 
"{67F2425E-AED6-4E11-BEB2-62A9513198E0}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{6CD37D95-1440-4792-B979-371BCF763C3F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{6E339D7B-F5E6-4E64-992C-13728EE83AF9}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"{7034545D-4FD3-4F91-8676-A82A377F9AAA}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{72363A29-3A77-41F3-A013-2E488F6D565F}" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{7247EBC7-2B87-4CC9-A050-2282F7A39420}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{72EF9D21-9C62-469D-BE42-FDAAA43877B3}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tunngle.exe | 
"{73A67034-F0BA-4718-A804-69A7DDF895F8}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{7667EB6C-38F3-4526-862B-5973951B4050}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{76FECF50-A7C7-447E-B725-6A585D998E1B}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{7A7C4520-CB55-44E9-A5A5-1EAAB4E38E33}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartmusic.exe | 
"{7A9D5E85-9298-4B67-A8BC-7A0A8949431C}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\aufstieg des hexenkönigs\game.dat | 
"{7CCEAAA7-E6BB-42BC-9DEB-90D8601B14BF}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\battleforge.exe | 
"{810B4A15-79F9-4B90-9B95-0F177160C376}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{82F363A5-200F-4CC5-A997-6808D52A0C7A}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{835783B7-7CAF-499C-8CA9-B122AA02F814}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\counter-strike source\hl2.exe | 
"{87C529A2-759B-4B10-BC88-024A15D92760}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\source sdk base 2007\hl2.exe | 
"{88C41E8A-3482-42DD-A0A1-5ADB1EEA9ED4}" = protocol=6 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{88FC0EDE-9C7D-439A-9010-AF5A7C084883}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\unbreak956\counter-strike source\hl2.exe | 
"{8A8CA52C-E82E-44EF-A894-F284B7611B13}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{8BF63FE0-EE0D-402B-843C-3F68E2116B2D}" = protocol=17 | dir=in | app=c:\riot games\league of legends\air\lolclient.exe | 
"{8EA7AF91-8E7E-4CD1-A95B-36B5DAA41812}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr8.exe | 
"{8FB04FDB-FC78-4256-96B0-04D60CAB4140}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\left 4 dead\left4dead.exe | 
"{9869849C-C6E1-4DC9-AD2F-F46985084989}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{98B69A00-8F62-4D6F-9552-1363ADFFB2B6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9B762163-714A-4559-A83E-D241535A00DF}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\gta_sa.exe | 
"{9C076A5F-7668-42C7-9FD9-964303CD127F}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\counter-strike source\hl2.exe | 
"{9DA634B8-9353-461D-8B5B-FC8E72F4FAC4}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\counter-strike source\hl2.exe | 
"{9E798E43-F58E-4F60-A29A-F1CF99031D52}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{9F0A2E74-B3A1-453A-90C9-768FD721895C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\ava\reactor.exe | 
"{A1A47410-E5FD-4C94-A782-20C5C22B86CA}" = protocol=17 | dir=in | app=c:\program files (x86)\raptr\raptr_im.exe | 
"{A2036E36-D627-49EF-BE80-DB12F8855F27}" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"{A5B975A4-394B-46AD-86D0-137355F3FC2E}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{A950BC3C-9525-4F92-A32D-3098E432FCAE}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\source sdk base 2007\hl2.exe | 
"{A99B041F-7F28-4ACA-ACBB-745BC91A0B92}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{A9B08B3C-BC7E-4234-9CA3-46E58B027D53}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\half-life\hl.exe | 
"{AB2A751D-7677-4320-B979-E94667501A4E}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 2050 j510 series\bin\usbsetup.exe | 
"{AC5ADB59-725B-4475-AA1E-23A73112757C}" = protocol=17 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{AC5F06C8-33F6-4216-8BC3-4EF3A79F155C}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\die schlacht um mittelerde ii\game.dat | 
"{ADDD51B4-9681-4470-A5B0-0DEEDEEB0577}" = protocol=6 | dir=in | app=c:\program files (x86)\tunngle\tnglctrl.exe | 
"{AE663C67-23E0-40DF-A458-BA173DDCD09D}" = protocol=6 | dir=in | app=c:\users\pascal pietrek\desktop\games\terraria\terrariaserver.exe | 
"{AF665116-C268-43B4-BD91-6314ECB8EF2B}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{B30C0072-D5FD-499E-93B8-585C9965B8DB}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"{B863A54F-3ADC-4FD8-A47E-0A11CDDC7B9C}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{B9A66B39-30D2-44AF-8188-03940729D5EA}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hpdvdsmart.exe | 
"{BA23EDBD-85DE-46E2-A43B-42198E0EA7C2}" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe | 
"{BA24FE7F-E2BC-433E-84DD-4013423C1769}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{BA69F668-FD5E-4904-BC2D-6BAEA9B4973D}" = protocol=17 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{BCF2B485-E5F9-42AD-90FD-3BE92BD86D7C}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\sid meier's civilization iii complete\conquests\civ3conquests.exe | 
"{C03730BD-A547-4FAE-9391-8B523AA691FB}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe | 
"{C1E70D57-242B-46F2-9AEC-610F6F62622C}" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{C27DF127-0428-4FF0-8236-308EDE20A48D}" = protocol=6 | dir=in | app=c:\programdata\nexoneu\ngm\ngm.exe | 
"{C31D01CE-36D2-478A-AB32-EDC1451CF0AE}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C3D26693-2CC5-4313-9EB0-6C52D42E7F17}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\counter-strike source\hl2.exe | 
"{C785A439-14E2-42C4-96FD-1639A881DA17}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{D210E493-6471-4F65-B0F6-FFA457B3DBC6}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\grand theft auto san andreas\samp.exe | 
"{D38E2FCE-283C-471A-9F22-96B438F9A3A0}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | 
"{D4BDD4A6-EDAC-4196-A3B0-E57E221CBB6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{D4E7A5F9-4899-4C9C-BD7E-5F1756643F94}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\realm of the mad god\realm of the mad god.exe | 
"{D8460E95-11B8-4B56-A68E-C62BA99CD09C}" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\unbreak956\counter-strike source\hl2.exe | 
"{DA77E117-B34D-40DC-B480-0C0DC586E6DF}" = dir=in | app=c:\program files (x86)\hewlett-packard\media\dvd\hptouchsmartvideo.exe | 
"{DB7FD845-C1D8-46C3-B6D4-0C4083583005}" = dir=in | app=c:\brickforce\brickforce.exe | 
"{DBA77D20-35D2-429E-B8C2-CDCD1F44C5E2}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.exe | 
"{DBACEE84-4058-46B2-883B-2AA515070076}" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\launcher.patch.exe | 
"{DDD3833D-B321-46AD-9D9E-C8DD2964A87C}" = protocol=6 | dir=in | app=c:\program files (x86)\raptr\raptr.exe | 
"{DF25EAEE-4B0C-4782-93B9-FF8914FA4E36}" = protocol=6 | dir=in | app=c:\users\pascal pietrek\desktop\gute programme\videotomp3setup.exe | 
"{E059167A-0BE0-4BDF-BBF9-01D382FB607F}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\bf2142.exe | 
"{E1BC2C9C-6FEA-4BDE-B719-DE125C78C096}" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\swkotor\swkotor.exe | 
"{E3889C9E-8D2D-49D2-A236-5D86038BEA24}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | 
"{E415701C-C35C-4DD0-8842-CF498E651C2B}" = protocol=6 | dir=in | app=c:\program files (x86)\z8games\crossfire\cf_g4box.exe | 
"{E5496E16-CE6E-415D-9CE5-865937E1D8DB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{E7347BFC-198F-4A70-B1C1-A53C49E2744D}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{E7E49974-CD5C-4782-82A8-67C51D45CA2A}" = protocol=17 | dir=in | app=c:\program files (x86)\lucasarts\star wars battlefront ii\gamedata\battlefrontii.exe | 
"{F23663DA-4A9C-4F12-A3E8-E3A86C7CE130}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{F25449C6-8472-4A6F-83B6-CE31905508D6}" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battleforge\bootstrapper.exe | 
"{F3FCB10D-A334-4A45-9D85-346FEE8AB41B}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{F404E762-0F71-4D41-8B21-AF35CE405E3D}" = protocol=17 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"{F5D3E799-7CE4-4AB0-8A96-ED7F1A8AA7C5}" = dir=in | app=c:\program files (x86)\hewlett-packard\mediasmart\video\hpmediasmartvideo.exe | 
"{F745DE2B-F3D6-4CFC-AE96-3D2E7D41BE02}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | 
"{F88A2629-BFBD-499A-A792-3645583177A0}" = protocol=6 | dir=in | app=c:\nexon\combat arms eu\nmservice.exe | 
"TCP Query User{03EED656-B52D-46AA-8093-34B96D2E8F47}C:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe | 
"TCP Query User{051EA74E-A3AF-459E-8E6A-041DAE6B526D}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"TCP Query User{06E48DE4-BECF-4F32-90FB-127910E0278C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{0FE7C545-6BC6-4962-A424-58540013D0FE}C:\program files (x86)\redeclipse\bin\reclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\redeclipse\bin\reclient.exe | 
"TCP Query User{1258C178-8180-4E60-9CEA-F38939D69747}C:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{1652F6AC-B24C-4514-AA96-3BAEFE9058D5}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{1F083D04-122D-4CA0-B206-77030737028D}C:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex | 
"TCP Query User{25EECDD5-BF36-433E-903F-DDA15FB1549A}C:\program files (x86)\steam\steamapps\pascal08125\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal08125\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{2A615B40-52F5-4780-BB92-AF2343FE0CE1}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe | 
"TCP Query User{2CF914B0-6EF1-4517-8AA9-583E2F6BAF00}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"TCP Query User{31EF8AC1-0705-4BEA-A8D3-EDBA503C8B83}C:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe | 
"TCP Query User{33AC8D34-D905-402B-9B97-3CAF87FA409D}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{387547AE-633F-42EA-B567-29DA75A432FF}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 
"TCP Query User{396644CE-B47E-45C4-B091-74BE8E3C1D2B}C:\program files (x86)\steam\steamapps\pascal05551\source sdk base\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\source sdk base\hl2.exe | 
"TCP Query User{3C0DA150-7B07-411E-8DB2-ECD971201044}C:\program files\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"TCP Query User{3CDE683D-215D-4974-98F6-82F68A0DA8A8}C:\users\pascal pietrek\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe | 
"TCP Query User{43C6F2EF-B4F6-48D0-BDBA-005CF8931F17}C:\users\pascal pietrek\appdata\roaming\spotify\spotify.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\appdata\roaming\spotify\spotify.exe | 
"TCP Query User{50A7B798-E1FD-419A-8FD5-DB4807A0531D}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"TCP Query User{66BAFCA6-92D9-4280-864F-A280014C6A73}C:\users\pascal pietrek\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"TCP Query User{6F2104E3-98FE-46C5-9B1D-A655302F3F3F}C:\program files (x86)\metin2\metin2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.exe | 
"TCP Query User{705F3F09-60F0-4BA3-8898-59B626722B3B}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"TCP Query User{71917A58-7BCD-4001-A09A-9535A7807AD2}C:\users\pascal pietrek\desktop\runes_of_magic_4_0_8_2506_slim_eu.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\desktop\runes_of_magic_4_0_8_2506_slim_eu.exe | 
"TCP Query User{797FB287-2D9B-417E-8F0C-F5A5D01E6A87}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{7F797851-66A5-4558-B4BA-DD2D7CDE4DC7}C:\users\pascal pietrek\desktop\games\terraria\terrariaserver.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\desktop\games\terraria\terrariaserver.exe | 
"TCP Query User{82F0B56A-367E-4F1C-9BFC-477F55075D15}C:\program files (x86)\tiggit\data\games\tiggit.net\nexuiz\nexuiz\nexuiz.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tiggit\data\games\tiggit.net\nexuiz\nexuiz\nexuiz.exe | 
"TCP Query User{85FDB929-A63C-40AE-BEEC-505142A8A0C2}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"TCP Query User{8FB9AF0C-A2C9-4495-8702-0BC91501FCBF}C:\program files (x86)\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"TCP Query User{90302FF5-2878-43D6-879C-F98EA78F85C8}C:\games\tmnationsforever\tmforever.exe" = protocol=6 | dir=in | app=c:\games\tmnationsforever\tmforever.exe | 
"TCP Query User{90E3E0E0-2670-4DDD-80B4-63CA7A391121}C:\program files (x86)\redeclipse\bin\reclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\redeclipse\bin\reclient.exe | 
"TCP Query User{925B01DC-EBD6-4418-83A6-53F5516815D1}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{93A5113D-00BD-4A81-BB94-E9AF98676098}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"TCP Query User{955C5831-E4E6-4AC6-B9AD-5B81822B577F}C:\riot games\league of legends\lol.launcher.exe" = protocol=6 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"TCP Query User{9E0FD6DF-0DE0-41DD-8E4A-B3F890021DAF}C:\windows\system32\java.exe" = protocol=6 | dir=in | app=c:\windows\system32\java.exe | 
"TCP Query User{A4604ED2-01FA-4382-8B28-F1AC122A8924}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{A551CB0A-A311-4627-B5E6-D0045D6D0CC6}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"TCP Query User{A55BE6B1-6EB3-453C-A4D6-EAB0335385E2}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"TCP Query User{A6CE34E7-AA98-401E-BEE6-9CC2B37329A0}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=6 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | 
"TCP Query User{AA780319-5738-4BFB-A660-375323287B80}C:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe | 
"TCP Query User{B09C6928-5091-4762-83AA-37C7B026B6B2}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"TCP Query User{B1295628-D605-4B05-A62C-F4B2FCDE7FDE}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe | 
"TCP Query User{B3F9C68E-7556-4238-8B1D-E8F909DBE679}C:\program files (x86)\metin2\metin2.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"TCP Query User{B5F99C21-B1F9-4640-A942-DC2BBCD16234}C:\program files (x86)\steam\steamapps\unbreak956\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\unbreak956\team fortress 2\hl2.exe | 
"TCP Query User{B808C1E0-D1E7-4871-B1F5-74B08DC081D5}C:\program files (x86)\steam\steamapps\pascal0051\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal0051\team fortress 2\hl2.exe | 
"TCP Query User{BA343815-55EC-4234-B792-F38682945509}C:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe" = protocol=6 | dir=in | app=c:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe | 
"TCP Query User{BAE6ABF8-C103-4637-B29E-0448EF39BAEE}C:\program files (x86)\steam\steamapps\pascal05551\half-life 2 deathmatch\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\half-life 2 deathmatch\hl2.exe | 
"TCP Query User{BCACBF36-8F81-4E11-B5FB-A600577D0D77}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=6 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"TCP Query User{C090B45D-32D9-4F0F-8E70-328BA310EC97}C:\program files (x86)\steam\steam.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"TCP Query User{C5481BBB-2982-44A4-A54B-EFCE0F9A127A}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{C7B5A7A8-C744-4F2E-9C9E-A263B5CDECBD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
"TCP Query User{C9005E71-61CD-4030-81A5-A1866A8AD149}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{D640B68E-504B-4753-B413-BED8995C1D1A}C:\program files (x86)\runes of magic\client.exe" = protocol=6 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"TCP Query User{DCF99E90-C208-4913-AE5B-6347253A0583}C:\program files (x86)\wolfenstein - enemy territory\et.exe" = protocol=6 | dir=in | app=c:\program files (x86)\wolfenstein - enemy territory\et.exe | 
"TCP Query User{E3C59660-D599-4519-B193-C847E0442291}C:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe | 
"TCP Query User{E5C884CB-52E4-4E37-B83A-9D370E6CFB57}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"TCP Query User{E810FBDE-8DFC-4219-913C-BF6702122AB5}C:\program files (x86)\metin2\metin2client.bin" = protocol=6 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"TCP Query User{E9D33112-9D62-4CD7-9150-87FB1FEBB5CC}C:\program files (x86)\tiggit\data\games\tiggit.net\freeciv\freeciv-server.exe" = protocol=6 | dir=in | app=c:\program files (x86)\tiggit\data\games\tiggit.net\freeciv\freeciv-server.exe | 
"TCP Query User{ED63BEF7-F82B-498A-9552-8C8ED55419FC}C:\users\pascal pietrek\desktop\runes_of_magic_5_0_0_2535_slim.exe" = protocol=6 | dir=in | app=c:\users\pascal pietrek\desktop\runes_of_magic_5_0_0_2535_slim.exe | 
"TCP Query User{ED97B728-CC27-4EBA-943D-D3218D93D136}C:\program files (x86)\electronic arts\battlefield 2142\firststrike.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\firststrike.exe | 
"TCP Query User{EFCB8FF8-4A68-4858-AF88-B7E0F3D1BD0D}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=6 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"TCP Query User{F41CF9A4-9B15-42FA-9904-8BC6ABF30AEB}C:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe | 
"TCP Query User{FCE89BE0-090C-479F-85FB-4398D628BE86}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=6 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 
"TCP Query User{FD9A23E0-B0D6-44C3-A96E-02B1AFA9094D}C:\program files (x86)\steam\steamapps\unbreak956\counter-strike source\hl2.exe" = protocol=6 | dir=in | app=c:\program files (x86)\steam\steamapps\unbreak956\counter-strike source\hl2.exe | 
"UDP Query User{02D7D857-E603-4D59-9477-3E8C292C0675}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-offline\system\splintercell4.exe | 
"UDP Query User{08F4299A-AA14-48CE-9737-2593F9BB7EE7}C:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe | 
"UDP Query User{0D02CDB5-E30B-437C-B0DE-CEC1CD178088}C:\program files (x86)\metin2\metin2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.exe | 
"UDP Query User{0E171D57-4226-40CD-9007-ADC48297A709}C:\program files (x86)\metin2\metin2.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2.bin | 
"UDP Query User{130BAAA8-B16D-4F18-99CD-8697C015D71B}C:\games\tmnationsforever\tmforever.exe" = protocol=17 | dir=in | app=c:\games\tmnationsforever\tmforever.exe | 
"UDP Query User{190B7C58-8056-439D-B973-62CF3D3BCE30}C:\program files (x86)\freeorion\freeoriond.exe" = protocol=17 | dir=in | app=c:\program files (x86)\freeorion\freeoriond.exe | 
"UDP Query User{1932DAC4-A29E-4784-8D2A-B33E9BB01AA8}C:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\age of empires online\spartan.exe | 
"UDP Query User{1A1B29AC-5C27-4696-9654-25F7A803AA8E}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{1CCA1F19-6BE7-4871-87B6-C611589639A3}C:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe | 
"UDP Query User{1DD8B21D-D6E1-4626-A2FB-60500C6F8D6F}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{224B105C-36B5-482B-B32F-1D247D3BEE36}C:\program files (x86)\tiggit\data\games\tiggit.net\nexuiz\nexuiz\nexuiz.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tiggit\data\games\tiggit.net\nexuiz\nexuiz\nexuiz.exe | 
"UDP Query User{24B3D6E7-2B8A-4216-9779-3E1874557FDC}C:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{280498D5-6D92-4224-BD6C-29DB6878AD02}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"UDP Query User{31C48D32-81C8-40A4-94E0-9FDA8E80DAE9}C:\program files (x86)\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\java.exe | 
"UDP Query User{36B49367-1083-41D2-85A4-EB848A213764}C:\windows\system32\java.exe" = protocol=17 | dir=in | app=c:\windows\system32\java.exe | 
"UDP Query User{36E8974A-0D27-4B54-BF0E-E6A8B4804F1E}C:\program files (x86)\steam\steam.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steam.exe | 
"UDP Query User{3FB6C4BF-C7ED-4B56-B7DE-6CE3CD42C802}C:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\system\splintercell3.exe | 
"UDP Query User{43B15E1E-CEF2-416B-ACD5-864DDB911746}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{43D74401-D549-4997-B4D4-7A036B596006}C:\program files (x86)\steam\steamapps\pascal05551\source sdk base\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\source sdk base\hl2.exe | 
"UDP Query User{43DE151F-DA3C-4929-ACCB-E4CF329CC474}C:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\team fortress 2\hl2.exe | 
"UDP Query User{4489030D-EBD2-45B4-A486-588F45A94829}C:\users\pascal pietrek\desktop\runes_of_magic_4_0_8_2506_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\desktop\runes_of_magic_4_0_8_2506_slim_eu.exe | 
"UDP Query User{47EEAA15-B575-4912-9321-9BED493D8EBD}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{4A51D2DB-9AD3-472D-97FF-ACAA97D947B3}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{55DB4FD1-02D0-43B3-BE2F-A0D5EAEB9F8A}C:\users\pascal pietrek\appdata\roaming\spotify\spotify.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\appdata\roaming\spotify\spotify.exe | 
"UDP Query User{59439E4A-048D-471E-828F-F764EBCC32A4}C:\users\pascal pietrek\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\downloads\yuleech-runes_of_magic_3_0_8_2349_slim_eu.exe | 
"UDP Query User{5AFA3E90-2122-43C3-B9FA-7C26AB181580}C:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\ghost recon advanced warfighter\graw.exe | 
"UDP Query User{5F9759F2-7A3F-4739-A734-27ED1D033390}C:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell double agent\scda-online\system\scda_online.exe | 
"UDP Query User{691BB39C-C5E4-4AD8-9110-AE3E2D47C95B}C:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex" = protocol=17 | dir=in | app=c:\program files (x86)\ubisoft\tom clancy's splinter cell chaos theory\versus\system\scct_versus.ex | 
"UDP Query User{795AA606-87CC-42AD-975C-2AD32C3AA52A}C:\program files (x86)\runes of magic\client.exe" = protocol=17 | dir=in | app=c:\program files (x86)\runes of magic\client.exe | 
"UDP Query User{7BCD52EC-0648-4D59-910F-5411F608E172}C:\program files (x86)\wolfenstein - enemy territory\et.exe" = protocol=17 | dir=in | app=c:\program files (x86)\wolfenstein - enemy territory\et.exe | 
"UDP Query User{7CC8EC7F-2279-4568-8E31-B4F4E921AEB6}C:\program files (x86)\tiggit\data\games\tiggit.net\freeciv\freeciv-server.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tiggit\data\games\tiggit.net\freeciv\freeciv-server.exe | 
"UDP Query User{7EAF5A8F-B7C5-46DF-97A4-8F22CF9CFD06}C:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\common\terraria\terrariaserver.exe | 
"UDP Query User{8243668E-FA2E-4F50-B1E7-601B28053019}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{848B1A93-D2F8-4067-A58F-E3428119EB60}C:\users\pascal pietrek\desktop\games\terraria\terrariaserver.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\desktop\games\terraria\terrariaserver.exe | 
"UDP Query User{87691EC3-C8D4-41C7-A2BE-402ACB530708}C:\program files (x86)\redeclipse\bin\reclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\redeclipse\bin\reclient.exe | 
"UDP Query User{96B197FB-2366-49FD-82CD-30FE6E53CBF5}C:\riot games\league of legends\lol.launcher.exe" = protocol=17 | dir=in | app=c:\riot games\league of legends\lol.launcher.exe | 
"UDP Query User{9B0732B3-6243-4CF1-A91E-E20CC3616AA3}C:\program files (x86)\steam\steamapps\unbreak956\counter-strike source\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\unbreak956\counter-strike source\hl2.exe | 
"UDP Query User{9EE4FDDB-5B32-413F-883E-CADE8DD1230A}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe | 
"UDP Query User{A0E957B9-C08D-448F-9F71-FDCFBF4DB59E}C:\program files (x86)\tmunitedforever\tmforever.exe" = protocol=17 | dir=in | app=c:\program files (x86)\tmunitedforever\tmforever.exe | 
"UDP Query User{A4F34F0E-2B06-429A-8AAB-F099F130A08E}C:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe" = protocol=17 | dir=in | app=c:\users\public\games\runic games\torchlight 2 beta\tl2.beta.launcher.exe | 
"UDP Query User{A53A2C6F-A382-4508-8E72-3B6C4F7FA83C}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | 
"UDP Query User{A975EBC7-D08B-4E80-8BEA-0BEF6BC2CE2E}C:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\codemasters\der herr der ringe online\lotroclient.exe | 
"UDP Query User{A9A0421F-42FC-4E46-9A85-2EAF8270FB08}C:\users\pascal pietrek\appdata\local\temp\7zipsfx.000\cf_downloader.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\appdata\local\temp\7zipsfx.000\cf_downloader.exe | 
"UDP Query User{A9AE2898-3F55-4018-AB32-A32E97C1F42C}C:\program files (x86)\steam\steamapps\pascal05551\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal05551\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{ACC37624-5AAA-4267-9AFE-AAC8A45CF09E}C:\program files (x86)\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files (x86)\xfire\xfire.exe | 
"UDP Query User{B8C0710A-326B-47B6-8763-1D6F18EC2AED}C:\program files (x86)\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\java\jre6\bin\javaw.exe | 
"UDP Query User{C41F7839-0AF6-433D-B820-C03D3E331713}C:\program files (x86)\electronic arts\battlefield 2142\firststrike.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\battlefield 2142\firststrike.exe | 
"UDP Query User{C6E097E2-345D-4B8A-999D-620D453B6CC1}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe | 
"UDP Query User{CA685726-FDFD-46E2-AEAF-ACBD30AAD6B6}C:\program files (x86)\heroes of newerth\hon.exe" = protocol=17 | dir=in | app=c:\program files (x86)\heroes of newerth\hon.exe | 
"UDP Query User{D64B7C49-421E-4311-9AAB-154A15C0C533}C:\program files\java\jre6\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\javaw.exe | 
"UDP Query User{DD1BDC30-6D6C-44EB-82E7-47DD1F80F976}C:\program files (x86)\ea games\battlefield play4free\bfp4f.exe" = protocol=17 | dir=in | app=c:\program files (x86)\ea games\battlefield play4free\bfp4f.exe | 
"UDP Query User{DEC260E2-2AFF-430B-A93B-7972E975D902}C:\program files (x86)\steam\steamapps\unbreak956\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\unbreak956\team fortress 2\hl2.exe | 
"UDP Query User{E4EA6421-34E9-4D06-B491-AEB7F3EF386D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{E917BF10-4B6A-4B75-A762-8D36CEF2909E}C:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe" = protocol=17 | dir=in | app=c:\nexon\nexon_eu_downloader\nexon_eu_downloader_engine.exe | 
"UDP Query User{E9B4F35B-7610-4E55-AC24-3A7B60C792B7}C:\program files (x86)\steam\steamapps\pascal08125\half-life 2 deathmatch\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal08125\half-life 2 deathmatch\hl2.exe | 
"UDP Query User{ED6104F2-0A64-48CC-8F0C-3ED2E3265B7C}C:\program files (x86)\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files (x86)\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{F0AC8C23-6A82-4E84-B474-6E579600AFAA}C:\users\pascal pietrek\desktop\runes_of_magic_5_0_0_2535_slim.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\desktop\runes_of_magic_5_0_0_2535_slim.exe | 
"UDP Query User{F3DBB48F-1A69-4217-A6C8-8C8408D54FB7}C:\program files (x86)\redeclipse\bin\reclient.exe" = protocol=17 | dir=in | app=c:\program files (x86)\redeclipse\bin\reclient.exe | 
"UDP Query User{F718799B-E77F-4F56-8EB3-A75160827AC6}C:\program files (x86)\metin2\metin2client.bin" = protocol=17 | dir=in | app=c:\program files (x86)\metin2\metin2client.bin | 
"UDP Query User{FCB0E672-9F1F-4D07-9F9E-4DDF2FC2784B}C:\program files (x86)\steam\steamapps\pascal0051\team fortress 2\hl2.exe" = protocol=17 | dir=in | app=c:\program files (x86)\steam\steamapps\pascal0051\team fortress 2\hl2.exe | 
"UDP Query User{FD52853E-94EA-4876-9E99-35818901D70B}C:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe" = protocol=17 | dir=in | app=c:\users\pascal pietrek\appdata\local\akamai\netsession_win.exe | 
"UDP Query User{FE623E8A-460D-4DE6-AC8F-D05F29D94329}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417007FF}" = Java 7 Update 7 (64-bit)
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5B08AF35-B699-4A44-BB89-3E51E70611E8}" = HP MediaSmart SmartMenu
"{64A3A4F4-B792-11D6-A78A-00B0D0170020}" = Java(TM) SE Development Kit 7 Update 2 (64-bit)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{D7716C7E-75F1-4C51-A2D5-C6A1E8311D53}" = HP Deskjet 2050 J510 series - Grundlegende Software für das Gerät
"{D79A02E9-6713-4335-9668-AAC7474C0C0E}" = HP Vision Hardware Diagnostics
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX 64" = Adobe Flash Player 10 ActiveX 64-bit
"Blender" = Blender
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinGimp-2.0_is1" = GIMP 2.6.8
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02A10468-2F1C-447C-AD8E-4DEDDEA25AE2}" = Medieval II Total War : Kingdoms : Crusades
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"{07FA4960-B038-49EB-891B-9F95930AA544}" = HP Customer Experience Enhancements
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{14DCD95A-EBA3-4BF0-B7EF-533852E99BE6}" = LG PC Suite II
"{17DB3734-EAB4-4717-954B-C860EE162FBA}" = Video Power
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D108D70-E7D1-4089-9A0A-99629C4D0CB8}" = Morrowind
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{254C37AA-6B72-4300-84F6-98A82419187E}" = ActiveCheck component for HP Active Support Library
"{264FE20A-757B-492a-B0C3-4009E2997D8A}" = PictureMover
"{26A24AE4-039D-4CA4-87B4-2F83216022F0}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 7
"{2A9F95AB-65A3-432c-8631-B8BC5BF7477A}" = Die Schlacht um Mittelerde™ II
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}" = Microsoft XNA Framework Redistributable 4.0
"{2E97F7E8-ABDE-4E0D-B0AD-B6B4BAD89E24}" = Rome - Total War - Gold Edition
"{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"{319E272A-B5DB-4939-99D0-1F1F0C55699E}" = HP Support Assistant
"{31E2413D-8AA1-43EC-8B8D-77B65ADA4611}" = Civilization III v1.21f
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = USB Video Device
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"{40FB8D7C-6FF8-4AF2-BC8B-0B1DB32AF04B}" = HP Advisor
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = Recovery Manager
"{45057FCE-5784-48BE-8176-D9D00AF56C3C}" = Die Sims™ 3 Late Night
"{46BA053F-57B3-4153-BDB6-D37EEC8B12D7}" = LightScribe System Software
"{47957648-B46A-4211-85E1-01A15B6A1B45}" = Ace of Spades
"{49B6F667-76EB-4E9D-ACD2-84B7437901C0}" = LG PC Suite II
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4CB0307C-565E-4441-86BE-0DF2E4FB828C}" = Microsoft Games for Windows Marketplace
"{4DF4CAB9-B628-4924-AD9A-1C457DD2960A}" = VirtualDJ Home FREE
"{4F64A46D-67F7-4497-AEA2-313D4305A5F6}" = Torchlight
"{58D68DF0-4E8B-4E9E-B425-670F9E37C1A8}" = TES Construction Set
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{669D4A35-146B-4314-89F1-1AC3D7B88367}" = HPAsset component for HP Active Support Library
"{68A35043-C55A-4237-88C9-37EE1C63ED71}" = Microsoft Visual J# 2.0 Redistributable Package
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72D90DB3-A16A-4545-B555-868471101833}" = HP Setup
"{7343D969-5B4B-4696-9808-6B1993F26E6F}_is1" = Shaiyaner Version Episode 5.4
"{75983B66-804C-40D1-BA13-64DAF652A6F1}" = Medieval II Total War : Kingdoms : Americas
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7A3DF2E2-CF13-44FB-A93E-F71D5381DB3F}" = HP Deskjet 2050 J510 series Hilfe
"{7AEE1963-7001-4C37-BC20-2FAEB74AA41C}" = Medieval II Total War : Kingdoms : Teutonic
"{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime
"{7CFA46E3-CC2F-4355-82AE-6012DC3633FD}" = NVIDIA ForceWare Network Access Manager
"{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable
"{87686C21-8A15-4b4d-A3F1-11141D9BE094}" = Battlefield Play4Free
"{888DD888-82BE-4D85-BCB2-2E042CD3E844}" = Tom Clancy's Splinter Cell Chaos Theory
"{89661B04-C646-4412-B6D3-5E19F02F1F37}" = EAX4 Unified Redist
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{918A9082-6287-4D25-9002-5E5D5E4971CB}" = League of Legends
"{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"{943A8D28-80D6-41DC-AE94-81FEB42041BF}" = System Requirements Lab CYRI
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9A7172F1-66F1-603F-7E54-35EBB9F6E2EC}" = dLAN Cockpit
"{9C2EDC0F-B7C2-11E0-BE17-0013D3D69929}" = Vegas Movie Studio HD Platinum 11.0
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A83279FD-CA4B-4206-9535-90974DE76654}" = Apple Application Support
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B2F036FE-A916-4EBB-8621-5403444940D3}_is1" = Tiggit
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{B83FC356-B7C0-441F-8A4D-D71E088E7974}" = NVIDIA PhysX
"{B8AC1A89-FFD1-4F97-8051-E505A160F562}" = HP Odometer
"{B931FB80-537A-4600-00AD-AC5DEDB6C25B}" = Aufstieg des Hexenkönigs™
"{B9A03B7B-E0FF-4FB3-BA83-762E58A1B0AA}" = HP Support Information
"{BA26FFA5-6D47-47DB-BE56-34C357B5F8CC}" = Die Sims™ 3 Reiseabenteuer
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C0698BDA-0D29-40EE-8570-A31106DF9AB1}" = Medieval II Total War
"{C0E3B891-B7C3-11E0-A2BD-001320F83A25}" = MSVCRT Redists
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C580908C-B3BA-4C19-BD60-16F02F272201}" = BattleForge™
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CEDDEE73-3D36-41C2-AA40-29355D9FBD63}" = Medieval II Total War : Kingdoms : Britannia
"{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"{DE77FE3F-A33D-499A-87AD-5FC406617B40}" = HP Update
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{EA450D5D-95EA-4FD0-B8B0-6D8E68FBE2C7}" = Impulse
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FA66CFD7-0977-4C45-AACD-A8BB994B1A05}" = Quake Live Mozilla Plugin
"{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"AudibleManager" = AudibleManager
"Avira AntiVir Desktop" = Avira Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"BattlEye A2 Free" = BattlEye (A2Free) Uninstall
"Cobalt" = Cobalt
"Crossfire Europe" = Crossfire Europe
"Divine Divinity" = Divine Divinity
"dlancockpit" = devolo dLAN Cockpit
"EasyBits Magic Desktop" = Magic Desktop
"Fallout_is1" = Fallout
"FlightGear_is1" = FlightGear v1.9.1
"Fraps" = Fraps (remove only)
"Galactic Civilizations II - Ultimate Edition" = Galactic Civilizations II - Ultimate Edition
"Guild Wars" = GUILD WARS
"HotspotShield" = Hotspot Shield 2.53
"Impulse" = Impulse
"InstallShield_{06F80017-8F98-4C94-B868-52358569FC32}" = Command & Conquer(TM) Generäle
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = CyberLink DVD Suite Deluxe
"InstallShield_{3023EBDA-BF1B-4831-B347-E5018555F26E}" = Movie Theme Pack for HP MediaSmart Video
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go
"InstallShield_{6DAF8CDC-9B04-413B-A0F2-BCC13CF8A5BF}" = HP MediaSmart Photo
"InstallShield_{91A34181-9FAD-43AB-A35F-E7A8945B7E1C}" = HP MediaSmart Music
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"InstallShield_{D12E3E7F-1B13-4933-A915-16C7DD37A095}" = HP MediaSmart Video
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"InstallShield_{DCCAD079-F92C-44DA-B258-624FC6517A5A}" = HP MediaSmart DVD
"InstallShield_{F3E9C243-122E-4D6B-ACC1-E1FEC02F6CA1}" = Command and Conquer(TM) Generäle Die Stunde Null 
"InstallShield_{FB4BB287-37F9-4E27-9C4D-2D3882E08EFF}" = DVD Menu Pack for HP MediaSmart Video
"Kill Fun Yeah_is1" = Kill Fun Yeah version 0.28
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Microsoft .NET Framework 1.1  (1033)" = Microsoft .NET Framework 1.1
"Microsoft Visual J# 2.0 Redistributable Package" = Microsoft Visual J# 2.0 Redistributable Package
"Mozilla Firefox 15.0 (x86 de)" = Mozilla Firefox 15.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MTA:SA 1.3" = MTA:SA v1.3
"MusicStationNetstaller" = MusicStation
"My HP Game Console" = HP Game Console
"Notepad++" = Notepad++
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"OpenAL" = OpenAL
"OpenTTD" = OpenTTD 1.2.1
"Orden der Ehre 3.3_is1" = Orden der Ehre 3.0
"Origin" = Origin
"PDF Complete" = PDF Complete Special Edition
"PunkBusterSvc" = PunkBuster Services
"RedEclipse" = RedEclipse
"RPGAdvocates_RTP_1.0" = Common RTP 1.0
"Sam and Max Save The World" = Sam and Max Save The World
"ScummVM_is1" = ScummVM 1.4.1
"Stainless Steel 6.3" = Stainless Steel 6.3 
"Steam App 102700" = Alliance of Valiant Arms
"Steam App 105600" = Terraria
"Steam App 12120" = Grand Theft Auto: San Andreas
"Steam App 12910" = Audiosurf Demo
"Steam App 200210" = Realm of the Mad God
"Steam App 206270" = GTA SA German Mac
"Steam App 240" = Counter-Strike: Source
"Steam App 32370" = Star Wars: Knights of the Old Republic
"Steam App 3910" = Sid Meier's Civilization III: Complete
"Steam App 440" = Team Fortress 2
"Steam App 500" = Left 4 Dead
"Steam App 70" = Half-Life
"Tunngle beta_is1" = Tunngle beta
"Uninstall_is1" = Uninstall 1.0.0.1
"VLC media player" = VLC media player 1.1.10
"WildTangent hp Master Uninstall" = HP Games
"Winamp" = Winamp
"WinLiveSuite_Wave3" = Windows Live Essentials
"World of Warcraft" = World of Warcraft
"WT087361" = FATE
"WT087380" = John Deere Drive Green
"WT087394" = Penguins!
"WT087396" = Polar Bowler
"WT087420" = Agatha Christie - Death on the Nile
"WT087428" = Bejeweled 2 Deluxe
"WT087453" = Chuzzle Deluxe
"WT087480" = Insaniquarium Deluxe
"WT087485" = Jewel Quest II
"WT087490" = Jewel Quest Solitaire
"WT087501" = Plants vs. Zombies
"WT087510" = Slingo Deluxe
"WT087513" = Virtual Villagers - The Secret City
"WT087519" = Wedding Dash
"WT087533" = Zuma Deluxe
"WT087536" = Diner Dash 2 Restaurant Rescue
"Z0 - Video To Mp3" = FoxTab Video To MP3 Converter (remove only)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"6a8d107093fa4038" = Platformines_Beta
"FileZilla Client" = FileZilla Client 3.5.1
"Google Chrome" = Google Chrome
"Schwert und Speer Ultimat" = Schwert und Speer Ultimat
"Spotify" = Spotify
"Winamp Detect" = Winamp Erkennungs-Plug-in
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 10/14/2011 9:12:13 AM | Computer Name = Pascal-HP | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " j? ??". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch
 formatierte Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die
 letzten gültigen Indexwerte enthalten.
 
Error - 10/15/2011 6:28:56 AM | Computer Name = Pascal-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Terraria.exe, Version: 1.0.4.0, Zeitstempel:
 0x4e4be69a  Name des fehlerhaften Moduls: steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel:
 0x4e8cc0ab  Ausnahmecode: 0xc0000005  Fehleroffset: 0x301d73c0  ID des fehlerhaften Prozesses:
 0xe8c  Startzeit der fehlerhaften Anwendung: 0x01cc8b21e9ad0610  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\common\terraria\Terraria.exe  Pfad
 des fehlerhaften Moduls: steam.dll  Berichtskennung: 7bf6f9b0-f718-11e0-9515-7071bcb33adc
 
Error - 10/15/2011 6:29:28 AM | Computer Name = Pascal-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: Terraria.exe, Version: 1.0.4.0, Zeitstempel:
 0x4e4be69a  Name des fehlerhaften Moduls: steam.dll_unloaded, Version: 0.0.0.0, Zeitstempel:
 0x4e8cc0ab  Ausnahmecode: 0xc0000005  Fehleroffset: 0x301c0b47  ID des fehlerhaften Prozesses:
 0xe8c  Startzeit der fehlerhaften Anwendung: 0x01cc8b21e9ad0610  Pfad der fehlerhaften
 Anwendung: c:\program files (x86)\steam\steamapps\common\terraria\Terraria.exe  Pfad
 des fehlerhaften Moduls: steam.dll  Berichtskennung: 8f506fa0-f718-11e0-9515-7071bcb33adc
 
Error - 10/18/2011 10:49:56 AM | Computer Name = Pascal-HP | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 10/18/2011 10:54:32 AM | Computer Name = Pascal-HP | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
Error - 10/21/2011 11:18:48 AM | Computer Name = Pascal-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.20.7, Zeitstempel:
 0x4e70683a  Name des fehlerhaften Moduls: fraps64.dll, Version: 3.2.3.11796, Zeitstempel:
 0x4c16db9d  Ausnahmecode: 0xc0000005  Fehleroffset: 0x0000000000011d89  ID des fehlerhaften
 Prozesses: 0x12c8  Startzeit der fehlerhaften Anwendung: 0x01cc90046be99990  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Fraps\fraps64.dll  Berichtskennung: f937b390-fbf7-11e0-8600-7071bcb33adc
 
Error - 10/21/2011 11:18:51 AM | Computer Name = Pascal-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: javaw.exe, Version: 7.0.20.7, Zeitstempel:
 0x4e70683a  Name des fehlerhaften Moduls: fraps64.dll, Version: 3.2.3.11796, Zeitstempel:
 0x4c16db9d  Ausnahmecode: 0xc000041d  Fehleroffset: 0x0000000000011d89  ID des fehlerhaften
 Prozesses: 0x12c8  Startzeit der fehlerhaften Anwendung: 0x01cc90046be99990  Pfad der
 fehlerhaften Anwendung: C:\Program Files\Java\jre7\bin\javaw.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files (x86)\Fraps\fraps64.dll  Berichtskennung: fab8fc60-fbf7-11e0-8600-7071bcb33adc
 
Error - 10/22/2011 6:31:51 AM | Computer Name = Pascal-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFP4f.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e844423  Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.17.12.8026, Zeitstempel:
 0x4e3909fb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003809b2  ID des fehlerhaften Prozesses:
 0x8c0  Startzeit der fehlerhaften Anwendung: 0x01cc90a54c90a060  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\EA Games\Battlefield Play4Free\BFP4f.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll  Berichtskennung: 0d93d1b0-fc99-11e0-ae99-7071bcb33adc
 
Error - 10/22/2011 6:33:26 AM | Computer Name = Pascal-HP | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: BFP4f.exe, Version: 0.0.0.0, Zeitstempel:
 0x4e844423  Name des fehlerhaften Moduls: nvd3dum.dll, Version: 8.17.12.8026, Zeitstempel:
 0x4e3909fb  Ausnahmecode: 0xc0000005  Fehleroffset: 0x003809b2  ID des fehlerhaften Prozesses:
 0x13a0  Startzeit der fehlerhaften Anwendung: 0x01cc90a5deb1fd40  Pfad der fehlerhaften
 Anwendung: C:\Program Files (x86)\EA Games\Battlefield Play4Free\BFP4f.exe  Pfad 
des fehlerhaften Moduls: C:\Windows\system32\nvd3dum.dll  Berichtskennung: 45f36de0-fc99-11e0-ae99-7071bcb33adc
 
Error - 10/23/2011 7:16:53 AM | Computer Name = Pascal-HP | Source = Application Hang | ID = 1002
Description = Programm javaw.exe, Version 7.0.20.7 kann nicht mehr unter Windows
 ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
 um nach weiteren Informationen zum Problem zu suchen.    Prozess-ID: c54    Startzeit: 
01cc91752be1c803    Endzeit: 32    Anwendungspfad: C:\Program Files\Java\jre7\bin\javaw.exe

Berichts-ID:
 7e949e14-fd68-11e0-b91e-7071bcb33adc  
 
Error - 10/24/2011 12:12:20 PM | Computer Name = Pascal-HP | Source = Microsoft-Windows-LoadPerf | ID = 3002
Description = Der Textzeichenfolgenwert zur Beschreibung des Leistungsindikators
 in der Registrierung ist falsch formatiert. Die falsch formatierte Zeichenfolge
 ist " ". Das erste DWORD im Datenbereich enthält den Indexwert für die falsch formatierte
 Zeichenfolge, während das zweite und dritte DWORD im Datenbereich die letzten gültigen
 Indexwerte enthalten.
 
[ Hewlett-Packard Events ]
Error - 6/21/2012 11:32:13 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\061221053212.xml
 File not created by asset agent
 
Error - 6/21/2012 11:32:53 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201206211732.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 6/28/2012 10:11:33 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201206281611.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 7/5/2012 10:45:48 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201207051645.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 7/12/2012 7:19:41 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201207121319.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 7/19/2012 6:24:38 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201207191224.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 8/10/2012 9:40:41 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208101540.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 8/16/2012 6:02:39 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208161202.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 8/23/2012 6:17:58 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = de-DE Ein Teil des Pfades "C:\ProgramData\Hewlett-Packard\HP Support
 Framework\Logs\Temp\HPSA\HPSASession_201208231217.xml" konnte nicht gefunden werden.
mscorlib

   bei System.IO.__Error.WinIOError(Int32 errorCode, String maybeFullPath)     bei
 System.IO.FileStream.Init(String path, FileMode mode, FileAccess access, Int32 
rights, Boolean useRights, FileShare share, Int32 bufferSize, FileOptions options,
 SECURITY_ATTRIBUTES secAttrs, String msgPath, Boolean bFromProxy)     bei System.IO.FileStream..ctor(String
 path, FileMode mode, FileAccess access, FileShare share, Int32 bufferSize, FileOptions
 options)     bei System.IO.StreamWriter.CreateFile(String path, Boolean append)    
 bei System.IO.StreamWriter..ctor(String path, Boolean append, Encoding encoding,
 Int32 bufferSize)     bei System.IO.StreamWriter..ctor(String path, Boolean append,
 Encoding encoding)     bei System.IO.File.WriteAllText(String path, String contents,
 Encoding encoding)     bei HP.ActiveSupportLibrary.Issues.HPSFSession.closeSaveSession()

 
Error - 9/6/2012 10:07:31 AM | Computer Name = Pascal-HP | Source = Hewlett-Packard | ID = 0
Description = AAProcessExited() C:\ProgramData\Hewlett-Packard\HP Support Framework\Telemetry\091206040729.xml
 File not created by asset agent
 
[ Media Center Events ]
Error - 1/22/2011 9:43:14 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 14:43:10 - Fehler beim Herstellen der Internetverbindung.  14:43:10 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 6:26:31 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 11:26:31 - Fehler beim Herstellen der Internetverbindung.  11:26:31 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 6:26:41 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 11:26:37 - Fehler beim Herstellen der Internetverbindung.  11:26:37 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 7:26:53 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 12:26:53 - Fehler beim Herstellen der Internetverbindung.  12:26:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 7:27:04 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 12:26:58 - Fehler beim Herstellen der Internetverbindung.  12:26:58 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 8:27:17 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 13:27:16 - Fehler beim Herstellen der Internetverbindung.  13:27:16 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 8:27:32 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 13:27:22 - Fehler beim Herstellen der Internetverbindung.  13:27:22 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 9:30:06 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 14:30:06 - Fehler beim Herstellen der Internetverbindung.  14:30:06 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 1/28/2011 9:30:12 AM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 14:30:11 - Fehler beim Herstellen der Internetverbindung.  14:30:11 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 2/8/2011 1:10:52 PM | Computer Name = Pascal-HP | Source = MCUpdate | ID = 0
Description = 18:10:52 - Fehler beim Herstellen der Internetverbindung.  18:10:52 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 9/5/2012 9:52:18 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 9/5/2012 9:52:18 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 9/5/2012 10:24:23 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 9/5/2012 10:24:23 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 9/6/2012 9:59:24 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 9/6/2012 9:59:24 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 9/7/2012 7:20:06 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 9/7/2012 7:20:06 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
Error - 9/8/2012 6:47:51 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7038
Description = Der Dienst "nvUpdatusService" konnte sich nicht als ".\UpdatusUser"
 mit dem aktuellen Kennwort aufgrund des folgenden Fehlers anmelden:   %%1330    Vergewissern
 Sie sich, dass der Dienst richtig konfiguriert ist im Dienste-Snap-In in der Microsoft
 Management Console (MMC).
 
Error - 9/8/2012 6:47:51 AM | Computer Name = Pascal-HP | Source = Service Control Manager | ID = 7000
Description = Der Dienst "NVIDIA Update Service Daemon" wurde aufgrund folgenden
 Fehlers nicht gestartet:   %%1069
 
 
< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt mbam-log-2012-09-07 (13-54-52).txt (2,2 KB, 117x aufgerufen)
Dateityp: txt AdwCleaner[R3].txt (1,4 KB, 118x aufgerufen)
Dateityp: txt OTL.Txt (94,7 KB, 124x aufgerufen)

Alt 09.09.2012, 02:06   #14
t'john
/// Helfer-Team
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
:reg
[-HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions]
"{336D0C35-8A85-403a-B9D2-65C292C39087}"=-

:files
C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX
         
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
Mfg, t'john
Das TB unterstützen

Alt 09.09.2012, 09:12   #15
Pascal05551
 
MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Standard

MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen



hier ist das Log file

PHP-Code:
========== OTL ==========
========== 
REGISTRY ==========
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Stats\{336D0C35-8A85-403a-B9D2-65C292C39087}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{336D0C35-8A85-403a-B9D2-65C292C39087}\ not found.
========== 
FILES ==========
File\Folder C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX not found.
 
OTL by OldTimer Version 3.2.61.2 log created on 09092012_101100 

Antwort

Themen zu MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen
bescheid, eingefangen, ellung, firefox, gefangen, gen, incredibar, log, mystart, mystart by incredibar, mystart trojaner, neue, platte, poste, posten, systemwiederherstellung, texte, troja, trojaner, trojaner eingefangen, trozdem, vorgehen, wegbekomme



Ähnliche Themen: MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen


  1. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 29.01.2013 (24)
  2. mystart.incredibar.com
    Plagegeister aller Art und deren Bekämpfung - 11.11.2012 (13)
  3. Mystart Incredibar eingefangen
    Plagegeister aller Art und deren Bekämpfung - 04.11.2012 (7)
  4. Mystart incredibar eingefangen. wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 31.10.2012 (42)
  5. Mystart incredibar eingefangen. wie werde ich es wieder los?
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (1)
  6. MyStart Incredibar Virus eingefangen.
    Plagegeister aller Art und deren Bekämpfung - 08.10.2012 (50)
  7. MyStart Incredibar eingefangen und anfänger!
    Plagegeister aller Art und deren Bekämpfung - 27.09.2012 (17)
  8. mystart.incredibar eingefangen :-(
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  9. MyStart @ Incredibar und MyStart Search trotz Deinstallation des Programms
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (2)
  10. Mystart Incredibar mit Systemwiederherstellung entfernt - Computer wirklich bereinigt?
    Plagegeister aller Art und deren Bekämpfung - 07.09.2012 (27)
  11. mystart.incredibar.com/mb165?a=6OyHDmBKyx&loc=FF_NT bei Download eingefangen
    Plagegeister aller Art und deren Bekämpfung - 03.08.2012 (17)
  12. mystart incredibar eingefangen - logfile liegt vor.
    Log-Analyse und Auswertung - 24.07.2012 (13)
  13. Mystart Incredibar
    Log-Analyse und Auswertung - 20.07.2012 (32)
  14. MyStart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (3)
  15. MyStart incredibar- Trojaner eingefangen!
    Log-Analyse und Auswertung - 11.07.2012 (1)
  16. Mystart Incredibar
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  17. Trojaner - wie wegbekommen ohne System neu aufsetzen??
    Plagegeister aller Art und deren Bekämpfung - 19.09.2004 (4)

Zum Thema MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen - Hallo Ich habe mir den MyStart Trojaner eingefangen und möchte ihn wegbekommen. Wie soll ich vorgehen bis jetzt habe ich alles was mit IncrediBar zu tun hat mit Systemprogramme von - MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen...
Archiv
Du betrachtest: MyStart by IncrediBar eingefangen wie ohne Systemwiederherstellung wegbekommen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.