Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: PC langsam nach österreichischem Bundespolizei-Virus

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.01.2013, 18:19   #1
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Begrüße!

ich habe mir zu weihnachten diesen bundespolizeivirus eingefangen(österreichische version falls das was zur sache tut).

dann habe ich mal Malwarebytes' Anti-Malware und avg free antivirus scannen lassen - beide haben was gefunden (malwarebytes 14 funde und avg 4).

die viren wurden in quarantäne verschoben bzw gelöscht.

danach konnte ich wieder normal booten und bei weiteren scans wurde nichts gefunden, jedoch fällt mir auf das der pc bei manchen programmen länger zum starten braucht zB. mit steam um black ops 2 zu spieln.

das windows sicherheitscenter lässt sich auch nicht starten da sich der dienst Windows-Verwaltungsinstrumentation nicht starten lässt, es kommt der fehler: dienst Windows-Verwaltungsinstrumentation konnte auf lokaler computer nicht gestartet werden! Fehler 126: Das angegebene Modul wurde nicht gefunden.

und meine minianwendung fir mit die ram auslastung zeig spinnt auch herum.
sie schreibt mehrere zeilen übereinander und ist somit unlesbar.

danke im vorraus

Alt 03.01.2013, 18:23   #2
aharonov
/// TB-Ausbilder
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus





Ich habe dein Thema in Arbeit und melde mich so schnell als möglich mit weiteren Anweisungen.

Bitte beachte, dass alle meine Antworten zuerst von einem Ausbilder freigegeben werden müssen, bevor ich diese hier posten darf. Dies garantiert, dass du Hilfe von einem ausgebildeten Helfer bekommst.

Ich bedanke mich für deine Geduld.
__________________

__________________

Alt 03.01.2013, 18:52   #3
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



oke vielen dank (:
__________________

Alt 03.01.2013, 19:43   #4
aharonov
/// TB-Ausbilder
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Hallo troololol und

Mein Name ist Leo und ich werde dich durch die Bereinigung deines Rechners begleiten.

Eine Bereinigung beinhaltet nebst dem Entfernen von Malware auch das Schliessen von Sicherheitslücken und sollte gründlich durchgeführt werden. Sie erfolgt deshalb in mehreren Schritten und bedeutet einigen Aufwand für dich.
Beachte: Das Verschwinden der offensichtlichen Symptome bedeutet nicht, dass das System schon sauber ist.
Arbeite daher in deinem eigenen Interesse solange mit, bis du das OK bekommst, dass alles erledigt ist.


Bevor wir loslegen - Hinweise zum Ablauf:
  • Du bekommst von mir jeweils eine individuell auf dich abgestimmte schrittweise Anleitung.
    • Lese diese Anweisungen immer zuerst vollständig durch und frag bei Unklarheiten nach, bevor du beginnst.
    • Arbeite die Anleitungen dann sorgfältig und in der angegebenen Reihenfolge ab und poste deine Rückmeldungen und Logfiles gesammelt in einer Antwort.
    • Füge den Inhalt der Logfiles wenn immer möglich innerhalb von Code-Tags in deine Antwort ein.
    • Sollten Probleme auftauchen, dann brich an dieser Stelle ab und schildere sie so gut wie möglich.
  • Es ist wichtig für mich, dass sich der Zustand deines Systems nicht plötzlich unvorhersehbar ändert. Deshalb: Bitte
    • .. lasse keine Scanner oder Tools ohne Aufforderung laufen. Lösche nichts auf eigene Faust.
    • .. installiere oder deinstalliere während der Bereinigung keine Software.
    • .. frag nicht parallel in anderen Foren nach Hilfe (Crossposting).
  • Ich kann dir keine Garantien geben, dass die Bereinigung schlussendlich erfolgreich sein wird und wir alles finden werden.
    • Ein Formatieren und Neuinstallieren ist meist der schnellere und immer der sicherere Weg.
    • Sollte ich eine schwerwiegende Infektion bei dir finden, werde ich dich nochmals darauf hinweisen. Es bleibt aber deine Entscheidung.
Los geht's: Alle Tools immer auf den Desktop speichern und von dort starten.



Bevor wir was rumfixen, brauchen wir noch ein paar mehr Informationen.

Zitat:
dann habe ich mal Malwarebytes' Anti-Malware und avg free antivirus scannen lassen - beide haben was gefunden (malwarebytes 14 funde und avg 4)
Diese beiden Logs mit den Funden würde ich gerne sehen, siehe hier: http://www.trojaner-board.de/125889-...tml#post941520
Wichtig: Führe keinen neuen Scan durch, sondern poste nur die schon bestehenden Logs.



Schritt 1

Lade Dir bitte OTL (von Oldtimer) herunter und speichere es auf deinen Desktop.
  • Doppelklick auf die OTL.exe.
  • Unter Extra Registry, wähle bitte Use SafeList.
  • Klicke nun auf Run Scan.
  • Wenn der Scan beendet ist, werden 2 Logfiles (OTL.txt und Extras.txt) erstellt.
  • Poste den Inhalt dieser Logfiles hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • bestehende Logs von Malwarebytes und AVG mit den Funden
  • Logs von OTL
__________________
cheers,
Leo

Alt 04.01.2013, 14:54   #5
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



hey leo

aber dabei werden eh keine daten von mir gelöscht oder ?
auser eventuell infizierte.

wie man die logdateien von avg postet weis ich net ^^
hat aber mit denen denk ich nix zu tun weil ich die 2 dateien schon lange am pc hab und diese probleme vorher nicht hatte .

Angehängte Dateien
Dateityp: txt mbam-log-2012-12-25 (12-21-06).txt (5,1 KB, 181x aufgerufen)

Geändert von troololol (04.01.2013 um 15:02 Uhr)

Alt 04.01.2013, 14:59   #6
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



OTL.txt:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 04.01.2013 15:43:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,60% Memory free
5,98 Gb Paging File | 4,03 Gb Available in Paging File | 67,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 273,24 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.04 15:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,824,232 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbam.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.13 15:19:39 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe
PRC - [2012.12.06 21:37:54 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe
PRC - [2012.11.28 16:28:22 | 000,548,264 | ---- | M] (Splashtop Inc.) -- C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe
PRC - [2012.11.28 16:28:16 | 006,655,912 | ---- | M] (Splashtop Inc.) -- C:\Programme\Splashtop\Splashtop Remote\Server\SRFeature.exe
PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgui.exe
PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgidsagent.exe
PRC - [2012.10.30 04:59:56 | 000,726,648 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgrsx.exe
PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.10.22 13:04:32 | 001,116,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgnsx.exe
PRC - [2012.10.22 13:03:52 | 000,796,792 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgemcx.exe
PRC - [2012.10.22 13:03:46 | 000,440,440 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Programme\AVG\AVG2013\avgcsrvx.exe
PRC - [2012.10.17 02:22:28 | 000,386,920 | ---- | M] (Splashtop Inc.) -- C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe
PRC - [2012.09.28 02:38:42 | 000,473,088 | ---- | M] (AMD) -- C:\Windows\System32\atieclxx.exe
PRC - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) -- C:\Windows\System32\atiesrxx.exe
PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE
PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010.11.20 13:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2010.02.10 09:04:44 | 000,676,520 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwmon.exe
PRC - [2009.10.16 15:08:52 | 000,594,600 | ---- | M] ( ) -- C:\Windows\System32\lxdwcoms.exe
PRC - [2009.07.21 09:17:46 | 000,323,584 | ---- | M] (Logitech Inc.) -- C:\Programme\Logitech\SetPoint II\SetPointII.exe
PRC - [2009.07.10 12:42:32 | 000,055,824 | ---- | M] (Logitech, Inc.) -- C:\Programme\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\System32\NlsSrv32.exe
PRC - [2009.03.30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
PRC - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe
PRC - [2008.01.18 14:01:02 | 000,307,200 | ---- | M] (FOMINE SOFTWARE) -- C:\Users\*****\New Folder\Window Hide Tool.exe
PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.12.13 15:19:39 | 014,586,296 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_5_502_135.dll
MOD - [2012.12.06 21:37:54 | 002,397,152 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll
MOD - [2012.11.15 15:00:05 | 000,253,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsFormsIntegra#\c57e9cc78527b9a7bbe4ab8dbf93cff2\WindowsFormsIntegration.ni.dll
MOD - [2012.11.15 14:58:16 | 000,096,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationProvider\bc9a67c8782211bc4282369952711a0b\UIAutomationProvider.ni.dll
MOD - [2012.11.15 14:53:38 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\23de8d00755205c37aa6795b0ce8a42d\System.Xaml.ni.dll
MOD - [2012.11.15 14:53:36 | 012,079,616 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Web\35cdab6d487e1b650487541f95f4e261\System.Web.ni.dll
MOD - [2012.11.15 14:53:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\9ef13b66141c6071d45ab738875cb2b4\System.Runtime.Remoting.ni.dll
MOD - [2012.11.15 14:48:17 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\66694f9192bd0dddc2eaf90fbcbcd555\System.Management.ni.dll
MOD - [2012.11.15 14:42:02 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.15 14:41:46 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.14 17:24:39 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c22857dbcce7e0320350436e80ec8ab1\PresentationFramework.ni.dll
MOD - [2012.11.14 17:24:30 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\78a485faba9584cfb1a5052a4cbe71e8\PresentationCore.ni.dll
MOD - [2012.11.14 17:24:23 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\df5142941549ff71737438c85e565ab3\WindowsBase.ni.dll
MOD - [2012.11.14 17:24:22 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\53121a27f94f7335e585384377fc538a\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 17:23:12 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\ccf3f783590b1747a3593b889bede2fb\System.Windows.Forms.ni.dll
MOD - [2012.11.14 17:23:10 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\a7cdf1caedee630b8440fb8e8657aca1\System.Core.ni.dll
MOD - [2012.11.14 17:23:08 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\06db722a2ddebd960d907c2de6f1cfa7\System.Xml.ni.dll
MOD - [2012.11.14 17:23:05 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\ed7768172bbf30462bc554dee3911540\System.Drawing.ni.dll
MOD - [2012.11.14 17:23:05 | 000,982,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\c15c94b675becb485d940f8f0068dc5d\System.Configuration.ni.dll
MOD - [2012.11.14 17:23:04 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\0bc033fa805a31e31dc462cfae365478\System.ni.dll
MOD - [2012.11.14 17:23:00 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\685f73e04393b5342bd1cebe701496ad\mscorlib.ni.dll
MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
MOD - [2010.11.13 01:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2010.02.10 09:04:44 | 000,676,520 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwmon.exe
MOD - [2010.02.10 08:51:53 | 000,081,920 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwcaps.dll
MOD - [2010.02.10 08:51:37 | 000,380,928 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwscw.dll
MOD - [2010.02.10 08:51:34 | 001,036,288 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwdrs.dll
MOD - [2010.02.10 08:25:20 | 000,188,416 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwdatr.dll
MOD - [2010.02.10 08:25:11 | 000,069,632 | ---- | M] () -- C:\Programme\Lexmark 7600 Series\lxdwcnv4.dll
MOD - [2008.12.12 10:15:00 | 000,040,960 | ---- | M] () -- C:\Programme\LG Soft India\forteManager\bin\ContextMenu.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Users\*****\wgsdgsdgdsgsd.dll -- (Winmgmt)
SRV - [2012.12.22 15:20:06 | 000,541,760 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.13 15:19:39 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.06 21:37:54 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.11.28 16:28:22 | 000,548,264 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Programme\Splashtop\Splashtop Remote\Server\SRService.exe -- (SplashtopRemoteService)
SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.10.17 02:22:28 | 000,386,920 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Programme\Splashtop\Splashtop Software Updater\SSUService.exe -- (SSUService)
SRV - [2012.09.28 02:38:02 | 000,217,600 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2012.09.20 13:28:48 | 030,785,672 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2012.09.07 15:37:04 | 000,100,864 | ---- | M] (Freemake) [Auto | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.16 15:31:32 | 002,673,064 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.01.04 14:22:40 | 000,822,624 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE -- (cvhsvc)
SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.03.28 20:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Disabled | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2011.02.28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.01.09 04:20:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2010.11.20 13:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.10.16 15:08:52 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\Windows\System32\lxdwcoms.exe -- (lxdw_device)
SRV - [2009.10.16 15:08:40 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\spool\DRIVERS\W32X86\3\\lxdwserv.exe -- (lxdwCATSCustConnectService)
SRV - [2009.07.21 03:04:00 | 000,047,128 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2009.06.07 12:20:20 | 000,061,440 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\System32\NlsSrv32.exe -- (nlsX86cc)
SRV - [2009.03.30 02:25:26 | 043,010,392 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS)
SRV - [2009.03.30 02:23:32 | 000,254,808 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser)
SRV - [2009.03.30 02:23:24 | 000,366,936 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS)
SRV - [2008.07.10 01:49:44 | 000,098,840 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.01.04 15:41:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.10.22 13:02:46 | 000,179,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2012.10.15 03:48:52 | 000,055,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2012.10.05 03:32:50 | 000,093,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2012.10.02 03:30:38 | 000,159,712 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2012.09.28 03:20:20 | 009,107,968 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag)
DRV - [2012.09.28 02:12:10 | 000,370,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap)
DRV - [2012.09.21 03:46:06 | 000,164,832 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2012.09.21 03:46:00 | 000,177,376 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\avglogx.sys -- (Avglogx)
DRV - [2012.09.21 03:45:54 | 000,019,936 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\System32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2012.09.14 03:05:20 | 000,035,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\System32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012.09.11 15:23:09 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.08.20 13:48:44 | 000,015,576 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdrvio.sys -- (pwdrvio)
DRV - [2012.08.20 13:48:44 | 000,010,200 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\pwdspio.sys -- (pwdspio)
DRV - [2012.05.14 07:12:28 | 000,086,656 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService)
DRV - [2012.03.01 20:00:24 | 000,278,984 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\atksgt.sys -- (atksgt)
DRV - [2012.03.01 20:00:24 | 000,025,416 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)
DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol)
DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir)
DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay)
DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs)
DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2010.10.09 14:48:36 | 000,072,576 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ew_jubusenum.sys -- (huawei_enumerator)
DRV - [2010.08.07 17:48:42 | 000,106,880 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2010.07.27 09:52:02 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ew_hwusbdev.sys -- (ew_hwusbdev)
DRV - [2010.03.09 11:21:26 | 000,107,024 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV - [2010.03.02 13:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV - [2010.03.02 13:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV - [2010.03.02 13:57:42 | 000,105,856 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV - [2010.02.22 09:06:42 | 000,009,216 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\massfilter.sys -- (massfilter)
DRV - [2010.02.04 11:54:32 | 001,558,368 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NxpCap.sys -- (NxpCap)
DRV - [2010.01.19 15:10:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/06/04 09:59:23] [Kernel | Auto | Running] -- C:\Programme\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.10.26 15:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2009.10.26 15:54:24 | 000,025,088 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ANDROIDUSB.sys -- (androidusb)
DRV - [2009.09.22 14:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su)
DRV - [2009.08.05 20:37:04 | 000,039,112 | ---- | M] (GBM Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GRemoteJoy.sys -- (GRemoteJoy)
DRV - [2009.08.05 20:37:04 | 000,023,368 | ---- | M] (GBM Software) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\GRemoteBus.sys -- (GRemoteBus)
DRV - [2009.06.17 09:56:18 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)
DRV - [2009.06.17 09:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)
DRV - [2009.05.13 12:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009.05.13 12:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2009.03.30 02:09:28 | 000,239,336 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0103.sys -- (RsFx0103)
DRV - [2008.12.12 14:27:46 | 000,018,432 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\LG Soft India\forteManager\bin\PII2CDriver.sys -- (LGII2CDevice)
DRV - [2008.12.12 14:27:46 | 000,014,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Programme\LG Soft India\forteManager\bin\I2CDriver.sys -- (LGDDCDevice)
DRV - [2008.03.29 17:36:28 | 000,125,328 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 18:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=hp&babsrc=lnkry_nt
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q={searchTerms}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{615AC341-BABA-4E1B-BC5A-549E9BC45EB9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.startup.homepage: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=hp&babsrc=lnkry"
FF - prefs.js..extensions.enabledAddons: battlefieldheroespatcher%40ea.com:5.0.145.0
FF - prefs.js..extensions.enabledAddons: fmconverter%40gmail.com:1.0.0
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..keyword.URL: "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=AT&userid=f48dbb65-af50-42c0-ac0d-6af7a76513e0&affid=111583&searchtype=ds&babsrc=lnkry&q="
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.110.0: C:\Program Files\Battlelog Web Plugins\1.110.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.118.0: C:\Program Files\Battlelog Web Plugins\1.118.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files\Battlelog Web Plugins\1.138.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MIF5BA~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeExManDetect: C:\Program Files\Adobe\Adobe Extension Manager CS6\npAdobeExManDetectX86.dll (Adobe Systems)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fmconverter@gmail.com: C:\Program Files\Freemake\Freemake Video Converter\BrowserPlugin\Firefox\ [2012.12.22 18:28:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 21:37:55 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 21:37:50 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.12.06 21:37:55 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.12.06 21:37:50 | 000,000,000 | ---D | M]
 
[2011.01.08 21:00:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions
[2012.12.30 21:52:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions
[2012.12.30 21:52:02 | 000,000,000 | ---D | M] (DVDVideoSoftTB Community Toolbar) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
[2012.09.02 19:59:54 | 000,000,000 | ---D | M] (Battlefield Heroes Updater) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions\battlefieldheroespatcher@ea.com
[2011.03.26 11:42:15 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\*****\AppData\Roaming\mozilla\Firefox\Profiles\0ed3ahvj.default\extensions\engine@conduit.com
[2012.12.12 15:16:53 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.06 14:52:43 | 000,189,128 | ---- | M] () (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
[2011.03.17 15:37:00 | 000,000,873 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\searchplugins\conduit.xml
[2011.11.13 01:31:04 | 000,003,915 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\searchplugins\sweetim.xml
[2012.10.22 16:42:13 | 000,002,455 | ---- | M] () -- C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\0ed3ahvj.default\searchplugins\Web Search.xml
[2012.12.06 21:37:48 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2012.12.06 21:37:48 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.12.22 18:28:43 | 000,000,000 | ---D | M] (Freemake Video Converter Plugin) -- C:\PROGRAM FILES\FREEMAKE\FREEMAKE VIDEO CONVERTER\BROWSERPLUGIN\FIREFOX
[2012.12.06 21:37:54 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.07.21 12:06:53 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.08.31 14:23:08 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.07.21 12:06:53 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.07.21 12:06:53 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.07.21 12:06:53 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.07.21 12:06:53 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Lexmark ) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Programme\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [lxdwmon.exe] C:\Program Files\Lexmark 7600 Series\lxdwmon.exe ()
O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\*****\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra 'Tools' menuitem : eBay.at - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/5221-29898-17534-1/4 File not found
O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2BFA5C9D-5DE7-45E6-9B41-61CB6291BB4C}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{0202d57f-4e6c-11e1-aedc-6c626d500048}\Shell - "" = AutoRun
O33 - MountPoints2\{0202d57f-4e6c-11e1-aedc-6c626d500048}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{15860db1-24b2-11e0-9bfa-6c626d500048}\Shell - "" = AutoRun
O33 - MountPoints2\{15860db1-24b2-11e0-9bfa-6c626d500048}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{15ed90ff-fc1c-11e1-a56c-6c626d500048}\Shell - "" = AutoRun
O33 - MountPoints2\{15ed90ff-fc1c-11e1-a56c-6c626d500048}\Shell\AutoRun\command - "" = F:\FalloutLauncher.exe
O33 - MountPoints2\{16e872aa-4f17-11e1-9c1a-6c626d500048}\Shell - "" = AutoRun
O33 - MountPoints2\{16e872aa-4f17-11e1-9c1a-6c626d500048}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{5c951d64-57ec-11e1-ae51-6c626d500048}\Shell - "" = AutoRun
O33 - MountPoints2\{5c951d64-57ec-11e1-ae51-6c626d500048}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\{f85f3c70-60ba-11e1-ae47-6c626d500048}\Shell - "" = AutoRun
O33 - MountPoints2\{f85f3c70-60ba-11e1-ae47-6c626d500048}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.04 15:41:05 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.04 15:40:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2012.12.29 13:02:09 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{1CFA8D0B-13FF-4FF7-AC44-993746136380}
[2012.12.29 12:41:25 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Programs
[2012.12.27 22:57:45 | 282,427,301 | ---- | C] (UBCD4Win Team - Benjamin Burrows                            ) -- C:\Users\*****\Desktop\UBCD4WinV360[1].exe
[2012.12.27 22:56:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\burnatonce
[2012.12.27 22:56:45 | 000,000,000 | ---D | C] -- C:\Program Files\burnatonce
[2012.12.27 22:32:44 | 282,427,301 | ---- | C] (UBCD4Win Team - Benjamin Burrows                            ) -- C:\Users\*****\Desktop\UBCD4WinV360.exe
[2012.12.25 12:19:44 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AVG
[2012.12.25 12:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG
[2012.12.25 12:18:55 | 000,000,000 | -HSD | C] -- C:\ProgramData\{D1D4879F-2279-49C9-AEBF-3B95C84EAA8F}
[2012.12.25 12:18:24 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes
[2012.12.25 12:17:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.12.25 12:17:44 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.25 12:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.25 12:17:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.25 00:24:27 | 010,559,672 | ---- | C] (McAfee Inc.) -- C:\Users\*****\stinger.exe
[2012.12.24 23:39:49 | 000,014,664 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.12.24 23:38:58 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2012.12.24 21:54:14 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\AVG2013
[2012.12.24 21:53:28 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2012.12.24 21:53:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.12.24 21:52:15 | 000,000,000 | -H-D | C] -- C:\$AVG
[2012.12.24 21:52:14 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2012.12.24 21:51:34 | 000,000,000 | ---D | C] -- C:\Program Files\AVG
[2012.12.24 21:50:27 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.12.24 21:50:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\MFAData
[2012.12.24 21:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2012.12.24 21:50:27 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Avg2013
[2012.12.24 21:04:05 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\GBM Software
[2012.12.24 20:51:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Splashtop
[2012.12.24 20:45:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Splashtop
[2012.12.24 20:45:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Splashtop Remote
[2012.12.24 20:45:33 | 000,000,000 | ---D | C] -- C:\Program Files\Splashtop
[2012.12.24 20:44:46 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\{AB7CBD6B-0741-4997-8430-950DB17CC940}
[2012.12.24 20:28:31 | 000,000,000 | ---D | C] -- C:\Program Files\vmote
[2012.12.24 20:18:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\Geckofx
[2012.12.24 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Firefly Studios
[2012.12.24 20:18:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Stronghold Kingdoms
[2012.12.24 14:37:01 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
[2012.12.22 18:46:06 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.22 18:46:05 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.12 23:34:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2012.12.12 23:34:13 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2012.12.12 23:34:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2012.12.12 23:34:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2012.12.12 23:34:13 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2012.12.12 23:34:12 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2012.12.12 23:34:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2012.12.12 23:34:12 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll
[2012.12.12 15:09:21 | 002,345,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2012.12.12 15:09:18 | 000,271,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
[2012.12.12 15:09:18 | 000,169,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winsrv.dll
[2012.12.12 15:09:16 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2012.12.12 15:09:16 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2012.12.12 15:09:16 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2012.12.12 15:09:16 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2012.12.12 15:09:06 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dpnet.dll
[2012.12.12 15:09:03 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2012.12.10 18:53:50 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VirtualDJ
[2012.12.10 18:53:47 | 000,000,000 | ---D | C] -- C:\Program Files\VirtualDJ
[2012.12.10 18:53:43 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\VirtualDJ
[2012.12.10 18:52:15 | 042,010,432 | ---- | C] (Microsoft Corporation) -- C:\Users\*****\Desktop\install_virtualdj_home_v7-3.exe
[2012.12.07 20:33:15 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\PC_Drivers_Headquarters
[2012.12.07 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Printable Web
[2012.12.07 19:42:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Lexmark 7600 Series
[2012.12.07 19:32:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Ezprint
[2012.12.07 19:32:44 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark Toolbar
[2012.12.07 19:32:41 | 000,352,256 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXDWwupd.dll
[2012.12.07 19:32:41 | 000,017,064 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\LXDWwupd.exe
[2012.12.07 19:32:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lexmark 7600 Series
[2012.12.07 19:32:12 | 000,147,456 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdwjswr.dll
[2012.12.07 19:32:12 | 000,114,688 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdwinsr.dll
[2012.12.07 19:32:12 | 000,036,864 | ---- | C] (Lexmark International, Inc.) -- C:\Windows\System32\lxdwcur.dll
[2012.12.07 19:32:10 | 000,000,000 | ---D | C] -- C:\drivers
[2012.12.07 18:36:43 | 000,000,000 | ---D | C] -- C:\ProgramData\lx_Cats
[2012.12.07 18:36:37 | 000,000,000 | ---D | C] -- C:\Program Files\Lexmark 7600 Series
[2012.12.07 18:34:35 | 000,077,906 | ---- | C] (Lexmark International) -- C:\Windows\System32\lxdwcfg.dll
[2012.12.06 21:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.04 15:41:05 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys
[2013.01.04 15:40:23 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe
[2013.01.04 15:30:14 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 15:30:14 | 000,009,920 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.04 15:23:02 | 000,065,536 | ---- | M] () -- C:\Windows\System32\Ikeext.etl
[2013.01.04 15:23:01 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.04 15:22:59 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 20:03:39 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.03 15:01:57 | 000,001,021 | ---- | M] () -- C:\Users\*****\Desktop\Dropbox.lnk
[2012.12.29 12:41:40 | 000,001,067 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.28 14:36:29 | 003,845,280 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.27 23:00:22 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows                            ) -- C:\Users\*****\Desktop\UBCD4WinV360[1].exe
[2012.12.27 22:56:46 | 000,000,989 | ---- | M] () -- C:\Users\*****\Desktop\burnatonce.lnk
[2012.12.27 22:35:26 | 282,427,301 | ---- | M] (UBCD4Win Team - Benjamin Burrows                            ) -- C:\Users\*****\Desktop\UBCD4WinV360.exe
[2012.12.26 18:30:20 | 000,002,671 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Excel 2010.lnk
[2012.12.26 18:30:20 | 000,002,665 | ---- | M] () -- C:\Users\Public\Desktop\Microsoft Word 2010.lnk
[2012.12.25 00:24:26 | 010,559,672 | ---- | M] (McAfee Inc.) -- C:\Users\*****\stinger.exe
[2012.12.24 23:53:03 | 000,000,031 | RH-- | M] () -- C:\Users\*****\stinger.opt
[2012.12.24 23:39:49 | 000,014,664 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2012.12.24 21:53:28 | 000,000,955 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.24 21:02:31 | 000,762,384 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.12.24 21:02:31 | 000,717,702 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.12.24 21:02:31 | 000,172,512 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.12.24 21:02:31 | 000,145,466 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.12.24 20:28:24 | 000,002,890 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.24 13:39:53 | 000,139,328 | ---- | M] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2012.12.24 13:39:45 | 000,281,520 | ---- | M] () -- C:\Windows\System32\PnkBstrB.xtr
[2012.12.24 13:39:19 | 000,280,904 | ---- | M] () -- C:\Windows\System32\PnkBstrB.ex0
[2012.12.22 18:41:37 | 020,062,208 | ---- | M] () -- C:\Users\*****\OBJECTS.DATA
[2012.12.22 18:41:37 | 005,079,040 | ---- | M] () -- C:\Users\*****\INDEX.BTR
[2012.12.22 18:41:37 | 000,064,848 | ---- | M] () -- C:\Users\*****\MAPPING3.MAP
[2012.12.22 18:31:37 | 000,064,852 | ---- | M] () -- C:\Users\*****\MAPPING2.MAP
[2012.12.22 18:28:44 | 000,001,278 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2012.12.22 18:21:37 | 000,064,848 | ---- | M] () -- C:\Users\*****\MAPPING1.MAP
[2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll
[2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\System32\atmlib.dll
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.13 15:19:39 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2012.12.13 15:19:39 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2012.12.10 18:53:53 | 000,001,004 | ---- | M] () -- C:\Users\*****\Desktop\VirtualDJ Home FREE.lnk
[2012.12.10 18:52:39 | 042,010,432 | ---- | M] (Microsoft Corporation) -- C:\Users\*****\Desktop\install_virtualdj_home_v7-3.exe
[2012.12.07 20:51:18 | 000,097,659 | ---- | M] () -- C:\Windows\System32\LexFiles.ulf
[2012.12.07 19:30:12 | 000,000,382 | ---- | M] () -- C:\Users\Public\Desktop\Complete Installation of Lexmark 7600 Series.LNK
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.12.27 22:56:46 | 000,000,989 | ---- | C] () -- C:\Users\*****\Desktop\burnatonce.lnk
[2012.12.26 18:30:20 | 000,002,671 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Excel 2010.lnk
[2012.12.26 18:30:20 | 000,002,665 | ---- | C] () -- C:\Users\Public\Desktop\Microsoft Word 2010.lnk
[2012.12.25 12:17:45 | 000,001,067 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.24 23:53:03 | 000,000,031 | RH-- | C] () -- C:\Users\*****\stinger.opt
[2012.12.24 21:53:28 | 000,000,955 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2012.12.24 20:28:24 | 000,002,890 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2012.12.10 18:53:53 | 000,001,004 | ---- | C] () -- C:\Users\*****\Desktop\VirtualDJ Home FREE.lnk
[2012.12.07 19:32:35 | 000,446,464 | ---- | C] ( ) -- C:\Windows\System32\LXDWhcp.dll
[2012.12.07 19:32:35 | 000,389,120 | ---- | C] () -- C:\Windows\System32\LXDWinst.dll
[2012.12.07 19:32:13 | 000,409,600 | ---- | C] ( ) -- C:\Windows\System32\lxdwcoin.dll
[2012.12.07 19:30:12 | 000,000,382 | ---- | C] () -- C:\Users\Public\Desktop\Complete Installation of Lexmark 7600 Series.LNK
[2012.12.07 18:36:43 | 000,097,659 | ---- | C] () -- C:\Windows\System32\LexFiles.ulf
[2012.12.07 18:35:50 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdwgrd.dll
[2012.12.07 18:35:38 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxdwvs.dll
[2012.12.07 18:35:37 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxdwserv.dll
[2012.12.07 18:35:37 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdwpmui.dll
[2012.12.07 18:35:37 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdwlmpm.dll
[2012.12.07 18:35:32 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomm.dll
[2012.12.07 18:35:32 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxdwinpa.dll
[2012.12.07 18:35:31 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxdwcomc.dll
[2012.12.07 18:35:31 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxdwiesc.dll
[2012.12.07 18:35:30 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxdwusb1.dll
[2012.12.07 18:35:30 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxdwhbn3.dll
[2012.12.07 18:34:35 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdwdrs.dll
[2012.12.07 18:34:35 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxdwcaps.dll
[2012.12.07 18:34:35 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxdwcnv4.dll
[2012.12.02 19:30:31 | 000,003,917 | ---- | C] () -- C:\Windows\System32\atipblag.dat
[2012.09.28 15:36:56 | 000,180,224 | ---- | C] () -- C:\Windows\System32\clinfo.exe
[2012.09.06 19:23:34 | 002,872,000 | ---- | C] () -- C:\Windows\System32\pwNative.exe
[2012.09.06 19:23:34 | 000,015,576 | ---- | C] () -- C:\Windows\System32\pwdrvio.sys
[2012.09.06 19:23:34 | 000,010,200 | ---- | C] () -- C:\Windows\System32\pwdspio.sys
[2012.09.05 15:39:00 | 000,000,000 | ---- | C] () -- C:\Windows\DbgOut.INI
[2012.05.23 16:31:02 | 000,632,252 | ---- | C] () -- C:\Windows\System32\atiicdxx.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\System32\kdbsdk32.dll
[2012.04.06 02:21:42 | 000,204,952 | ---- | C] () -- C:\Windows\System32\ativvsvl.dat
[2012.04.06 02:21:42 | 000,157,144 | ---- | C] () -- C:\Windows\System32\ativvsva.dat
[2012.03.31 03:05:47 | 000,000,868 | ---- | C] () -- C:\Windows\System32\SP7302.INI
[2012.03.01 20:00:24 | 000,278,984 | ---- | C] () -- C:\Windows\System32\drivers\atksgt.sys
[2012.03.01 20:00:24 | 000,025,416 | ---- | C] () -- C:\Windows\System32\drivers\lirsgt.sys
[2012.01.18 18:07:23 | 000,138,056 | ---- | C] () -- C:\Users\*****\AppData\Roaming\PnkBstrK.sys
[2011.11.12 11:26:57 | 000,000,400 | ---- | C] () -- C:\Windows\g_pjspur712.ini
[2011.11.12 11:26:57 | 000,000,400 | ---- | C] () -- C:\Windows\System32\drivers\bjvtwin167.dat
[2011.10.26 12:40:12 | 000,008,192 | ---- | C] () -- C:\Windows\System32\srvany.exe
[2011.08.31 21:19:20 | 000,007,607 | ---- | C] () -- C:\Users\*****\AppData\Local\Resmon.ResmonCfg
[2011.06.04 13:27:16 | 000,019,456 | ---- | C] () -- C:\Users\*****\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.03.21 12:22:06 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll
[2011.01.20 21:40:04 | 000,076,888 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe
[2011.01.20 21:39:58 | 000,139,328 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys
[2011.01.20 21:39:51 | 000,281,520 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe
[2011.01.12 20:13:59 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.01.12 18:27:42 | 000,175,104 | ---- | C] () -- C:\Users\*****\AppData\Roaming\*****3SQLite3.dll
[2009.07.14 03:03:41 | 020,062,208 | ---- | C] () -- C:\Users\*****\OBJECTS.DATA
[2009.07.14 03:03:41 | 005,079,040 | ---- | C] () -- C:\Users\*****\INDEX.BTR
[2009.07.14 03:03:41 | 000,064,852 | ---- | C] () -- C:\Users\*****\MAPPING2.MAP
[2009.07.14 03:03:41 | 000,064,848 | ---- | C] () -- C:\Users\*****\MAPPING3.MAP
[2009.07.14 03:03:41 | 000,064,848 | ---- | C] () -- C:\Users\*****\MAPPING1.MAP
[2006.07.18 04:55:28 | 000,037,329 | -H-- | C] () -- C:\Users\*****\AppData\Roaming\*****log.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

< End of report >
         
--- --- ---

Alt 04.01.2013, 15:00   #7
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Extra.txt:OTL EXTRAS Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 04.01.2013 15:43:57 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\*****\Desktop
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,57 Gb Available Physical Memory | 52,60% Memory free
5,98 Gb Paging File | 4,03 Gb Available in Paging File | 67,31% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 900,41 Gb Total Space | 273,24 Gb Free Space | 30,35% Space Free | Partition Type: NTFS
Drive D: | 30,00 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: NTFS
 
Computer Name: *****-PC | User Name: ***** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Bridge] -- C:\Program Files\Adobe\Adobe Bridge CS6\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03E18075-4E50-44F2-BABD-DC1BE2DCA444}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0A15A311-0FD6-45CC-AE22-48E9A6883E36}" = rport=138 | protocol=17 | dir=out | app=system | 
"{11DB207D-94D6-45D1-BB0E-71963C474BDC}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) | 
"{1F4B813A-7972-4FC1-9CF7-117E1ACB694C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2276DBF3-357E-4701-97E7-E6954813B56A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{2B199794-BD2A-4F97-8417-9E96DF15C12A}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
"{438C20CA-79A0-442F-BB16-A983B65C3A7D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4CAE1D7A-3ACF-47A1-B5F2-1928347B70B8}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{636FC6DB-BF2F-44D0-8F1C-3F930C91D428}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{79748EA2-86B3-4312-90C0-C787DBE62BC1}" = lport=138 | protocol=17 | dir=in | app=system | 
"{7D9BB002-08D4-4596-8CE9-7444851CF975}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{82E5F7C3-4664-4E36-9DF4-A5807461EDE4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{880BF78B-925A-42A7-B929-0A2BE8020D66}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{88DDDFE0-9694-4B9C-AED5-1339235E299F}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{92CE3FFC-3B71-4CD7-AA45-B336AA2C5A44}" = lport=137 | protocol=17 | dir=in | app=system | 
"{94085EFD-DBAA-4D62-BDDB-5A0BB313FA7E}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{968FB743-01C9-45C8-A929-ED77F20A1F9C}" = rport=445 | protocol=6 | dir=out | app=system | 
"{A56715DE-06D9-4DD9-BF9B-C2B803096AE1}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{A82CA52C-51C6-4CDB-87E8-C114CB9DB38A}" = rport=137 | protocol=17 | dir=out | app=system | 
"{BA9A915D-ED3E-4ECC-95CD-1795BEFE1DF0}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BE3492BE-B988-402A-A95F-51A3324E1106}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) | 
"{C00E1383-9CFA-46D5-820F-EE13412629FE}" = lport=445 | protocol=6 | dir=in | app=system | 
"{CA3BCFE9-1224-436D-BC0D-0292FAF0BDB3}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{CD246ECD-5412-4A0D-9FBD-34479CFB9C4F}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{E5922B95-3C32-416A-B9ED-B447946F7B8E}" = rport=139 | protocol=6 | dir=out | app=system | 
"{E670917F-2DE7-4BCD-85BA-0120F09E7615}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EB10304D-1455-40F9-82CC-341C71B15A79}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{FA983F90-8B3E-438D-BB36-5596B8AFF973}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06F64912-C5D8-47F1-91E8-BB0B96B35272}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{0860E0FA-5E89-43F6-BF84-47EF804C0941}" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{090FFB51-7449-4E65-83B9-5019ECDA9FA8}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0BB4AE7F-FFE8-461D-BD4A-9AD2A4298464}" = protocol=6 | dir=in | app=c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe | 
"{0E8B83A8-9878-452B-AB40-E870729D27A1}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{0EF81B80-A833-4256-9B99-09C1956B95B2}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwtime.exe | 
"{13132FFE-E929-4DDA-B653-8731DFE111BD}" = protocol=6 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | 
"{144D3336-EB9F-43E2-BE75-212581A0F432}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr8.exe | 
"{14C06EE7-4C82-4C0B-AA14-A551A9CD8007}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{15C6BEB4-3FC1-4195-98AF-7202C8EF8C1D}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{16FB719C-2966-4E1E-9DBB-560CB2E6D672}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{179472DB-052E-4FA4-876C-0EB70444E50F}" = protocol=6 | dir=in | app=c:\users\*****\downloads\sweetimsetup.exe | 
"{233D0DA9-7458-407F-B294-5EDB43918556}" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{242A4988-3B7A-44E7-A5FE-7E8660514E96}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{29A5B2F9-4BA9-4F16-8781-5253DE35E77A}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{2C86A81C-7741-4242-A536-8F5C836469F6}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.patch.exe | 
"{30A656D5-7B29-4335-ADF7-584CDE851C02}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{327D99EC-8F28-43C5-BA98-AB434803CE88}" = protocol=6 | dir=in | app=c:\program files\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{328AEA4E-7FED-4BEB-BC46-FD4C268A0849}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{33DFF1E5-BC41-42EF-A1DD-502AA053E50B}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{3483A662-0B69-43B5-90CC-34F6A7E620FA}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{37C6E38A-6846-4104-936B-DBDA80B5DDDC}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgemcx.exe | 
"{3C7A7567-4022-44FD-9A94-698C3FDF0EDE}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srfeature.exe | 
"{3D2D4C3C-7475-46D9-8A47-83C39CDAA1F3}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe | 
"{3D8CD67F-2F15-4ECD-AA17-FB8125F102B5}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{413BB3C3-3BC6-48B2-8AC7-F62F93FBAD60}" = dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{428D82DD-C1C1-4575-9991-B657ABA967A9}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{42C08945-2BDA-4F86-B97A-146035214A86}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | 
"{43329554-8331-4C0A-846E-99AE048DFF79}" = dir=in | app=c:\program files\cyberlink\powerdvd9\powerdvd9.exe | 
"{44D8F8D1-6308-43F7-B0B3-3B6C7E3A1950}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6sp.exe | 
"{44E859EE-980B-477D-9984-E17186933B3E}" = protocol=6 | dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{47A62926-97A9-474F-8980-27E3CBB4E2C3}" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{4AC70205-E353-4320-9D86-1AAD38EFA90B}" = protocol=6 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe | 
"{4E8C1ED8-48C0-481C-91FF-57620A35F82E}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{50EEC9AE-374D-4C77-9384-ED1AC627704E}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{5681FFF5-46A9-43E7-A473-2E775F8E9319}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{5DB9E7FE-0A55-4672-821B-2EFBCFBA8795}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{5FA77C84-CBF8-4869-B903-FC56438980F2}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{6138002C-5A25-451E-9404-995BBB6240EE}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{615A2523-D191-46CC-8661-F744ABD10ABA}" = protocol=6 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{67091BF9-E681-44AB-98CE-C60D07180DF3}" = protocol=17 | dir=in | app=c:\windows\system32\pnkbstra.exe | 
"{6D040C50-EEBE-49A4-A6E0-D408EC39C026}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | 
"{6EC26C93-7F5D-4B2E-9AE8-4434D8850F6D}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{6F9DDB19-C9D1-494F-8230-0FFD1E945DA0}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{6FEFC024-64A5-465F-A18E-B56F8ABD66D9}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{7ABF3443-CB88-402B-B6B0-0B0A826A86B4}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{7D5EC715-7DFE-4F41-BB68-EDDB16F2CC6F}" = protocol=6 | dir=in | app=c:\windows\system32\pnkbstrb.exe | 
"{832C4FA9-C62B-4CBC-867A-303B9DCEFE1F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{84A2104B-3CCF-4CED-9FF2-9FC8F28C910E}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | 
"{89C137AB-D9C3-434D-850B-6663B7FCE490}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{89C63AD4-7C52-4E45-9B38-7D17DB416E18}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\amd driver updater, vista and 7, 32 bit\setup.exe | 
"{8B124AD7-D1E2-4105-BFC9-D6E786BEBBC7}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{8B7346FE-CB43-40C4-835B-2F77F61FA77F}" = dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | 
"{8C5F72EB-45E6-4DB1-B83D-7C964F1C9A7F}" = protocol=6 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{8EA65F17-95BB-4BC6-BA58-89D9F4793325}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{8F33C93A-DAF3-4BB3-9BA1-D35FE714F1CA}" = protocol=17 | dir=in | app=c:\program files\starcraft ii demo\starcraft ii.exe | 
"{8F82F0BA-7EBF-40CD-B31D-BC23316324BE}" = protocol=17 | dir=in | app=c:\windows\system32\lxdwcoms.exe | 
"{95931E48-804C-4BBD-8DF0-75562992DA9E}" = protocol=17 | dir=in | app=c:\program files\battlelog web plugins\sonar\0.70.4\sonarhost.exe | 
"{95B97314-FB8B-4A2D-9854-71D9ED2EB27C}" = protocol=17 | dir=in | app=c:\windows\system32\spool\drivers\w32x86\3\lxdwpswx.exe | 
"{96D44FB3-D13B-43B0-878D-C2A7EAC022FB}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\srserver.exe | 
"{96FA3003-3E44-4C53-80FC-671391A88673}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{981F419A-2527-421C-88AE-A0ABB5F42322}" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9C99DEEE-364D-4D12-B495-4C84C8DB26F4}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{9D5AED2C-56DC-4AFF-B3B3-36B9032A3B4A}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{A0F5CC20-6B3D-4656-A635-7201ED581A53}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe | 
"{A12D8258-B70B-493F-902C-EBC1730EA559}" = protocol=6 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"{A5D5CC1A-223F-4D6B-BA61-3D230E6A25C1}" = protocol=17 | dir=in | app=c:\program files\steam\steam.exe | 
"{A8BE6C1C-CBF2-4D39-BAD7-D01BE67436BD}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.913\agent.exe | 
"{AC94C341-8A49-4B93-9F70-BFEDBFECF2DB}" = protocol=17 | dir=in | app=c:\users\*****\downloads\sweetimsetup.exe | 
"{AF17C59A-540E-42AE-B3BB-4EE2C0D9D9BB}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe | 
"{B2A79C0E-FD57-4F67-815D-4108F20518EB}" = protocol=17 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6zm.exe | 
"{B67DD559-58F9-4824-AF6B-B7AA0148D452}" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"{BDC48D99-B8F2-4FA6-922D-3DDFBF8D329F}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\audiosurf\engine\questviewer.exe | 
"{BE79C8AC-51E3-4BA9-B8B0-8D528E042625}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{BED3EF00-1013-4FD4-9F70-287B1929299B}" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\launcher.exe | 
"{BF96D113-89F9-42B1-B74A-07D51864D235}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgnsx.exe | 
"{C0282488-DCBA-4B45-A133-1B6C2A840655}" = protocol=6 | dir=in | app=c:\program files\steam\steam.exe | 
"{C4C08756-1BF9-4FD1-A498-6911A1DFBA1E}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\call of duty black ops ii\t6mp.exe | 
"{CBA00D93-65F4-462D-938A-9045AA21AD01}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.954\agent.exe | 
"{D52D6208-124F-47AE-B2D0-891F125A5241}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{D7D1B70E-DC3D-460A-A0C3-F88B00921A3B}" = protocol=17 | dir=in | app=c:\program files\kaspersky lab\kaspersky internet security 2009\avp.exe | 
"{D99EAC46-E915-42C6-BB35-134409562837}" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\launcher.patch.exe | 
"{D9D2B0C5-1478-4B2B-885C-AF1F81EA703D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2013\avgmfapx.exe | 
"{D9DD5462-8040-4B1B-8C39-7A389573C917}" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"{DB4E0714-FB99-4E16-BC2B-232BB74AE6A9}" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.524\agent.exe | 
"{E084B143-5418-4470-B1BF-513350CBB1AF}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1225\agent.exe | 
"{E089C357-819E-458F-AE10-5195BEDEE476}" = dir=in | app=c:\program files\splashtop\splashtop remote\server\dataproxy.exe | 
"{E0BA13D3-8198-4773-B390-3205953F0049}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe | 
"{E31E4308-0879-438C-B970-1FD91EB9B094}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"{EC1F1027-6CB2-4D99-85D5-9A2EDE03FE15}" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1267\agent.exe | 
"{ED80FA16-138E-49F1-B964-BF7B1A012718}" = protocol=17 | dir=in | app=c:\program files\origin games\mass effect 3 demo\binaries\win32\masseffect3demo.exe | 
"{F077B68A-B939-4553-9C62-900C0195F947}" = protocol=17 | dir=in | app=c:\program files\diablo iii\diablo iii.exe | 
"{F88FFF40-025F-46D3-8E8E-E2F418011B8A}" = protocol=6 | dir=in | app=c:\program files\steam\steamapps\common\stronghold kingdoms\strongholdkingdoms.exe | 
"{F9A0F6B3-B21C-41A1-99E4-A922F841CEDE}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{FACE758A-A571-47BF-AFD0-239862E47C13}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe | 
"{FAFDC45C-74D8-43EE-9D6B-EF4B53A7EFC6}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{FBF81A48-E593-4B36-90C2-2C5ED3C2FB14}" = protocol=6 | dir=in | app=c:\program files\avg\avg2013\avgdiagex.exe | 
"{FFE7433B-A489-4D36-9E72-040048D6D95C}" = protocol=17 | dir=in | app=c:\program files\world of warcraft\launcher.exe | 
"TCP Query User{00A5CD65-5C84-454D-938E-F3DAEE9F9D44}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"TCP Query User{09948CC5-5069-41A9-BCC9-7DA0A60DEA40}C:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"TCP Query User{11DFDFB2-3F59-4E89-8F84-5D374BC38DE0}C:\program files\origin games\deadspace\dead space.exe" = protocol=6 | dir=in | app=c:\program files\origin games\deadspace\dead space.exe | 
"TCP Query User{1FB0A606-73B1-44E3-B47E-52274C548B17}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"TCP Query User{28E13115-E051-42F5-B0E1-987B4BF357B0}C:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"TCP Query User{2D3C563B-3222-4BCD-A0F7-2172AD889987}C:\program files\world of warcraft public test\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\backgrounddownloader.exe | 
"TCP Query User{2E1F84AF-5EB2-4D7D-B51F-38BF2E3CD9DA}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"TCP Query User{2EBEE5DF-DDD4-4C46-9B7C-42A7AD0FEC9A}C:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe | 
"TCP Query User{30816FE3-5167-4E66-A2A4-93A97A93F2C9}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=6 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"TCP Query User{411540A0-E16D-4BF9-885C-261EC877FAB6}C:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=6 | dir=in | app=c:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe | 
"TCP Query User{58FC9FD9-622D-48EA-900F-8A1BA6042AC9}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=6 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"TCP Query User{5E90FDE0-8764-471B-81E8-ED2B85F4B0B3}C:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe | 
"TCP Query User{641AE6E8-6FEA-4B2B-AD7D-9D5836FB0502}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe | 
"TCP Query User{687A3B5D-AC3C-46A7-AC82-2B464DDBA5D1}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=6 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"TCP Query User{6A6AD719-85DF-45C9-A8C0-7021ECC89850}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"TCP Query User{6B7343E3-BA87-4943-89FD-5A5D2F96C5AD}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"TCP Query User{77D2924C-17BD-4C6E-82BD-E59E4945775C}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"TCP Query User{8070B404-0FE8-47E1-8B6B-BABE040EF471}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"TCP Query User{86C42DCE-9585-4627-B31A-295D488AA427}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"TCP Query User{89939F4C-1C31-4F6F-8EC7-B44964A008DE}C:\program files\xfire\xfire.exe" = protocol=6 | dir=in | app=c:\program files\xfire\xfire.exe | 
"TCP Query User{8E1BD740-1821-41E3-8802-B99749104FE0}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"TCP Query User{98EBB641-6089-45D3-A2A8-301BA3D3B09A}C:\program files\gbm\gremote pro\gremoteserver.exe" = protocol=6 | dir=in | app=c:\program files\gbm\gremote pro\gremoteserver.exe | 
"TCP Query User{AC87A77C-6A02-45EB-98A1-7F3498A1F247}C:\program files\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"TCP Query User{B091C26A-BADC-490F-AEB5-C36381BABE82}C:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"TCP Query User{B6E54B23-6C7F-4FB2-8E94-19ED6738963F}C:\users\*****\downloads\diablo-iii-setup-dede.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-setup-dede.exe | 
"TCP Query User{C02C7023-D2E3-4847-A5B9-3BB9D168B110}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
"TCP Query User{C0BAFE4F-C269-4566-AD5F-65ECE92BD53D}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"TCP Query User{C778AFB5-4355-4C70-B65E-E73C969CA958}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"TCP Query User{CEA4CE51-4182-4704-80BA-69D48372725F}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"TCP Query User{D15C8494-ED35-4DA2-9331-7E6F07534155}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"TCP Query User{DABF3635-32B7-41D2-A9F7-B985551F5031}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=6 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"TCP Query User{DD1EA450-D511-46DE-8935-CD85CB9AAD83}C:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"TCP Query User{DF860D8D-6FC2-44E0-BE9B-DE1F0982B68C}C:\users\*****\downloads\ptr-installer-de_de.exe" = protocol=6 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de.exe | 
"TCP Query User{F7F69FBA-289E-4284-A500-4FF931513A31}C:\program files\world of warcraft\blizzard downloader.exe" = protocol=6 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | 
"UDP Query User{0C7CB37E-D5D7-46C3-AC4C-2029F533CBB2}C:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2756-enus-tools-downloader.exe | 
"UDP Query User{189A8A92-8240-4A57-B1A3-1840511A1780}C:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.3-5.0.15464-enus-downloader.exe | 
"UDP Query User{1A03A0F9-2F77-401D-BBED-DED13E495A19}C:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe" = protocol=17 | dir=in | app=c:\program files\origin games\crysis 2 maximum edition\bin32\crysis2.exe | 
"UDP Query User{1A9C3FBA-8816-49B6-A5A3-38CDE981809E}C:\programdata\electronic arts\need for speed world\data\nfsw.exe" = protocol=17 | dir=in | app=c:\programdata\electronic arts\need for speed world\data\nfsw.exe | 
"UDP Query User{1B5AFB31-E3DE-47D3-8E39-0D93CB5A22EB}C:\program files\origin games\battlefield 3\bf3.exe" = protocol=17 | dir=in | app=c:\program files\origin games\battlefield 3\bf3.exe | 
"UDP Query User{259203DD-ACA7-4198-9E4D-43B052679799}C:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\temp\wow-4.2.1.2747-enus-ptr-tools-downloader.exe | 
"UDP Query User{2DAD0E3C-9117-418F-A3F9-14F212A36FE0}C:\programdata\battle.net\agent\agent.998\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.998\agent.exe | 
"UDP Query User{33F2B3E1-FE8E-4ADF-8CE5-A11553DC509C}C:\users\*****\downloads\diablo-iii-setup-dede.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-setup-dede.exe | 
"UDP Query User{3DAD60A2-9539-4160-8EC1-C72061141660}C:\programdata\battle.net\agent\agent.1363\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1363\agent.exe | 
"UDP Query User{42BBB857-4380-43DE-A1C0-024C3FDE4FAB}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(1).exe | 
"UDP Query User{4AB2988D-B258-43C9-BAF9-FE0F9F318DBC}C:\programdata\battle.net\agent\agent.749\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.749\agent.exe | 
"UDP Query User{5C49DEB6-83F6-44D3-A1DA-D2A4A7302658}C:\program files\gbm\gremote pro\gremoteserver.exe" = protocol=17 | dir=in | app=c:\program files\gbm\gremote pro\gremoteserver.exe | 
"UDP Query User{66CB9F93-615B-4054-89CD-F9866E1477ED}C:\programdata\battle.net\agent\agent.868\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.868\agent.exe | 
"UDP Query User{6C568BAC-AAE9-4097-ADDA-6340951EC9F3}C:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2730-enus-tools-downloader.exe | 
"UDP Query User{6F5E8764-ADE5-4866-B9EB-3410A2A7732D}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe | 
"UDP Query User{7BA500AF-274B-4D12-AE89-78A8DBA79EF3}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader(2).exe | 
"UDP Query User{7CF5372F-7CCD-42F1-B4B3-A100C89D8F43}C:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\wow-4.2.1.2736-enus-tools-downloader.exe | 
"UDP Query User{831522A7-29C5-46BE-B0B7-2750D23BE4D6}C:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.0.1.2120-enus-tools-downloader.exe | 
"UDP Query User{8DDE049E-A80D-4245-91D2-0957DD6C4665}C:\programdata\battle.net\agent\agent.1040\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.1040\agent.exe | 
"UDP Query User{915AFFC7-0612-4A54-A934-167F65FE4B52}C:\users\*****\downloads\ptr-installer-de_de.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\ptr-installer-de_de.exe | 
"UDP Query User{958326AC-6414-49B6-8244-74FBA7ED92C5}C:\program files\world of warcraft public test\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft public test\backgrounddownloader.exe | 
"UDP Query User{9CABAD27-EE9B-4EE9-8DEA-9CC98F104853}C:\program files\world of warcraft\backgrounddownloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\backgrounddownloader.exe | 
"UDP Query User{9D371FA9-39CB-4AC9-AF27-9AB10ACCE579}C:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2706-enus-tools-downloader.exe | 
"UDP Query User{A524F2F9-9D2D-4262-B085-71474E6ECDC8}C:\programdata\battle.net\agent\agent.976\agent.exe" = protocol=17 | dir=in | app=c:\programdata\battle.net\agent\agent.976\agent.exe | 
"UDP Query User{A772B5A5-12EB-4BD7-9802-E8BA803A3B8E}C:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe" = protocol=17 | dir=in | app=c:\users\*****\downloads\diablo-iii-8370-dede-installer-downloader.exe | 
"UDP Query User{B3342F92-AF24-4A98-B7D2-21BEB945DEBB}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe | 
"UDP Query User{C51DB7CE-6AB3-4FFA-9463-4388B50D6B81}C:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.3-5.0.15890-enus-downloader.exe | 
"UDP Query User{C72992E7-6BD8-485D-945F-017C3A878D06}C:\program files\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\plugin-container.exe | 
"UDP Query User{C94DA467-FAB3-4936-A26D-30E942B357B0}C:\program files\xfire\xfire.exe" = protocol=17 | dir=in | app=c:\program files\xfire\xfire.exe | 
"UDP Query User{D2FA3595-3D10-4F3D-9C19-36E1F528DDC6}C:\program files\world of warcraft\blizzard downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\blizzard downloader.exe | 
"UDP Query User{E90C1C58-873E-461C-89D0-5E57B24C54F9}C:\program files\origin games\deadspace\dead space.exe" = protocol=17 | dir=in | app=c:\program files\origin games\deadspace\dead space.exe | 
"UDP Query User{EB4A9FAA-A29E-41EC-89D7-3C3FEDAE39C0}C:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe" = protocol=17 | dir=in | app=c:\program files\activision\call of duty 4 - modern warfare\iw3mp.exe | 
"UDP Query User{F60A509F-CE4C-4907-B653-174C6CCDF5DE}C:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\*****\appdata\roaming\dropbox\bin\dropbox.exe | 
"UDP Query User{FD94B862-73A1-43D1-999D-D70027F58965}C:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe" = protocol=17 | dir=in | app=c:\program files\world of warcraft\temp\wow-4.2.1.2683-enus-tools-downloader.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0125D081-30D0-4A97-82A8-C28D444B6256}" = Microsoft SQL Server Compact 3.5 SP2 DEU
"{01E9B2FF-DAF4-4529-9CC9-2101625517C7}" = nero.prerequisites.msi
"{034DCAF9-96E7-4936-9A07-712F80B5181E}" = Nero RescueAgent 11
"{035400A4-29BD-3723-BEED-E2718A68CDE0}" = Microsoft Visual Studio 2010 Office Developer Tools (x86)
"{03A4C6A1-26E9-4DDB-81D9-B332E5BB10AD}" = Microsoft Sync Framework SDK v1.0 SP1 de
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B}" = Nero Burning ROM 11
"{07FCBED5-94C3-4F94-B9D3-360FA27C7B06}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for Win32
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{0F37D969-1260-419E-B308-EF7D29ABDE20}" = Web Deployment Tool
"{0F7A6FD0-87F5-FB5D-973C-CF604DE1BC6B}" = CCC Help Polish
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51}" = Nero ControlCenter 11
"{14DC0059-00F1-4F62-BD1A-AB23CD51A95E}" = Adobe AIR
"{1570DE88-A78A-37FD-8A05-92620D160CCA}" = Microsoft Visual Studio 2010 Office Developer Tools (x86) Language Pack - DEU
"{1803A630-3C38-4D2B-9B9A-0CB37243539C}" = Microsoft ASP.NET MVC 2
"{1A9BE3D6-4D53-2C9D-B77D-562D85936B91}" = CCC Help Norwegian
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1C2B3CEA-482E-4453-B3E2-C9731337828A}" = Microsoft SQL Server 2008 Native Client
"{1D328E11-3B0C-388C-835D-C9C20E8C7734}" = Microsoft Help Viewer 1.0 Language Pack - DEU
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{210DFA65-F805-1A2B-4F83-8E27279AE385}" = Catalyst Control Center Graphics Previews Common
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{29822CAD-C76A-0BEE-55F5-AAA524DA814F}" = CCC Help Greek
"{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"{31C3C6EA-E991-405F-A3AA-2C070CCCC47C}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU
"{3256C48C-78D0-4FC6-A0F5-81ADF3A9D7D4}" = AVG 2013
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{33AE9E89-47C9-4A0D-9E9D-BDD6966A3804}" = Microsoft SQL Server 2008 RsFx Driver
"{342F5437-C87D-4BB5-89B9-B23E16C6A395}" = Microsoft Visual C++ 8.0 Support DLLs
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3A1293DF-7D09-BB0F-9576-EC47EE4A9362}" = CCC Help Italian
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F5C371F-8EA2-4F25-9D3D-D0B4526E3AEA}" = NVIDIA PhysX
"{40416836-56CC-4C0E-A6AF-5C34BADCE483}" = Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{430912D2-51D8-1CB9-3B38-79D570F034DC}" = AMD Accelerated Video Transcoding
"{47416F0B-6589-591E-C6F8-4235D2230B14}" = Catalyst Control Center InstallProxy
"{477415F5-93DA-46AA-85C5-640047825995}" = Microsoft SQL Server 2008 Database Engine Shared
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A6F34E2-09E5-4616-B227-4A26A488A6F9}" = Microsoft SQL Server 2008 Common Files
"{4AC7B4E7-59B7-4E48-A60D-263C486FC33A}_is1" = System Checkup 3.1
"{4AF2248C-B3DF-46FB-9596-87F5DB193689}" = Microsoft SQL Server 2008 Browser
"{4D87DC92-C328-46EC-A7B4-9C88129DC696}" = Dead Space™
"{505AFDC0-5E72-4928-8368-5DEA385E3647}" = CorelDRAW Graphics Suite 12
"{5242B252-01BB-4F2E-BBF4-5C01BC3B6619}" = Microsoft SQL Server 2008 R2 Data-Tier Application Project
"{5285F904-1577-5F06-FF04-4FA4EBA52966}" = AMD Media Foundation Decoders
"{53F7746A-96AA-49A5-86B8-59989680DAC5}" = Nero Burning ROM 11 Help (CHM)
"{56403FFF-145E-35C5-A090-96598BE57FB8}" = Microsoft Visual Basic 2008 Express Edition - DEU
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{59E4543A-D49D-4489-B445-473D763C79AF}" = Microsoft Games for Windows - LIVE Redistributable
"{5A08C9D1-37AD-4A8D-90D3-33F92C578AA5}" = Microsoft SQL Server System CLR Types
"{5BD39911-A12F-4562-98BA-A6E03E3370B1}" = Microsoft SQL Server 2008 Database Engine Services
"{5D412B61-F3A7-42C6-9C07-29BBD3D442B1}" = AVG 2013
"{6033673D-2530-4587-8AD0-EB059FC263F9}" = Crysis® 2
"{616C6F39-4CE1-3434-A665-2F6A04C09A7F}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{625FC7D1-656D-1BEC-F86F-3EACAFDAA8FE}" = CCC Help English
"{64E87E22-A6E5-4EA4-A14F-089BA2470D1D}" = Solid Edge ST5
"{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}" = Nero Update
"{681F4E9F-34E0-36BD-BF2C-100554E403A5}" = Microsoft Visual F# 2.0 Runtime Language Pack - DEU
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6A86554B-8928-30E4-A53C-D7337689134D}" = Microsoft Visual C++ 2010  x86 Runtime - 10.0.30319
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6CDEAD7E-F8D8-37F7-AB6F-1E22716E30F3}" = Microsoft Visual Studio Macro Tools
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{729A3000-BC8A-3B74-BA5D-5068FE12D70C}" = Microsoft Visual F# 2.0 Runtime
"{7351EEF8-9D6C-5F46-5A19-F2C7456CE132}" = CCC Help German
"{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}" = Adobe Photoshop CS6
"{759E97EC-9E3D-4F55-C321-7819C93F0887}" = ccc-utility
"{76285C16-411A-488A-BCE3-C83CB933D8CF}" = Battlefield 3™
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7B2CC3DF-64FA-44AE-8F57-B0F915147E4F}_is1" = Need For Speed™ World
"{7BEC151D-ADA9-3EA9-9273-99BA82881971}" = Microsoft Visual Studio 2010 SharePoint Developer Tools
"{7F172E34-4107-8964-6AEA-5051FFD265FF}" = CCC Help Portuguese
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86095E92-1959-8364-920E-82E81F64F8FB}" = Catalyst Control Center
"{86790597-5E41-47AF-A6E4-6295D0C21B8B}" = A1 Dashboard
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89D05F35-933A-89C0-B935-C92BEE4229BD}" = CCC Help French
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8DC910CD-8EE3-4ffc-A4EB-9B02701059C4}" = Battlefield Heroes
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{91F54E1D-804A-46D8-A56C-53EA9C4B3177}" = Microsoft Silverlight 3 SDK - Deutsch
"{929F5BFC-60F0-34EC-A50B-2001AAC03D56}" = Microsoft Team Foundation Server 2010 Object Model - DEU
"{92C5C058-E941-47C3-B7E8-38A79C605969}" = Microsoft SQL Server 2008 R2 Transact-SQL Language Service
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{959E4378-CCA1-E4E4-2425-793DA92E8D95}" = CCC Help Czech
"{96BB3C67-4EB4-9757-E0C2-C0D2FE9053B1}" = CCC Help Turkish
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{974F4B73-2017-E174-9070-3F58F01B341F}" = CCC Help Danish
"{97BA2B90-AF72-35CF-BFDC-E06531811B20}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"{98E20A18-3C29-86FA-50B4-918C2B34A082}" = CCC Help Hungarian
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AA2D735-3375-42D4-9A61-3FFEF82599D6}" = Unterstützungsdateien für Microsoft SQL Server 2008-Setup 
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C3B8582-A72A-4835-8903-877A834407BB}" = Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9E2E5EB3-DC6E-9277-E9DB-13175E7DDA39}" = CCC Help Dutch
"{A106D33E-6B43-42C0-9BFC-D03303261FA7}" = Microsoft SQL Server 2008 R2 Management Objects
"{A1683CA7-4850-4A21-982B-C6D853C79AF7}" = Mass Effect™ 3 Demo
"{A25FF1C0-80B6-4B8B-A551-DC525697A408}" = AMD APP SDK Runtime
"{A2EAE643-8804-9420-5DBE-2752D6957964}" = AMD Catalyst Install Manager
"{A498D9EB-927B-459B-85D6-DD6EF8C2C564}" = erLT
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAACC0A5-4382-04D0-C75E-0669C7B949B6}" = CCC Help Japanese
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AC41D924-8C68-4BD5-A7A1-0AE4176C31A6}" = Crystal Reports for Visual Studio
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{AC76BA86-7AD7-5464-3428-900000000004}" = Spelling Dictionaries Support For Adobe Reader 9
"{ACE28263-76A4-4BF5-B6F4-8BD719595969}" = Microsoft SQL Server Database Publishing Wizard 1.4
"{ACEF4078-9B86-2455-E18D-34D52D37D9D5}" = CCC Help Chinese Standard
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B1846721-A8E6-46C7-83B6-0DCF7ADB4267}" = Nero Burning ROM 11
"{B48E1FFD-A85D-45DB-9070-C06CDF6BD427}" = User's Guides
"{B5153233-9AEE-4CD4-9D2C-4FAAC870DBE2}" = Microsoft SQL Server 2008 Database Engine Services
"{B515962D-C979-44AC-9912-F7BB499B4B2C}" = VirtualDJ Home FREE
"{B55FB422-B803-11F5-5582-B3666EA1B9AC}" = Catalyst Control Center Localization All
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B8010864-15F8-613B-20EF-AC35B14B3E0D}" = CCC Help Russian
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BEBEE34D-84A2-4EDD-8BEA-96CC54371263}" = Nero Core Components 11
"{BFEAAE77-BD7F-4534-B286-9C5CB4697EB1}" = PDF Settings CS6
"{C07B8BC4-AFD9-3AA4-BDF5-330A07591FDE}" = Microsoft Windows SDK for Visual Studio 2008 Express Tools for .NET Framework
"{C1342411-5A98-DE8A-5629-D0C518E1C280}" = CCC Help Finnish
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C8773FDB-D0DB-BE52-D536-F48F9886B57B}" = Adobe Download Assistant
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{C965F01C-76EA-4BD7-973E-46236AE312D7}" = Sql Server Customer Experience Improvement Program
"{CAB81583-0310-43E1-8E33-0864985EDD67}" = trakAxPC
"{CAD6AA29-9CA1-384D-8034-566261CFCC9B}" = Microsoft Visual Studio 2010 Professional - DEU
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86
"{CCAC7E52-ECCE-3C4D-B1BE-BC2ACF1C1C0E}" = Microsoft Visual Basic 2010 Express - DEU
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CFCB8616-A5D1-4281-80E8-389F685BFAE2}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{D01CE99A-8802-483C-A79F-298B691EB432}" = Nero RescueAgent 11 Help (CHM)
"{D074DC76-F6C9-440E-A1D0-1DE958417FDB}" = Microsoft SQL Server VSS Writer
"{D08B4177-5160-6B66-8934-2F9012134D61}" = CCC Help Thai
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark 
"{D3120436-1358-4253-9EB2-257FFE8CE1D9}" = Logitech SetPoint 5.20
"{D34A6029-FB1A-9EA8-A938-5393F82A3A00}" = CCC Help Korean
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D4D66270-9147-4BDF-9946-FCA2B303AA8F}" = Nero ControlCenter 11 Help (CHM)
"{D6A6CFAD-CD86-482B-90D1-6FCC4E252ACD}" = Microsoft Sync Services for ADO.NET v2.0 SP1 (x86) de
"{D9941688-1BEF-79EF-0FD9-E0A67E2CFE0F}" = AMD Drag and Drop Transcoding
"{DA6FAB8D-E87A-4E8E-A3D3-B7B9F479C725}" = forteManager
"{DB0AF767-7CC7-4E4D-B6BE-A200F20A2FB1}" = Microsoft Sync Framework Runtime v1.0 SP1 (x86) de
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E0E55FC1-C53D-4F8D-B14B-B59C312747C8}" = LightScribe System Software
"{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding
"{E32260E7-0B10-43C7-9B77-AB9F4184676D}" = Microsoft SQL Server Compact 3.5 Design Tools DEU
"{E3355E5C-965C-4f67-8A8C-E9A0FA9FD80F}" = Rhinoceros 4.0 Testversion
"{E3A09D13-4D40-3CF8-7D32-8BD55F8D1533}" = CCC Help Spanish
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E4E9CBC9-1CF5-48E3-AF6F-1AB44A856346}" = Microsoft ASP.NET MVC 2 - DEU
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E6D22FE1-AB5F-42CA-9480-6F70B96DDD88}" = Need for Speed™ Undercover
"{EAF7B35C-DCBE-4032-9ABF-C35C43D07124}" = Microsoft Sync Framework Services v1.0 SP1 (x86) de
"{EB32EEAE-974F-34A3-80ED-704D509078D2}" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU
"{EC66418E-DAA2-36D5-809E-40BEC94E622A}" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F2C35491-9323-3AE7-6023-6B4128045153}" = CCC Help Swedish
"{F3494AB6-6900-41C6-AF57-823626827ED8}" = Microsoft SQL Server 2008 Database Engine Shared
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FC66A32F-1A57-AC5C-4F12-DAC2F4CB77A0}" = CCC Help Chinese Traditional
"{FF29527A-44CD-3422-945E-981A13584000}" = VC Runtimes MSI
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"{FF6F95A4-E59B-45C8-BEA8-0BDC8D9CAB51}" = Microsoft SQL Server 2008 Common Files
"A1 Dashboard" = A1 Dashboard
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVG" = AVG 2013
"Battlelog Web Plugins" = Battlelog Web Plugins
"burnatonce_is1" = burnatonce
"com.adobe.downloadassistant.AdobeDownloadAssistant" = Adobe Download Assistant
"DAEMON Tools Lite" = DAEMON Tools Lite
"Diablo III" = Diablo III
"ESN Sonar-0.70.4" = ESN Sonar
"Fraps" = Fraps (remove only)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4.7
"Free YouTube Download_is1" = Free YouTube Download version 2.10.30
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.10.11.923
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{2EFEAD58-3311-4B2B-9D8A-8D663581D109}" = Splashtop Streamer
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM)
"Lexmark 7600 Series" = Lexmark 7600 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"MatlabR2011a" = MATLAB R2011a
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Help Viewer 1.0 Language Pack - DEU" = Microsoft Help Viewer 1.0 Language Pack - DEU
"Microsoft SQL Server 10" = Microsoft SQL Server 2008
"Microsoft SQL Server 10 Release" = Microsoft SQL Server 2008
"Microsoft Team Foundation Server 2010 Object Model - DEU" = Microsoft Team Foundation Server 2010-Objektmodell - DEU
"Microsoft Visual Basic 2008 Express Edition - DEU" = Microsoft Visual Basic 2008 Express Edition - DEU
"Microsoft Visual Basic 2010 Express - DEU" = Microsoft Visual Basic 2010 Express - DEU
"Microsoft Visual Studio 2010 Professional - DEU" = Microsoft Visual Studio 2010 Professional - DEU
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86)" = Microsoft Visual Studio 2010 Tools for Office Runtime (x86)
"Microsoft Visual Studio 2010 Tools for Office Runtime (x86) Language Pack - DEU" = Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x86) Language Pack - DEU
"Microsoft Visual Studio Macro Tools" = Microsoft Visual Studio Macro Tools
"Microsoft Visual Studio Macro Tools - DEU Language Pack" = Microsoft Visual Studio Macro Tools - DEU Language Pack
"Mozilla Firefox 17.0.1 (x86 de)" = Mozilla Firefox 17.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"Origin" = Origin
"PunkBusterSvc" = PunkBuster Services
"Steam App 12910" = Audiosurf Demo
"Steam App 202970" = Call of Duty: Black Ops II
"Steam App 202990" = Call of Duty: Black Ops II - Multiplayer
"Steam App 212910" = Call of Duty: Black Ops II - Zombies
"Steam App 47410" = Stronghold Kingdoms
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"TeamViewer 7" = TeamViewer 7
"Uninstall_is1" = Uninstall 1.0.0.1
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR
"World of Warcraft" = World of Warcraft
"World of Warcraft Beta" = World of Warcraft Beta
"World of Warcraft Public Test" = World of Warcraft Public Test
"X10Hardware" = X10 Hardware(TM)
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"101a9f93b8f0bb6f" = Curse Client
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 03.03.2012 07:38:20 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 04.03.2012 09:30:10 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 09.03.2012 14:19:26 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f26de8a  Name des fehlerhaften Moduls: bf3.exe, Version: 1.0.0.0, Zeitstempel:
 0x4f26de8a  Ausnahmecode: 0xc0000005  Fehleroffset: 0x002a99d3  ID des fehlerhaften Prozesses:
 0x15ac  Startzeit der fehlerhaften Anwendung: 0x01ccfe178911b8dd  Pfad der fehlerhaften
 Anwendung: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Pfad des fehlerhaften
 Moduls: C:\Program Files\Origin Games\Battlefield 3\bf3.exe  Berichtskennung: 66df80fd-6a14-11e1-982b-6c626d500048
 
Error - 09.03.2012 15:51:04 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.03.2012 08:27:06 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 11.03.2012 14:18:31 | Computer Name = *****-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 16.03.2012 13:30:39 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 18.03.2012 15:32:28 | Computer Name = *****-PC | Source = Windows Backup | ID = 4104
Description = 
 
Error - 19.03.2012 05:56:27 | Computer Name = *****-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: svchost.exe_LanmanServer, Version:
 6.1.7600.16385, Zeitstempel: 0x4a5bc100  Name des fehlerhaften Moduls: unknown, Version:
 0.0.0.0, Zeitstempel: 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x00000000
ID
 des fehlerhaften Prozesses: 0x3f8  Startzeit der fehlerhaften Anwendung: 0x01cd05b682c1b636
Pfad
 der fehlerhaften Anwendung: C:\Windows\system32\svchost.exe  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: cb0e0993-71a9-11e1-aa20-6c626d500048
 
Error - 19.03.2012 07:33:32 | Computer Name = *****-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files\Microsoft
 Visual Studio 10.0\Common7\Packages\Debugger\X64\msvsmon.exe".  Die abhängige Assemblierung
 "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Media Center Events ]
Error - 30.08.2012 09:20:02 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:20:02 - Fehler beim Herstellen der Internetverbindung.  15:20:02 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 09:20:14 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 15:20:08 - Fehler beim Herstellen der Internetverbindung.  15:20:08 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 10:20:20 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:20:20 - Fehler beim Herstellen der Internetverbindung.  16:20:20 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 10:20:30 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 16:20:25 - Fehler beim Herstellen der Internetverbindung.  16:20:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 11:20:35 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:20:35 - Fehler beim Herstellen der Internetverbindung.  17:20:35 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 11:20:43 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 17:20:40 - Fehler beim Herstellen der Internetverbindung.  17:20:40 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 12:20:48 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 18:20:48 - Fehler beim Herstellen der Internetverbindung.  18:20:48 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 30.08.2012 12:20:56 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 18:20:53 - Fehler beim Herstellen der Internetverbindung.  18:20:53 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.10.2012 05:57:24 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 11:57:24 - Fehler beim Herstellen der Internetverbindung.  11:57:24 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.10.2012 05:58:05 | Computer Name = *****-PC | Source = MCUpdate | ID = 0
Description = 11:57:29 - Fehler beim Herstellen der Internetverbindung.  11:57:29 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 04.01.2013 10:47:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:47:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:48:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:48:43 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 04.01.2013 10:48:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:49:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:49:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:50:12 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
Error - 04.01.2013 10:50:42 | Computer Name = *****-PC | Source = WMPNetworkSvc | ID = 866300
Description = 
 
Error - 04.01.2013 10:50:42 | Computer Name = *****-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows-Verwaltungsinstrumentation" wurde mit folgendem
 Fehler beendet:   %%126
 
 
< End of report >
         
--- --- ---

Alt 04.01.2013, 15:46   #8
aharonov
/// TB-Ausbilder
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Das hier
Zitat:
C:\Users\*****\Documents\Office2010 key\Meek.Of.PPlus.2kX.32.de\mini-KMS_Activator_v1.052.exe (Riskware.Keygen)
SRV - [2003.04.18 18:06:26 | 000,008,192 | ---- | M] () [Auto | Stopped] -- C:\Windows\System32\srvany.exe -- (KMService)
C:\Users\*****\Games\New Folder\Call_of_Duty_keygen\rzr-cod4-keygen.exe (Trojan.Agent.CK)
ist leider nicht so toll. Du nutzt Keygens und betreibst eine nicht lizenzierte Version von MS Office Professional 2010.
Gemäss den Board-Regeln kann ich dir deshalb keinen weiteren Support zur Bereinigung des Rechners geben:
Dateien wie Crack.exe, Keygen.exe oder Patch.exe sind oder beinhalten sehr oft gefährliche Schädlinge, mit denen man nicht spassen sollte.
Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf eine Anleitung zum Neuaufsetzten.

Setz die Kiste neu auf, der Bundespolizeitrojaner hat dir einen Systemdienst zerschossen und zusätzlich hattest du dir auch noch einen unschönen Backdoor eingefangen.
__________________
cheers,
Leo

Alt 04.01.2013, 18:57   #9
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



oke O:

das hab ich net gewusst. habe den pc nämlich nicht neu gekauft sondern gebraucht von nem bekannten und der sagte ms offic ist auch installiert. -.-

wusste ich nicht das das ne illegale version ist :/

und das spiel hab ich noch nie gespielt war wahrscheinlich auch drauf

naja schade ):

und wenn ich win7 neu installiere muss ich ja ne neue lizenz kaufen oder wie funktioniert das

Alt 04.01.2013, 20:52   #10
aharonov
/// TB-Ausbilder
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Zitat:
das hab ich net gewusst.
Das glaub ich dir schon, aber es spielt keine Rolle. In diesem Zustand werden wir diesen Rechner nicht bereinigen.

Ich würd dir dringend anraten, das System neu aufzusetzen, das ist in keinem guten Zustand. Eine Anleitung dazu hab ich dir oben gegeben.
Dann ist es sicher wieder sauber und du bist die Altlasten deines Vorgängers los.


Zitat:
und wenn ich win7 neu installiere muss ich ja ne neue lizenz kaufen oder wie funktioniert das
Nein, wenn du eine gültige Lizenz hast, kannst du das Betriebssystem mit dieser so oft neu installieren wie du Lust hast.
__________________
cheers,
Leo

Alt 05.01.2013, 00:25   #11
troololol
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Okey werd ich machen danke

Letzte frage:

was wenn ich den virus mit zb meiner musik auf das neue system kopiere?

wie kann ich das verhindern ?

als erstes werd ich sowieso kaspersky securiti und antivir installieren aber kann ja trotzdem sein.

Alt 05.01.2013, 17:02   #12
aharonov
/// TB-Ausbilder
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Zitat:
als erstes werd ich sowieso kaspersky securiti und antivir installieren aber kann ja trotzdem sein.
Falls du das kostenlose Kaspersky Security Scan meinst, ist das ok. Aber installiere nur ein Antivirenprogramm mit Echtzeit-Schutz.


Zitat:
was wenn ich den virus mit zb meiner musik auf das neue system kopiere?
Dass du Malware in deinen Musikdateien hast, ist sehr unwahrscheinlich.


Zitat:
wie kann ich das verhindern ?
Indem du nur handverlesene persönliche Dokumente (wie Bilder, Musikdateien, Videos, Office-Dokumente, Emails) auf das neue System rübernimmst.
Keine Programme (z.B. Spiele) auf das neue System zu kopieren versuchen, sondern alles neu installieren. Keine exe-Dateien oder sonstige heruntergeladene ausführbare Dateien mitnehmen (schon gar nicht die Cracks!).
Beim neugemachten System aufpassen, dass du dich nicht gleich wieder über einen allfällig verseuchten externen Datenträger infizierst. Ich hänge dir unten eine Anleitung dazu an.



Externe Medien nach Infektion und Neuinstallation checken (by Petra)

Der wesentliche Trick bei der Desinfizierung der externen Laufwerke und Sticks besteht darin, dass sie richtig angeschlossen werden müssen. Auf ihnen ist (falls infiziert) eine Datei autorun.inf gespeichert, in der ein Befehl steht, der beim Anschluss ausgeführt wird. Der startet normalerweise eine Datei von dem externen Laufwerk.

Dieser Autorun-Mechanismus wird unterdrückt, wenn Du beim Anschliessen des Laufwerks die Shift-Taste (auf Deutsch: die Umschalttaste für die Grossbuchstaben) gedrückt hältst. Ich empfehle, das zur Gewohnheit zu machen. Funktioniert auch beim Einlegen von CDs/DVDs und kann dort schon mal die Installation eines Rootkitkopierschutzes verhindern. Autorun lässt sich in Windows auch deaktivieren: Schau mal hier. Dann brauchst Du nicht ans Tastedrücken denken.

Jedes externe Laufwerk nacheinander anschliessen (mit Shift). Wenn infiziert gibt es dort im Hauptverzeichnis eine autorun.inf. Ist eventuell versteckt, kann aber mit den Exploreroptionen von hier sichtbar gemacht werden. Die autorun.inf im Editor öffnen. Da steht drin, was ausgeführt werden soll. Diese ausführbare Datei (meist mit den Endungen .vbs oder .exe) auf dem Laufwerk suchen und löschen, danach die autorun.inf ebenfalls löschen.

Anleitungen: XP Pro - XP Home - Vista (deutsch) - Vista (english).

Anschliessend die externen Medien mit mindestens zwei Online-Scannern aus dieser Anleitung durchchecken lassen.
__________________
cheers,
Leo

Alt 06.01.2013, 23:24   #13
aharonov
/// TB-Ausbilder
 
PC langsam nach österreichischem Bundespolizei-Virus - Standard

PC langsam nach österreichischem Bundespolizei-Virus



Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Ich bekomme somit keine Benachrichtigung mehr über neue Antworten.
Solltest du das Thema erneut brauchen, schick mir bitte eine PM und wir machen hier weiter.

Jeder andere bitte diese Anleitung lesen und einen eigenen Thread erstellen.
__________________
cheers,
Leo

Antwort

Themen zu PC langsam nach österreichischem Bundespolizei-Virus
anti-malware, antivirus, auslastung, avg, backdoor.spynet, black, bundespolizei-virus, computer, dienst, exploit.drop.gsa, langsam, malwarebytes, pc langsam, programme, pup.offerbundler.st, quarantäne, ram auslastung, riskware.keygen, scannen, sicherheitscenter, spinnt, starten, steam, trojan.agent.ck, trojan.fakealert, trojan.fakems, trojan.ransom.sugen, windows



Ähnliche Themen: PC langsam nach österreichischem Bundespolizei-Virus


  1. Win7 Ultimtate 64bit; nach Bundespolizei-Virus; kein Rechtsklick; nichts installierbar; Speicher auf Festplatte immer voll
    Plagegeister aller Art und deren Bekämpfung - 17.02.2015 (21)
  2. win7 nach merkel virus neu gemacht - trotdem inet download sehr langsam
    Log-Analyse und Auswertung - 02.11.2014 (7)
  3. Videos stoppen nach ein paar Sekunden und alles läuft langsam nach einem Virenscann von Avast.
    Log-Analyse und Auswertung - 03.08.2014 (7)
  4. Virus auf den PC / Virenschutz automatisch entfernt/PC fährt sich nach belieben herunter/Sehr langsam
    Plagegeister aller Art und deren Bekämpfung - 26.04.2014 (1)
  5. Windows XP: Sperrschirm nach Bundespolizei-Virus
    Log-Analyse und Auswertung - 02.02.2014 (9)
  6. Rechner startet und arbeitet langsam nach smart protection virus
    Log-Analyse und Auswertung - 23.01.2014 (9)
  7. Nach Bka Virus PC extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 30.05.2013 (31)
  8. Bundespolizei - rechner ganz langsam
    Plagegeister aller Art und deren Bekämpfung - 11.08.2012 (6)
  9. Laptop läuft langsam nach Bundespolizei-Trojaner trotz neuem System
    Plagegeister aller Art und deren Bekämpfung - 25.06.2012 (1)
  10. Bundespolizei Trojaner - weg nach Systemwiederherstellung?
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
  11. Gema virus - bundespolizei Virus - popup
    Plagegeister aller Art und deren Bekämpfung - 13.04.2012 (21)
  12. Nach BKA/Bundespolizei Virus : keine Taskleiste & keine Icons !!
    Plagegeister aller Art und deren Bekämpfung - 08.11.2011 (4)
  13. Bundespolizei nach Facebook Nachricht
    Log-Analyse und Auswertung - 04.11.2011 (1)
  14. Malware-log nach Bundespolizei-trojaner
    Log-Analyse und Auswertung - 01.09.2011 (5)
  15. Bundespolizei-Trojaner nach Systemwiederherstellung
    Log-Analyse und Auswertung - 12.08.2011 (34)
  16. Laptop nach Virus sehr langsam
    Log-Analyse und Auswertung - 08.05.2009 (7)
  17. Beide Computer langsam - einer nach 3 Minuten sogar extrem langsam
    Log-Analyse und Auswertung - 09.06.2006 (7)

Zum Thema PC langsam nach österreichischem Bundespolizei-Virus - Begrüße! ich habe mir zu weihnachten diesen bundespolizeivirus eingefangen(österreichische version falls das was zur sache tut). dann habe ich mal Malwarebytes' Anti-Malware und avg free antivirus scannen lassen - beide - PC langsam nach österreichischem Bundespolizei-Virus...
Archiv
Du betrachtest: PC langsam nach österreichischem Bundespolizei-Virus auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.